projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
| Commit | Line | Data |
|---|---|---|
| 2e4e6a17 HW |
1 | #ifndef _X_TABLES_H |
| 2 | #define _X_TABLES_H | |
| 3 | ||
| 4 | #define XT_FUNCTION_MAXNAMELEN 30 | |
| 5 | #define XT_TABLE_MAXNAMELEN 32 | |
| 6 | ||
| 7 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision | |
| 8 | * kernel supports, if >= revision. */ | |
| 9 | struct xt_get_revision | |
| 10 | { | |
| 11 | char name[XT_FUNCTION_MAXNAMELEN-1]; | |
| 12 | ||
| 13 | u_int8_t revision; | |
| 14 | }; | |
| 15 | ||
| 16 | /* CONTINUE verdict for targets */ | |
| 17 | #define XT_CONTINUE 0xFFFFFFFF | |
| 18 | ||
| 19 | /* For standard target */ | |
| 20 | #define XT_RETURN (-NF_REPEAT - 1) | |
| 21 | ||
| 6fbfc968 DM |
22 | /* this is a dummy structure to find out the alignment requirement for a struct |
| 23 | * containing all the fundamental data types that are used in ipt_entry, | |
| 24 | * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my | |
| 25 | * personal pleasure to remove it -HW | |
| 26 | */ | |
| 27 | struct _xt_align | |
| 28 | { | |
| 29 | u_int8_t u8; | |
| 30 | u_int16_t u16; | |
| 31 | u_int32_t u32; | |
| 32 | u_int64_t u64; | |
| 33 | }; | |
| 34 | ||
| 35 | #define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) \ | |
| 36 | & ~(__alignof__(struct _xt_align)-1)) | |
| 2e4e6a17 HW |
37 | |
| 38 | /* Standard return verdict, or do jump. */ | |
| 39 | #define XT_STANDARD_TARGET "" | |
| 40 | /* Error verdict. */ | |
| 41 | #define XT_ERROR_TARGET "ERROR" | |
| 42 | ||
| 43 | /* | |
| 44 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | |
| 45 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | |
| 46 | * socket for this. Instead we check rights in the calls. */ | |
| 47 | #define XT_BASE_CTL 64 /* base for firewall socket options */ | |
| 48 | ||
| 49 | #define XT_SO_SET_REPLACE (XT_BASE_CTL) | |
| 50 | #define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1) | |
| 51 | #define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS | |
| 52 | ||
| 53 | #define XT_SO_GET_INFO (XT_BASE_CTL) | |
| 54 | #define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1) | |
| 55 | #define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2) | |
| 56 | #define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3) | |
| 57 | #define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | |
| 58 | ||
| 59 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) | |
| 60 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) | |
| 61 | ||
| 62 | struct xt_counters | |
| 63 | { | |
| 64 | u_int64_t pcnt, bcnt; /* Packet and byte counters */ | |
| 65 | }; | |
| 66 | ||
| 67 | /* The argument to IPT_SO_ADD_COUNTERS. */ | |
| 68 | struct xt_counters_info | |
| 69 | { | |
| 70 | /* Which table. */ | |
| 71 | char name[XT_TABLE_MAXNAMELEN]; | |
| 72 | ||
| 73 | unsigned int num_counters; | |
| 74 | ||
| 75 | /* The counters (actually `number' of these). */ | |
| 76 | struct xt_counters counters[0]; | |
| 77 | }; | |
| 78 | ||
| 79 | #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ | |
| 80 | ||
| 81 | #ifdef __KERNEL__ | |
| 82 | ||
| 83 | #include <linux/netdevice.h> | |
| 84 | ||
| 85 | #define ASSERT_READ_LOCK(x) | |
| 86 | #define ASSERT_WRITE_LOCK(x) | |
| 87 | #include <linux/netfilter_ipv4/listhelp.h> | |
| 88 | ||
| 89 | struct xt_match | |
| 90 | { | |
| 91 | struct list_head list; | |
| 92 | ||
| 93 | const char name[XT_FUNCTION_MAXNAMELEN-1]; | |
| 94 | ||
| 2e4e6a17 HW |
95 | /* Return true or false: return FALSE and set *hotdrop = 1 to |
| 96 | force immediate packet drop. */ | |
| 97 | /* Arguments changed since 2.6.9, as this must now handle | |
| 98 | non-linear skb, using skb_header_pointer and | |
| 99 | skb_ip_make_writable. */ | |
| 100 | int (*match)(const struct sk_buff *skb, | |
| 101 | const struct net_device *in, | |
| 102 | const struct net_device *out, | |
| 103 | const void *matchinfo, | |
| 104 | int offset, | |
| 105 | unsigned int protoff, | |
| 106 | int *hotdrop); | |
| 107 | ||
| 108 | /* Called when user tries to insert an entry of this type. */ | |
| 109 | /* Should return true or false. */ | |
| 110 | int (*checkentry)(const char *tablename, | |
| 111 | const void *ip, | |
| 112 | void *matchinfo, | |
| 113 | unsigned int matchinfosize, | |
| 114 | unsigned int hook_mask); | |
| 115 | ||
| 116 | /* Called when entry of this type deleted. */ | |
| 117 | void (*destroy)(void *matchinfo, unsigned int matchinfosize); | |
| 118 | ||
| 119 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | |
| 120 | struct module *me; | |
| 37f9f733 PM |
121 | |
| 122 | char *table; | |
| 123 | unsigned int matchsize; | |
| 124 | unsigned int hooks; | |
| 125 | unsigned short proto; | |
| 126 | u_int8_t revision; | |
| 2e4e6a17 HW |
127 | }; |
| 128 | ||
| 129 | /* Registration hooks for targets. */ | |
| 130 | struct xt_target | |
| 131 | { | |
| 132 | struct list_head list; | |
| 133 | ||
| 134 | const char name[XT_FUNCTION_MAXNAMELEN-1]; | |
| 135 | ||
| 2e4e6a17 HW |
136 | /* Returns verdict. Argument order changed since 2.6.9, as this |
| 137 | must now handle non-linear skbs, using skb_copy_bits and | |
| 138 | skb_ip_make_writable. */ | |
| 139 | unsigned int (*target)(struct sk_buff **pskb, | |
| 140 | const struct net_device *in, | |
| 141 | const struct net_device *out, | |
| 142 | unsigned int hooknum, | |
| 143 | const void *targinfo, | |
| 144 | void *userdata); | |
| 145 | ||
| 146 | /* Called when user tries to insert an entry of this type: | |
| 147 | hook_mask is a bitmask of hooks from which it can be | |
| 148 | called. */ | |
| 149 | /* Should return true or false. */ | |
| 150 | int (*checkentry)(const char *tablename, | |
| 151 | const void *entry, | |
| 152 | void *targinfo, | |
| 153 | unsigned int targinfosize, | |
| 154 | unsigned int hook_mask); | |
| 155 | ||
| 156 | /* Called when entry of this type deleted. */ | |
| 157 | void (*destroy)(void *targinfo, unsigned int targinfosize); | |
| 158 | ||
| 159 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | |
| 160 | struct module *me; | |
| 37f9f733 PM |
161 | |
| 162 | char *table; | |
| 163 | unsigned int targetsize; | |
| 164 | unsigned int hooks; | |
| 165 | unsigned short proto; | |
| 166 | u_int8_t revision; | |
| 2e4e6a17 HW |
167 | }; |
| 168 | ||
| 169 | /* Furniture shopping... */ | |
| 170 | struct xt_table | |
| 171 | { | |
| 172 | struct list_head list; | |
| 173 | ||
| 174 | /* A unique name... */ | |
| 175 | char name[XT_TABLE_MAXNAMELEN]; | |
| 176 | ||
| 177 | /* What hooks you will enter on */ | |
| 178 | unsigned int valid_hooks; | |
| 179 | ||
| 180 | /* Lock for the curtain */ | |
| 181 | rwlock_t lock; | |
| 182 | ||
| 183 | /* Man behind the curtain... */ | |
| 184 | //struct ip6t_table_info *private; | |
| 185 | void *private; | |
| 186 | ||
| 187 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | |
| 188 | struct module *me; | |
| 189 | ||
| 190 | int af; /* address/protocol family */ | |
| 191 | }; | |
| 192 | ||
| 193 | #include <linux/netfilter_ipv4.h> | |
| 194 | ||
| 195 | /* The table itself */ | |
| 196 | struct xt_table_info | |
| 197 | { | |
| 198 | /* Size per table */ | |
| 199 | unsigned int size; | |
| 200 | /* Number of entries: FIXME. --RR */ | |
| 201 | unsigned int number; | |
| 202 | /* Initial number of entries. Needed for module usage count */ | |
| 203 | unsigned int initial_entries; | |
| 204 | ||
| 205 | /* Entry points and underflows */ | |
| 206 | unsigned int hook_entry[NF_IP_NUMHOOKS]; | |
| 207 | unsigned int underflow[NF_IP_NUMHOOKS]; | |
| 208 | ||
| 209 | /* ipt_entry tables: one per CPU */ | |
| 210 | char *entries[NR_CPUS]; | |
| 211 | }; | |
| 212 | ||
| 213 | extern int xt_register_target(int af, struct xt_target *target); | |
| 214 | extern void xt_unregister_target(int af, struct xt_target *target); | |
| 215 | extern int xt_register_match(int af, struct xt_match *target); | |
| 216 | extern void xt_unregister_match(int af, struct xt_match *target); | |
| 217 | ||
| 37f9f733 PM |
218 | extern int xt_check_match(const struct xt_match *match, unsigned short family, |
| 219 | unsigned int size, const char *table, unsigned int hook, | |
| 220 | unsigned short proto, int inv_proto); | |
| 221 | extern int xt_check_target(const struct xt_target *target, unsigned short family, | |
| 222 | unsigned int size, const char *table, unsigned int hook, | |
| 223 | unsigned short proto, int inv_proto); | |
| 224 | ||
| 2e4e6a17 HW |
225 | extern int xt_register_table(struct xt_table *table, |
| 226 | struct xt_table_info *bootstrap, | |
| 227 | struct xt_table_info *newinfo); | |
| 228 | extern void *xt_unregister_table(struct xt_table *table); | |
| 229 | ||
| 230 | extern struct xt_table_info *xt_replace_table(struct xt_table *table, | |
| 231 | unsigned int num_counters, | |
| 232 | struct xt_table_info *newinfo, | |
| 233 | int *error); | |
| 234 | ||
| 235 | extern struct xt_match *xt_find_match(int af, const char *name, u8 revision); | |
| 236 | extern struct xt_target *xt_find_target(int af, const char *name, u8 revision); | |
| 237 | extern struct xt_target *xt_request_find_target(int af, const char *name, | |
| 238 | u8 revision); | |
| 239 | extern int xt_find_revision(int af, const char *name, u8 revision, int target, | |
| 240 | int *err); | |
| 241 | ||
| 242 | extern struct xt_table *xt_find_table_lock(int af, const char *name); | |
| 243 | extern void xt_table_unlock(struct xt_table *t); | |
| 244 | ||
| 245 | extern int xt_proto_init(int af); | |
| 246 | extern void xt_proto_fini(int af); | |
| 247 | ||
| 248 | extern struct xt_table_info *xt_alloc_table_info(unsigned int size); | |
| 249 | extern void xt_free_table_info(struct xt_table_info *info); | |
| 250 | ||
| 251 | #endif /* __KERNEL__ */ | |
| 252 | ||
| 253 | #endif /* _X_TABLES_H */ |