Commit | Line | Data |
---|---|---|
2e4e6a17 HW |
1 | #ifndef _X_TABLES_H |
2 | #define _X_TABLES_H | |
3 | ||
4 | #define XT_FUNCTION_MAXNAMELEN 30 | |
5 | #define XT_TABLE_MAXNAMELEN 32 | |
6 | ||
7 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision | |
8 | * kernel supports, if >= revision. */ | |
9 | struct xt_get_revision | |
10 | { | |
11 | char name[XT_FUNCTION_MAXNAMELEN-1]; | |
12 | ||
13 | u_int8_t revision; | |
14 | }; | |
15 | ||
16 | /* CONTINUE verdict for targets */ | |
17 | #define XT_CONTINUE 0xFFFFFFFF | |
18 | ||
19 | /* For standard target */ | |
20 | #define XT_RETURN (-NF_REPEAT - 1) | |
21 | ||
6fbfc968 DM |
22 | /* this is a dummy structure to find out the alignment requirement for a struct |
23 | * containing all the fundamental data types that are used in ipt_entry, | |
24 | * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my | |
25 | * personal pleasure to remove it -HW | |
26 | */ | |
27 | struct _xt_align | |
28 | { | |
29 | u_int8_t u8; | |
30 | u_int16_t u16; | |
31 | u_int32_t u32; | |
32 | u_int64_t u64; | |
33 | }; | |
34 | ||
35 | #define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) \ | |
36 | & ~(__alignof__(struct _xt_align)-1)) | |
2e4e6a17 HW |
37 | |
38 | /* Standard return verdict, or do jump. */ | |
39 | #define XT_STANDARD_TARGET "" | |
40 | /* Error verdict. */ | |
41 | #define XT_ERROR_TARGET "ERROR" | |
42 | ||
43 | /* | |
44 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | |
45 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | |
46 | * socket for this. Instead we check rights in the calls. */ | |
47 | #define XT_BASE_CTL 64 /* base for firewall socket options */ | |
48 | ||
49 | #define XT_SO_SET_REPLACE (XT_BASE_CTL) | |
50 | #define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1) | |
51 | #define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS | |
52 | ||
53 | #define XT_SO_GET_INFO (XT_BASE_CTL) | |
54 | #define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1) | |
55 | #define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2) | |
56 | #define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3) | |
57 | #define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | |
58 | ||
59 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) | |
60 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) | |
61 | ||
62 | struct xt_counters | |
63 | { | |
64 | u_int64_t pcnt, bcnt; /* Packet and byte counters */ | |
65 | }; | |
66 | ||
67 | /* The argument to IPT_SO_ADD_COUNTERS. */ | |
68 | struct xt_counters_info | |
69 | { | |
70 | /* Which table. */ | |
71 | char name[XT_TABLE_MAXNAMELEN]; | |
72 | ||
73 | unsigned int num_counters; | |
74 | ||
75 | /* The counters (actually `number' of these). */ | |
76 | struct xt_counters counters[0]; | |
77 | }; | |
78 | ||
79 | #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ | |
80 | ||
81 | #ifdef __KERNEL__ | |
82 | ||
83 | #include <linux/netdevice.h> | |
84 | ||
85 | #define ASSERT_READ_LOCK(x) | |
86 | #define ASSERT_WRITE_LOCK(x) | |
87 | #include <linux/netfilter_ipv4/listhelp.h> | |
88 | ||
89 | struct xt_match | |
90 | { | |
91 | struct list_head list; | |
92 | ||
93 | const char name[XT_FUNCTION_MAXNAMELEN-1]; | |
94 | ||
2e4e6a17 HW |
95 | /* Return true or false: return FALSE and set *hotdrop = 1 to |
96 | force immediate packet drop. */ | |
97 | /* Arguments changed since 2.6.9, as this must now handle | |
98 | non-linear skb, using skb_header_pointer and | |
99 | skb_ip_make_writable. */ | |
100 | int (*match)(const struct sk_buff *skb, | |
101 | const struct net_device *in, | |
102 | const struct net_device *out, | |
103 | const void *matchinfo, | |
104 | int offset, | |
105 | unsigned int protoff, | |
106 | int *hotdrop); | |
107 | ||
108 | /* Called when user tries to insert an entry of this type. */ | |
109 | /* Should return true or false. */ | |
110 | int (*checkentry)(const char *tablename, | |
111 | const void *ip, | |
112 | void *matchinfo, | |
113 | unsigned int matchinfosize, | |
114 | unsigned int hook_mask); | |
115 | ||
116 | /* Called when entry of this type deleted. */ | |
117 | void (*destroy)(void *matchinfo, unsigned int matchinfosize); | |
118 | ||
119 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | |
120 | struct module *me; | |
37f9f733 PM |
121 | |
122 | char *table; | |
123 | unsigned int matchsize; | |
124 | unsigned int hooks; | |
125 | unsigned short proto; | |
126 | u_int8_t revision; | |
2e4e6a17 HW |
127 | }; |
128 | ||
129 | /* Registration hooks for targets. */ | |
130 | struct xt_target | |
131 | { | |
132 | struct list_head list; | |
133 | ||
134 | const char name[XT_FUNCTION_MAXNAMELEN-1]; | |
135 | ||
2e4e6a17 HW |
136 | /* Returns verdict. Argument order changed since 2.6.9, as this |
137 | must now handle non-linear skbs, using skb_copy_bits and | |
138 | skb_ip_make_writable. */ | |
139 | unsigned int (*target)(struct sk_buff **pskb, | |
140 | const struct net_device *in, | |
141 | const struct net_device *out, | |
142 | unsigned int hooknum, | |
143 | const void *targinfo, | |
144 | void *userdata); | |
145 | ||
146 | /* Called when user tries to insert an entry of this type: | |
147 | hook_mask is a bitmask of hooks from which it can be | |
148 | called. */ | |
149 | /* Should return true or false. */ | |
150 | int (*checkentry)(const char *tablename, | |
151 | const void *entry, | |
152 | void *targinfo, | |
153 | unsigned int targinfosize, | |
154 | unsigned int hook_mask); | |
155 | ||
156 | /* Called when entry of this type deleted. */ | |
157 | void (*destroy)(void *targinfo, unsigned int targinfosize); | |
158 | ||
159 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | |
160 | struct module *me; | |
37f9f733 PM |
161 | |
162 | char *table; | |
163 | unsigned int targetsize; | |
164 | unsigned int hooks; | |
165 | unsigned short proto; | |
166 | u_int8_t revision; | |
2e4e6a17 HW |
167 | }; |
168 | ||
169 | /* Furniture shopping... */ | |
170 | struct xt_table | |
171 | { | |
172 | struct list_head list; | |
173 | ||
174 | /* A unique name... */ | |
175 | char name[XT_TABLE_MAXNAMELEN]; | |
176 | ||
177 | /* What hooks you will enter on */ | |
178 | unsigned int valid_hooks; | |
179 | ||
180 | /* Lock for the curtain */ | |
181 | rwlock_t lock; | |
182 | ||
183 | /* Man behind the curtain... */ | |
184 | //struct ip6t_table_info *private; | |
185 | void *private; | |
186 | ||
187 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | |
188 | struct module *me; | |
189 | ||
190 | int af; /* address/protocol family */ | |
191 | }; | |
192 | ||
193 | #include <linux/netfilter_ipv4.h> | |
194 | ||
195 | /* The table itself */ | |
196 | struct xt_table_info | |
197 | { | |
198 | /* Size per table */ | |
199 | unsigned int size; | |
200 | /* Number of entries: FIXME. --RR */ | |
201 | unsigned int number; | |
202 | /* Initial number of entries. Needed for module usage count */ | |
203 | unsigned int initial_entries; | |
204 | ||
205 | /* Entry points and underflows */ | |
206 | unsigned int hook_entry[NF_IP_NUMHOOKS]; | |
207 | unsigned int underflow[NF_IP_NUMHOOKS]; | |
208 | ||
209 | /* ipt_entry tables: one per CPU */ | |
210 | char *entries[NR_CPUS]; | |
211 | }; | |
212 | ||
213 | extern int xt_register_target(int af, struct xt_target *target); | |
214 | extern void xt_unregister_target(int af, struct xt_target *target); | |
215 | extern int xt_register_match(int af, struct xt_match *target); | |
216 | extern void xt_unregister_match(int af, struct xt_match *target); | |
217 | ||
37f9f733 PM |
218 | extern int xt_check_match(const struct xt_match *match, unsigned short family, |
219 | unsigned int size, const char *table, unsigned int hook, | |
220 | unsigned short proto, int inv_proto); | |
221 | extern int xt_check_target(const struct xt_target *target, unsigned short family, | |
222 | unsigned int size, const char *table, unsigned int hook, | |
223 | unsigned short proto, int inv_proto); | |
224 | ||
2e4e6a17 HW |
225 | extern int xt_register_table(struct xt_table *table, |
226 | struct xt_table_info *bootstrap, | |
227 | struct xt_table_info *newinfo); | |
228 | extern void *xt_unregister_table(struct xt_table *table); | |
229 | ||
230 | extern struct xt_table_info *xt_replace_table(struct xt_table *table, | |
231 | unsigned int num_counters, | |
232 | struct xt_table_info *newinfo, | |
233 | int *error); | |
234 | ||
235 | extern struct xt_match *xt_find_match(int af, const char *name, u8 revision); | |
236 | extern struct xt_target *xt_find_target(int af, const char *name, u8 revision); | |
237 | extern struct xt_target *xt_request_find_target(int af, const char *name, | |
238 | u8 revision); | |
239 | extern int xt_find_revision(int af, const char *name, u8 revision, int target, | |
240 | int *err); | |
241 | ||
242 | extern struct xt_table *xt_find_table_lock(int af, const char *name); | |
243 | extern void xt_table_unlock(struct xt_table *t); | |
244 | ||
245 | extern int xt_proto_init(int af); | |
246 | extern void xt_proto_fini(int af); | |
247 | ||
248 | extern struct xt_table_info *xt_alloc_table_info(unsigned int size); | |
249 | extern void xt_free_table_info(struct xt_table_info *info); | |
250 | ||
251 | #endif /* __KERNEL__ */ | |
252 | ||
253 | #endif /* _X_TABLES_H */ |