| 1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
|---|
| 2 | #ifndef _UAPI_X_TABLES_H |
|---|
| 3 | #define _UAPI_X_TABLES_H |
|---|
| 4 | #include <linux/const.h> |
|---|
| 5 | #include <linux/types.h> |
|---|
| 6 | |
|---|
| 7 | #define XT_FUNCTION_MAXNAMELEN 30 |
|---|
| 8 | #define XT_EXTENSION_MAXNAMELEN 29 |
|---|
| 9 | #define XT_TABLE_MAXNAMELEN 32 |
|---|
| 10 | |
|---|
| 11 | struct xt_entry_match { |
|---|
| 12 | union { |
|---|
| 13 | struct { |
|---|
| 14 | __u16 match_size; |
|---|
| 15 | |
|---|
| 16 | /* Used by userspace */ |
|---|
| 17 | char name[XT_EXTENSION_MAXNAMELEN]; |
|---|
| 18 | __u8 revision; |
|---|
| 19 | } user; |
|---|
| 20 | struct { |
|---|
| 21 | __u16 match_size; |
|---|
| 22 | |
|---|
| 23 | /* Used inside the kernel */ |
|---|
| 24 | struct xt_match *match; |
|---|
| 25 | } kernel; |
|---|
| 26 | |
|---|
| 27 | /* Total length */ |
|---|
| 28 | __u16 match_size; |
|---|
| 29 | } u; |
|---|
| 30 | |
|---|
| 31 | unsigned char data[]; |
|---|
| 32 | }; |
|---|
| 33 | |
|---|
| 34 | struct xt_entry_target { |
|---|
| 35 | union { |
|---|
| 36 | struct { |
|---|
| 37 | __u16 target_size; |
|---|
| 38 | |
|---|
| 39 | /* Used by userspace */ |
|---|
| 40 | char name[XT_EXTENSION_MAXNAMELEN]; |
|---|
| 41 | __u8 revision; |
|---|
| 42 | } user; |
|---|
| 43 | struct { |
|---|
| 44 | __u16 target_size; |
|---|
| 45 | |
|---|
| 46 | /* Used inside the kernel */ |
|---|
| 47 | struct xt_target *target; |
|---|
| 48 | } kernel; |
|---|
| 49 | |
|---|
| 50 | /* Total length */ |
|---|
| 51 | __u16 target_size; |
|---|
| 52 | } u; |
|---|
| 53 | |
|---|
| 54 | unsigned char data[0]; |
|---|
| 55 | }; |
|---|
| 56 | |
|---|
| 57 | #define XT_TARGET_INIT(__name, __size) \ |
|---|
| 58 | { \ |
|---|
| 59 | .target.u.user = { \ |
|---|
| 60 | .target_size = XT_ALIGN(__size), \ |
|---|
| 61 | .name = __name, \ |
|---|
| 62 | }, \ |
|---|
| 63 | } |
|---|
| 64 | |
|---|
| 65 | struct xt_standard_target { |
|---|
| 66 | struct xt_entry_target target; |
|---|
| 67 | int verdict; |
|---|
| 68 | }; |
|---|
| 69 | |
|---|
| 70 | struct xt_error_target { |
|---|
| 71 | struct xt_entry_target target; |
|---|
| 72 | char errorname[XT_FUNCTION_MAXNAMELEN]; |
|---|
| 73 | }; |
|---|
| 74 | |
|---|
| 75 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision |
|---|
| 76 | * kernel supports, if >= revision. */ |
|---|
| 77 | struct xt_get_revision { |
|---|
| 78 | char name[XT_EXTENSION_MAXNAMELEN]; |
|---|
| 79 | __u8 revision; |
|---|
| 80 | }; |
|---|
| 81 | |
|---|
| 82 | /* CONTINUE verdict for targets */ |
|---|
| 83 | #define XT_CONTINUE 0xFFFFFFFF |
|---|
| 84 | |
|---|
| 85 | /* For standard target */ |
|---|
| 86 | #define XT_RETURN (-NF_REPEAT - 1) |
|---|
| 87 | |
|---|
| 88 | /* this is a dummy structure to find out the alignment requirement for a struct |
|---|
| 89 | * containing all the fundamental data types that are used in ipt_entry, |
|---|
| 90 | * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my |
|---|
| 91 | * personal pleasure to remove it -HW |
|---|
| 92 | */ |
|---|
| 93 | struct _xt_align { |
|---|
| 94 | __u8 u8; |
|---|
| 95 | __u16 u16; |
|---|
| 96 | __u32 u32; |
|---|
| 97 | __u64 u64; |
|---|
| 98 | }; |
|---|
| 99 | |
|---|
| 100 | #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) |
|---|
| 101 | |
|---|
| 102 | /* Standard return verdict, or do jump. */ |
|---|
| 103 | #define XT_STANDARD_TARGET "" |
|---|
| 104 | /* Error verdict. */ |
|---|
| 105 | #define XT_ERROR_TARGET "ERROR" |
|---|
| 106 | |
|---|
| 107 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) |
|---|
| 108 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) |
|---|
| 109 | |
|---|
| 110 | struct xt_counters { |
|---|
| 111 | __u64 pcnt, bcnt; /* Packet and byte counters */ |
|---|
| 112 | }; |
|---|
| 113 | |
|---|
| 114 | /* The argument to IPT_SO_ADD_COUNTERS. */ |
|---|
| 115 | struct xt_counters_info { |
|---|
| 116 | /* Which table. */ |
|---|
| 117 | char name[XT_TABLE_MAXNAMELEN]; |
|---|
| 118 | |
|---|
| 119 | unsigned int num_counters; |
|---|
| 120 | |
|---|
| 121 | /* The counters (actually `number' of these). */ |
|---|
| 122 | struct xt_counters counters[]; |
|---|
| 123 | }; |
|---|
| 124 | |
|---|
| 125 | #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ |
|---|
| 126 | |
|---|
| 127 | #ifndef __KERNEL__ |
|---|
| 128 | /* fn returns 0 to continue iteration */ |
|---|
| 129 | #define XT_MATCH_ITERATE(type, e, fn, args...) \ |
|---|
| 130 | ({ \ |
|---|
| 131 | unsigned int __i; \ |
|---|
| 132 | int __ret = 0; \ |
|---|
| 133 | struct xt_entry_match *__m; \ |
|---|
| 134 | \ |
|---|
| 135 | for (__i = sizeof(type); \ |
|---|
| 136 | __i < (e)->target_offset; \ |
|---|
| 137 | __i += __m->u.match_size) { \ |
|---|
| 138 | __m = (void *)e + __i; \ |
|---|
| 139 | \ |
|---|
| 140 | __ret = fn(__m , ## args); \ |
|---|
| 141 | if (__ret != 0) \ |
|---|
| 142 | break; \ |
|---|
| 143 | } \ |
|---|
| 144 | __ret; \ |
|---|
| 145 | }) |
|---|
| 146 | |
|---|
| 147 | /* fn returns 0 to continue iteration */ |
|---|
| 148 | #define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ |
|---|
| 149 | ({ \ |
|---|
| 150 | unsigned int __i, __n; \ |
|---|
| 151 | int __ret = 0; \ |
|---|
| 152 | type *__entry; \ |
|---|
| 153 | \ |
|---|
| 154 | for (__i = 0, __n = 0; __i < (size); \ |
|---|
| 155 | __i += __entry->next_offset, __n++) { \ |
|---|
| 156 | __entry = (void *)(entries) + __i; \ |
|---|
| 157 | if (__n < n) \ |
|---|
| 158 | continue; \ |
|---|
| 159 | \ |
|---|
| 160 | __ret = fn(__entry , ## args); \ |
|---|
| 161 | if (__ret != 0) \ |
|---|
| 162 | break; \ |
|---|
| 163 | } \ |
|---|
| 164 | __ret; \ |
|---|
| 165 | }) |
|---|
| 166 | |
|---|
| 167 | /* fn returns 0 to continue iteration */ |
|---|
| 168 | #define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ |
|---|
| 169 | XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) |
|---|
| 170 | |
|---|
| 171 | #endif /* !__KERNEL__ */ |
|---|
| 172 | |
|---|
| 173 | /* pos is normally a struct ipt_entry/ip6t_entry/etc. */ |
|---|
| 174 | #define xt_entry_foreach(pos, ehead, esize) \ |
|---|
| 175 | for ((pos) = (typeof(pos))(ehead); \ |
|---|
| 176 | (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ |
|---|
| 177 | (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) |
|---|
| 178 | |
|---|
| 179 | /* can only be xt_entry_match, so no use of typeof here */ |
|---|
| 180 | #define xt_ematch_foreach(pos, entry) \ |
|---|
| 181 | for ((pos) = (struct xt_entry_match *)entry->elems; \ |
|---|
| 182 | (pos) < (struct xt_entry_match *)((char *)(entry) + \ |
|---|
| 183 | (entry)->target_offset); \ |
|---|
| 184 | (pos) = (struct xt_entry_match *)((char *)(pos) + \ |
|---|
| 185 | (pos)->u.match_size)) |
|---|
| 186 | |
|---|
| 187 | |
|---|
| 188 | #endif /* _UAPI_X_TABLES_H */ |
|---|
| 189 | |
|---|
