projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netfilter: xtables: deconstify struct xt_action_param for matches
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / include / linux / netfilter / x_tables.h
CommitLineData
2e4e6a17
HW		 1#ifndef _X_TABLES_H
2#define _X_TABLES_H
a79ff731 3#include <linux/kernel.h>
60c195c7
AB		 4#include <linux/types.h>
5
2e4e6a17 6#define XT_FUNCTION_MAXNAMELEN 30
4b2cbd42 7#define XT_EXTENSION_MAXNAMELEN 29
2e4e6a17
HW		 8#define XT_TABLE_MAXNAMELEN 32
9
d94d9fee 10struct xt_entry_match {
1e30a014
DM		 11 union {
12 struct {
60c195c7 13 __u16 match_size;
1e30a014
DM		 14
15 /* Used by userspace */
4b2cbd42 16 char name[XT_EXTENSION_MAXNAMELEN];
60c195c7 17 __u8 revision;
1e30a014
DM		 18 } user;
19 struct {
60c195c7 20 __u16 match_size;
1e30a014
DM		 21
22 /* Used inside the kernel */
23 struct xt_match *match;
24 } kernel;
25
26 /* Total length */
60c195c7 27 __u16 match_size;
1e30a014
DM		 28 } u;
29
30 unsigned char data[0];
31};
32
d94d9fee 33struct xt_entry_target {
1e30a014
DM		 34 union {
35 struct {
60c195c7 36 __u16 target_size;
1e30a014
DM		 37
38 /* Used by userspace */
4b2cbd42 39 char name[XT_EXTENSION_MAXNAMELEN];
60c195c7 40 __u8 revision;
1e30a014
DM		 41 } user;
42 struct {
60c195c7 43 __u16 target_size;
1e30a014
DM		 44
45 /* Used inside the kernel */
46 struct xt_target *target;
47 } kernel;
48
49 /* Total length */
60c195c7 50 __u16 target_size;
1e30a014
DM		 51 } u;
52
53 unsigned char data[0];
54};
55
3c2ad469
PM		 56#define XT_TARGET_INIT(__name, __size) \
57{ \
58 .target.u.user = { \
59 .target_size = XT_ALIGN(__size), \
60 .name = __name, \
61 }, \
62}
63
d94d9fee 64struct xt_standard_target {
1e30a014
DM		 65 struct xt_entry_target target;
66 int verdict;
67};
68
2e4e6a17
HW		 69/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
70 * kernel supports, if >= revision. */
d94d9fee 71struct xt_get_revision {
4b2cbd42 72 char name[XT_EXTENSION_MAXNAMELEN];
60c195c7 73 __u8 revision;
2e4e6a17
HW		 74};
75
76/* CONTINUE verdict for targets */
77#define XT_CONTINUE 0xFFFFFFFF
78
79/* For standard target */
80#define XT_RETURN (-NF_REPEAT - 1)
81
6fbfc968
DM		 82/* this is a dummy structure to find out the alignment requirement for a struct
83 * containing all the fundamental data types that are used in ipt_entry,
84 * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
85 * personal pleasure to remove it -HW
86 */
d94d9fee 87struct _xt_align {
60c195c7
AB		 88 __u8 u8;
89 __u16 u16;
90 __u32 u32;
91 __u64 u64;
6fbfc968
DM		 92};
93
a79ff731 94#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
2e4e6a17
HW		 95
96/* Standard return verdict, or do jump. */
97#define XT_STANDARD_TARGET ""
98/* Error verdict. */
99#define XT_ERROR_TARGET "ERROR"
100
2e4e6a17
HW		 101#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
102#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
103
d94d9fee 104struct xt_counters {
60c195c7 105 __u64 pcnt, bcnt; /* Packet and byte counters */
2e4e6a17
HW		 106};
107
108/* The argument to IPT_SO_ADD_COUNTERS. */
d94d9fee 109struct xt_counters_info {
2e4e6a17
HW		 110 /* Which table. */
111 char name[XT_TABLE_MAXNAMELEN];
112
113 unsigned int num_counters;
114
115 /* The counters (actually `number' of these). */
116 struct xt_counters counters[0];
117};
118
119#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
120
dcea992a 121#ifndef __KERNEL__
89c002d6
PM		 122/* fn returns 0 to continue iteration */
123#define XT_MATCH_ITERATE(type, e, fn, args...) \
124({ \
125 unsigned int __i; \
126 int __ret = 0; \
127 struct xt_entry_match *__m; \
128 \
129 for (__i = sizeof(type); \
130 __i < (e)->target_offset; \
131 __i += __m->u.match_size) { \
132 __m = (void *)e + __i; \
133 \
134 __ret = fn(__m , ## args); \
135 if (__ret != 0) \
136 break; \
137 } \
138 __ret; \
139})
140
141/* fn returns 0 to continue iteration */
142#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
143({ \
144 unsigned int __i, __n; \
145 int __ret = 0; \
146 type *__entry; \
147 \
148 for (__i = 0, __n = 0; __i < (size); \
149 __i += __entry->next_offset, __n++) { \
150 __entry = (void *)(entries) + __i; \
151 if (__n < n) \
152 continue; \
153 \
154 __ret = fn(__entry , ## args); \
155 if (__ret != 0) \
156 break; \
157 } \
158 __ret; \
159})
160
161/* fn returns 0 to continue iteration */
162#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
163 XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
164
72b2b1dd
JE		 165#endif /* !__KERNEL__ */
166
167/* pos is normally a struct ipt_entry/ip6t_entry/etc. */
168#define xt_entry_foreach(pos, ehead, esize) \
169 for ((pos) = (typeof(pos))(ehead); \
170 (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
171 (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
172
dcea992a
JE		 173/* can only be xt_entry_match, so no use of typeof here */
174#define xt_ematch_foreach(pos, entry) \
175 for ((pos) = (struct xt_entry_match *)entry->elems; \
176 (pos) < (struct xt_entry_match *)((char *)(entry) + \
177 (entry)->target_offset); \
178 (pos) = (struct xt_entry_match *)((char *)(pos) + \
179 (pos)->u.match_size))
180
2e4e6a17
HW		 181#ifdef __KERNEL__
182
183#include <linux/netdevice.h>
184
f7108a20 185/**
de74c169 186 * struct xt_action_param - parameters for matches/targets
f7108a20 187 *
de74c169
JE		 188 * @match: the match extension
189 * @target: the target extension
190 * @matchinfo: per-match data
191 * @targetinfo: per-target data
f7108a20
JE		 192 * @in: input netdevice
193 * @out: output netdevice
f7108a20
JE		 194 * @fragoff: packet is a fragment, this is the data offset
195 * @thoff: position of transport header relative to skb->data
a5e78820 196 * @hook: hook number given packet came from
916a917d
JE		 197 * @family: Actual NFPROTO_* through which the function is invoked
198 * (helpful when match->family == NFPROTO_UNSPEC)
a5e78820 199 * @hotdrop: drop packet if we had inspection problems
16599786 200 * Network namespace obtainable using dev_net(in/out)
f7108a20 201 */
de74c169
JE		 202struct xt_action_param {
203 union {
204 const struct xt_match *match;
205 const struct xt_target *target;
206 };
207 union {
208 const void *matchinfo, *targinfo;
209 };
f7108a20 210 const struct net_device *in, *out;
f7108a20
JE		 211 int fragoff;
212 unsigned int thoff;
a5e78820 213 unsigned int hooknum;
916a917d 214 u_int8_t family;
a5e78820 215 bool *hotdrop;
f7108a20
JE		 216};
217
9b4fce7a
JE		 218/**
219 * struct xt_mtchk_param - parameters for match extensions'
220 * checkentry functions
221 *
16599786 222 * @net: network namespace through which the check was invoked
9b4fce7a
JE		 223 * @table: table the rule is tried to be inserted into
224 * @entryinfo: the family-specific rule data
16599786 225 * (struct ipt_ip, ip6t_ip, arpt_arp or (note) ebt_entry)
9b4fce7a
JE		 226 * @match: struct xt_match through which this function was invoked
227 * @matchinfo: per-match data
228 * @hook_mask: via which hooks the new rule is reachable
16599786 229 * Other fields as above.
9b4fce7a
JE		 230 */
231struct xt_mtchk_param {
a83d8e8d 232 struct net *net;
9b4fce7a
JE		 233 const char *table;
234 const void *entryinfo;
235 const struct xt_match *match;
236 void *matchinfo;
237 unsigned int hook_mask;
916a917d 238 u_int8_t family;
9b4fce7a
JE		 239};
240
16599786
JE		 241/**
242 * struct xt_mdtor_param - match destructor parameters
243 * Fields as above.
244 */
6be3d859 245struct xt_mtdtor_param {
f54e9367 246 struct net *net;
6be3d859
JE		 247 const struct xt_match *match;
248 void *matchinfo;
916a917d 249 u_int8_t family;
6be3d859
JE		 250};
251
af5d6dc2
JE		 252/**
253 * struct xt_tgchk_param - parameters for target extensions'
254 * checkentry functions
255 *
256 * @entryinfo: the family-specific rule data
257 * (struct ipt_entry, ip6t_entry, arpt_entry, ebt_entry)
258 *
259 * Other fields see above.
260 */
261struct xt_tgchk_param {
add67461 262 struct net *net;
af5d6dc2 263 const char *table;
f79fca55 264 const void *entryinfo;
af5d6dc2
JE		 265 const struct xt_target *target;
266 void *targinfo;
267 unsigned int hook_mask;
916a917d 268 u_int8_t family;
af5d6dc2
JE		 269};
270
a2df1648
JE		 271/* Target destructor parameters */
272struct xt_tgdtor_param {
add67461 273 struct net *net;
a2df1648
JE		 274 const struct xt_target *target;
275 void *targinfo;
916a917d 276 u_int8_t family;
a2df1648
JE		 277};
278
d94d9fee 279struct xt_match {
2e4e6a17
HW		 280 struct list_head list;
281
4b2cbd42 282 const char name[XT_EXTENSION_MAXNAMELEN];
daaf83d2 283 u_int8_t revision;
2e4e6a17 284
2e4e6a17
HW		 285 /* Return true or false: return FALSE and set *hotdrop = 1 to
286 force immediate packet drop. */
287 /* Arguments changed since 2.6.9, as this must now handle
288 non-linear skb, using skb_header_pointer and
289 skb_ip_make_writable. */
1d93a9cb 290 bool (*match)(const struct sk_buff *skb,
62fc8051 291 struct xt_action_param *);
2e4e6a17
HW		 292
293 /* Called when user tries to insert an entry of this type. */
b0f38452 294 int (*checkentry)(const struct xt_mtchk_param *);
2e4e6a17
HW		 295
296 /* Called when entry of this type deleted. */
6be3d859 297 void (*destroy)(const struct xt_mtdtor_param *);
c30f540b 298#ifdef CONFIG_COMPAT
2722971c 299 /* Called when userspace align differs from kernel space one */
739674fb
JE		 300 void (*compat_from_user)(void *dst, const void *src);
301 int (*compat_to_user)(void __user *dst, const void *src);
c30f540b 302#endif
2e4e6a17
HW		 303 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
304 struct module *me;
37f9f733 305
ecb6f85e 306 const char *table;
37f9f733 307 unsigned int matchsize;
c30f540b 308#ifdef CONFIG_COMPAT
9fa492cd 309 unsigned int compatsize;
c30f540b 310#endif
37f9f733
PM		 311 unsigned int hooks;
312 unsigned short proto;
c4b88513
PM		 313
314 unsigned short family;
2e4e6a17
HW		 315};
316
317/* Registration hooks for targets. */
d94d9fee 318struct xt_target {
2e4e6a17
HW		 319 struct list_head list;
320
4b2cbd42 321 const char name[XT_EXTENSION_MAXNAMELEN];
f5c511c6 322 u_int8_t revision;
2e4e6a17 323
2e4e6a17
HW		 324 /* Returns verdict. Argument order changed since 2.6.9, as this
325 must now handle non-linear skbs, using skb_copy_bits and
326 skb_ip_make_writable. */
3db05fea 327 unsigned int (*target)(struct sk_buff *skb,
de74c169 328 const struct xt_action_param *);
2e4e6a17
HW		 329
330 /* Called when user tries to insert an entry of this type:
331 hook_mask is a bitmask of hooks from which it can be
332 called. */
135367b8
JE		 333 /* Should return true or false, or an error code (-Exxxx). */
334 int (*checkentry)(const struct xt_tgchk_param *);
2e4e6a17
HW		 335
336 /* Called when entry of this type deleted. */
a2df1648 337 void (*destroy)(const struct xt_tgdtor_param *);
c30f540b 338#ifdef CONFIG_COMPAT
2722971c 339 /* Called when userspace align differs from kernel space one */
739674fb
JE		 340 void (*compat_from_user)(void *dst, const void *src);
341 int (*compat_to_user)(void __user *dst, const void *src);
c30f540b 342#endif
2e4e6a17
HW		 343 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
344 struct module *me;
37f9f733 345
ecb6f85e 346 const char *table;
37f9f733 347 unsigned int targetsize;
c30f540b 348#ifdef CONFIG_COMPAT
9fa492cd 349 unsigned int compatsize;
c30f540b 350#endif
37f9f733
PM		 351 unsigned int hooks;
352 unsigned short proto;
c4b88513
PM		 353
354 unsigned short family;
2e4e6a17
HW		 355};
356
357/* Furniture shopping... */
d94d9fee 358struct xt_table {
2e4e6a17
HW		 359 struct list_head list;
360
2e4e6a17
HW		 361 /* What hooks you will enter on */
362 unsigned int valid_hooks;
363
2e4e6a17 364 /* Man behind the curtain... */
4a2f965c 365 struct xt_table_info *private;
2e4e6a17
HW		 366
367 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
368 struct module *me;
369
76108cea 370 u_int8_t af; /* address/protocol family */
2b95efe7 371 int priority; /* hook order */
4a2f965c
SH		 372
373 /* A unique name... */
374 const char name[XT_TABLE_MAXNAMELEN];
2e4e6a17
HW		 375};
376
377#include <linux/netfilter_ipv4.h>
378
379/* The table itself */
d94d9fee 380struct xt_table_info {
2e4e6a17
HW		 381 /* Size per table */
382 unsigned int size;
383 /* Number of entries: FIXME. --RR */
384 unsigned int number;
385 /* Initial number of entries. Needed for module usage count */
386 unsigned int initial_entries;
387
388 /* Entry points and underflows */
6e23ae2a
PM		 389 unsigned int hook_entry[NF_INET_NUMHOOKS];
390 unsigned int underflow[NF_INET_NUMHOOKS];
2e4e6a17 391
f3c5c1bf
JE		 392 /*
393 * Number of user chains. Since tables cannot have loops, at most
394 * @stacksize jumps (number of user chains) can possibly be made.
395 */
396 unsigned int stacksize;
397 unsigned int *stackptr;
398 void ***jumpstack;
2e4e6a17 399 /* ipt_entry tables: one per CPU */
259d4e41 400 /* Note : this field MUST be the last one, see XT_TABLE_INFO_SZ */
78454473 401 void *entries[1];
2e4e6a17
HW		 402};
403
259d4e41
ED		 404#define XT_TABLE_INFO_SZ (offsetof(struct xt_table_info, entries) \
405 + nr_cpu_ids * sizeof(char *))
a45049c5
PNA		 406extern int xt_register_target(struct xt_target *target);
407extern void xt_unregister_target(struct xt_target *target);
52d9c42e
PM		 408extern int xt_register_targets(struct xt_target *target, unsigned int n);
409extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
410
a45049c5
PNA		 411extern int xt_register_match(struct xt_match *target);
412extern void xt_unregister_match(struct xt_match *target);
52d9c42e
PM		 413extern int xt_register_matches(struct xt_match *match, unsigned int n);
414extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
2e4e6a17 415
916a917d 416extern int xt_check_match(struct xt_mtchk_param *,
9b4fce7a 417 unsigned int size, u_int8_t proto, bool inv_proto);
916a917d 418extern int xt_check_target(struct xt_tgchk_param *,
af5d6dc2 419 unsigned int size, u_int8_t proto, bool inv_proto);
37f9f733 420
8d870052 421extern struct xt_table *xt_register_table(struct net *net,
35aad0ff 422 const struct xt_table *table,
a98da11d
AD		 423 struct xt_table_info *bootstrap,
424 struct xt_table_info *newinfo);
2e4e6a17
HW		 425extern void *xt_unregister_table(struct xt_table *table);
426
427extern struct xt_table_info *xt_replace_table(struct xt_table *table,
428 unsigned int num_counters,
429 struct xt_table_info *newinfo,
430 int *error);
431
76108cea
JE		 432extern struct xt_match *xt_find_match(u8 af, const char *name, u8 revision);
433extern struct xt_target *xt_find_target(u8 af, const char *name, u8 revision);
fd0ec0e6
JE		 434extern struct xt_match *xt_request_find_match(u8 af, const char *name,
435 u8 revision);
76108cea 436extern struct xt_target *xt_request_find_target(u8 af, const char *name,
2e4e6a17 437 u8 revision);
76108cea
JE		 438extern int xt_find_revision(u8 af, const char *name, u8 revision,
439 int target, int *err);
2e4e6a17 440
76108cea 441extern struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
8d870052 442 const char *name);
2e4e6a17
HW		 443extern void xt_table_unlock(struct xt_table *t);
444
76108cea
JE		 445extern int xt_proto_init(struct net *net, u_int8_t af);
446extern void xt_proto_fini(struct net *net, u_int8_t af);
2e4e6a17
HW		 447
448extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
449extern void xt_free_table_info(struct xt_table_info *info);
942e4a2b
SH		 450
451/*
452 * Per-CPU spinlock associated with per-cpu table entries, and
453 * with a counter for the "reading" side that allows a recursive
454 * reader to avoid taking the lock and deadlocking.
455 *
456 * "reading" is used by ip/arp/ip6 tables rule processing which runs per-cpu.
457 * It needs to ensure that the rules are not being changed while the packet
458 * is being processed. In some cases, the read lock will be acquired
459 * twice on the same CPU; this is okay because of the count.
460 *
461 * "writing" is used when reading counters.
462 * During replace any readers that are using the old tables have to complete
463 * before freeing the old table. This is handled by the write locking
464 * necessary for reading the counters.
465 */
466struct xt_info_lock {
467 spinlock_t lock;
468 unsigned char readers;
469};
470DECLARE_PER_CPU(struct xt_info_lock, xt_info_locks);
471
472/*
473 * Note: we need to ensure that preemption is disabled before acquiring
474 * the per-cpu-variable, so we do it as a two step process rather than
475 * using "spin_lock_bh()".
476 *
477 * We _also_ need to disable bottom half processing before updating our
478 * nesting count, to make sure that the only kind of re-entrancy is this
479 * code being called by itself: since the count+lock is not an atomic
480 * operation, we can allow no races.
481 *
482 * _Only_ that special combination of being per-cpu and never getting
483 * re-entered asynchronously means that the count is safe.
484 */
485static inline void xt_info_rdlock_bh(void)
486{
487 struct xt_info_lock *lock;
488
489 local_bh_disable();
490 lock = &__get_cpu_var(xt_info_locks);
0f3d042e 491 if (likely(!lock->readers++))
942e4a2b
SH		 492 spin_lock(&lock->lock);
493}
494
495static inline void xt_info_rdunlock_bh(void)
496{
497 struct xt_info_lock *lock = &__get_cpu_var(xt_info_locks);
498
0f3d042e 499 if (likely(!--lock->readers))
942e4a2b
SH		 500 spin_unlock(&lock->lock);
501 local_bh_enable();
502}
503
504/*
505 * The "writer" side needs to get exclusive access to the lock,
506 * regardless of readers. This must be called with bottom half
507 * processing (and thus also preemption) disabled.
508 */
509static inline void xt_info_wrlock(unsigned int cpu)
510{
511 spin_lock(&per_cpu(xt_info_locks, cpu).lock);
512}
513
514static inline void xt_info_wrunlock(unsigned int cpu)
515{
516 spin_unlock(&per_cpu(xt_info_locks, cpu).lock);
517}
2e4e6a17 518
b8dfe498
ED		 519/*
520 * This helper is performance critical and must be inlined
521 */
522static inline unsigned long ifname_compare_aligned(const char *_a,
523 const char *_b,
524 const char *_mask)
525{
526 const unsigned long *a = (const unsigned long *)_a;
527 const unsigned long *b = (const unsigned long *)_b;
528 const unsigned long *mask = (const unsigned long *)_mask;
529 unsigned long ret;
530
531 ret = (a[0] ^ b[0]) & mask[0];
532 if (IFNAMSIZ > sizeof(unsigned long))
533 ret |= (a[1] ^ b[1]) & mask[1];
534 if (IFNAMSIZ > 2 * sizeof(unsigned long))
535 ret |= (a[2] ^ b[2]) & mask[2];
536 if (IFNAMSIZ > 3 * sizeof(unsigned long))
537 ret |= (a[3] ^ b[3]) & mask[3];
538 BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long));
539 return ret;
540}
541
2b95efe7
JE		 542extern struct nf_hook_ops *xt_hook_link(const struct xt_table *, nf_hookfn *);
543extern void xt_hook_unlink(const struct xt_table *, struct nf_hook_ops *);
544
2722971c
DM		 545#ifdef CONFIG_COMPAT
546#include <net/compat.h>
547
d94d9fee 548struct compat_xt_entry_match {
2722971c
DM		 549 union {
550 struct {
551 u_int16_t match_size;
552 char name[XT_FUNCTION_MAXNAMELEN - 1];
553 u_int8_t revision;
554 } user;
46c5ea3c
PM		 555 struct {
556 u_int16_t match_size;
557 compat_uptr_t match;
558 } kernel;
2722971c
DM		 559 u_int16_t match_size;
560 } u;
561 unsigned char data[0];
562};
563
d94d9fee 564struct compat_xt_entry_target {
2722971c
DM		 565 union {
566 struct {
567 u_int16_t target_size;
568 char name[XT_FUNCTION_MAXNAMELEN - 1];
569 u_int8_t revision;
570 } user;
46c5ea3c
PM		 571 struct {
572 u_int16_t target_size;
573 compat_uptr_t target;
574 } kernel;
2722971c
DM		 575 u_int16_t target_size;
576 } u;
577 unsigned char data[0];
578};
579
580/* FIXME: this works only on 32 bit tasks
581 * need to change whole approach in order to calculate align as function of
582 * current task alignment */
583
d94d9fee 584struct compat_xt_counters {
0a026046 585 compat_u64 pcnt, bcnt; /* Packet and byte counters */
2722971c
DM		 586};
587
d94d9fee 588struct compat_xt_counters_info {
2722971c
DM		 589 char name[XT_TABLE_MAXNAMELEN];
590 compat_uint_t num_counters;
591 struct compat_xt_counters counters[0];
592};
593
42107f50
AD		 594struct _compat_xt_align {
595 __u8 u8;
596 __u16 u16;
597 __u32 u32;
598 compat_u64 u64;
599};
600
a79ff731 601#define COMPAT_XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _compat_xt_align))
2722971c 602
76108cea
JE		 603extern void xt_compat_lock(u_int8_t af);
604extern void xt_compat_unlock(u_int8_t af);
9fa492cd 605
76108cea
JE		 606extern int xt_compat_add_offset(u_int8_t af, unsigned int offset, short delta);
607extern void xt_compat_flush_offsets(u_int8_t af);
3e5e524f 608extern int xt_compat_calc_jump(u_int8_t af, unsigned int offset);
b386d9f5 609
5452e425 610extern int xt_compat_match_offset(const struct xt_match *match);
89566951 611extern int xt_compat_match_from_user(struct xt_entry_match *m,
b0a6363c 612 void **dstptr, unsigned int *size);
739674fb 613extern int xt_compat_match_to_user(const struct xt_entry_match *m,
b0a6363c 614 void __user **dstptr, unsigned int *size);
9fa492cd 615
5452e425 616extern int xt_compat_target_offset(const struct xt_target *target);
9fa492cd 617extern void xt_compat_target_from_user(struct xt_entry_target *t,
b0a6363c 618 void **dstptr, unsigned int *size);
739674fb 619extern int xt_compat_target_to_user(const struct xt_entry_target *t,
b0a6363c 620 void __user **dstptr, unsigned int *size);
2722971c
DM		 621
622#endif /* CONFIG_COMPAT */
2e4e6a17
HW		 623#endif /* __KERNEL__ */
624
625#endif /* _X_TABLES_H */
kernel source for telekom puls (alcatel/mediatek)