4 #define XT_FUNCTION_MAXNAMELEN 30
5 #define XT_TABLE_MAXNAMELEN 32
7 /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
8 * kernel supports, if >= revision. */
11 char name[XT_FUNCTION_MAXNAMELEN-1];
16 /* CONTINUE verdict for targets */
17 #define XT_CONTINUE 0xFFFFFFFF
19 /* For standard target */
20 #define XT_RETURN (-NF_REPEAT - 1)
22 #define XT_ALIGN(s) (((s) + (__alignof__(u_int64_t)-1)) & ~(__alignof__(u_int64_t)-1))
24 /* Standard return verdict, or do jump. */
25 #define XT_STANDARD_TARGET ""
27 #define XT_ERROR_TARGET "ERROR"
30 * New IP firewall options for [gs]etsockopt at the RAW IP level.
31 * Unlike BSD Linux inherits IP options so you don't have to use a raw
32 * socket for this. Instead we check rights in the calls. */
33 #define XT_BASE_CTL 64 /* base for firewall socket options */
35 #define XT_SO_SET_REPLACE (XT_BASE_CTL)
36 #define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1)
37 #define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS
39 #define XT_SO_GET_INFO (XT_BASE_CTL)
40 #define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1)
41 #define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2)
42 #define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3)
43 #define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
45 #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
46 #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
50 u_int64_t pcnt, bcnt; /* Packet and byte counters */
53 /* The argument to IPT_SO_ADD_COUNTERS. */
54 struct xt_counters_info
57 char name[XT_TABLE_MAXNAMELEN];
59 unsigned int num_counters;
61 /* The counters (actually `number' of these). */
62 struct xt_counters counters[0];
65 #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
69 #include <linux/netdevice.h>
71 #define ASSERT_READ_LOCK(x)
72 #define ASSERT_WRITE_LOCK(x)
73 #include <linux/netfilter_ipv4/listhelp.h>
77 struct list_head list;
79 const char name[XT_FUNCTION_MAXNAMELEN-1];
83 /* Return true or false: return FALSE and set *hotdrop = 1 to
84 force immediate packet drop. */
85 /* Arguments changed since 2.6.9, as this must now handle
86 non-linear skb, using skb_header_pointer and
87 skb_ip_make_writable. */
88 int (*match)(const struct sk_buff *skb,
89 const struct net_device *in,
90 const struct net_device *out,
91 const void *matchinfo,
96 /* Called when user tries to insert an entry of this type. */
97 /* Should return true or false. */
98 int (*checkentry)(const char *tablename,
101 unsigned int matchinfosize,
102 unsigned int hook_mask);
104 /* Called when entry of this type deleted. */
105 void (*destroy)(void *matchinfo, unsigned int matchinfosize);
107 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
111 /* Registration hooks for targets. */
114 struct list_head list;
116 const char name[XT_FUNCTION_MAXNAMELEN-1];
120 /* Returns verdict. Argument order changed since 2.6.9, as this
121 must now handle non-linear skbs, using skb_copy_bits and
122 skb_ip_make_writable. */
123 unsigned int (*target)(struct sk_buff **pskb,
124 const struct net_device *in,
125 const struct net_device *out,
126 unsigned int hooknum,
127 const void *targinfo,
130 /* Called when user tries to insert an entry of this type:
131 hook_mask is a bitmask of hooks from which it can be
133 /* Should return true or false. */
134 int (*checkentry)(const char *tablename,
137 unsigned int targinfosize,
138 unsigned int hook_mask);
140 /* Called when entry of this type deleted. */
141 void (*destroy)(void *targinfo, unsigned int targinfosize);
143 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
147 /* Furniture shopping... */
150 struct list_head list;
152 /* A unique name... */
153 char name[XT_TABLE_MAXNAMELEN];
155 /* What hooks you will enter on */
156 unsigned int valid_hooks;
158 /* Lock for the curtain */
161 /* Man behind the curtain... */
162 //struct ip6t_table_info *private;
165 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
168 int af; /* address/protocol family */
171 #include <linux/netfilter_ipv4.h>
173 /* The table itself */
178 /* Number of entries: FIXME. --RR */
180 /* Initial number of entries. Needed for module usage count */
181 unsigned int initial_entries;
183 /* Entry points and underflows */
184 unsigned int hook_entry[NF_IP_NUMHOOKS];
185 unsigned int underflow[NF_IP_NUMHOOKS];
187 /* ipt_entry tables: one per CPU */
188 char *entries[NR_CPUS];
191 extern int xt_register_target(int af, struct xt_target *target);
192 extern void xt_unregister_target(int af, struct xt_target *target);
193 extern int xt_register_match(int af, struct xt_match *target);
194 extern void xt_unregister_match(int af, struct xt_match *target);
196 extern int xt_register_table(struct xt_table *table,
197 struct xt_table_info *bootstrap,
198 struct xt_table_info *newinfo);
199 extern void *xt_unregister_table(struct xt_table *table);
201 extern struct xt_table_info *xt_replace_table(struct xt_table *table,
202 unsigned int num_counters,
203 struct xt_table_info *newinfo,
206 extern struct xt_match *xt_find_match(int af, const char *name, u8 revision);
207 extern struct xt_target *xt_find_target(int af, const char *name, u8 revision);
208 extern struct xt_target *xt_request_find_target(int af, const char *name,
210 extern int xt_find_revision(int af, const char *name, u8 revision, int target,
213 extern struct xt_table *xt_find_table_lock(int af, const char *name);
214 extern void xt_table_unlock(struct xt_table *t);
216 extern int xt_proto_init(int af);
217 extern void xt_proto_fini(int af);
219 extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
220 extern void xt_free_table_info(struct xt_table_info *info);
222 #endif /* __KERNEL__ */
224 #endif /* _X_TABLES_H */
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob