1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
2 | #ifndef _UAPI_X_TABLES_H |
3 | #define _UAPI_X_TABLES_H |
4 | #include <linux/const.h> |
5 | #include <linux/types.h> |
6 | |
7 | #define XT_FUNCTION_MAXNAMELEN 30 |
8 | #define XT_EXTENSION_MAXNAMELEN 29 |
9 | #define XT_TABLE_MAXNAMELEN 32 |
10 | |
11 | struct xt_entry_match { |
12 | union { |
13 | struct { |
14 | __u16 match_size; |
15 | |
16 | /* Used by userspace */ |
17 | char name[XT_EXTENSION_MAXNAMELEN]; |
18 | __u8 revision; |
19 | } user; |
20 | struct { |
21 | __u16 match_size; |
22 | |
23 | /* Used inside the kernel */ |
24 | struct xt_match *match; |
25 | } kernel; |
26 | |
27 | /* Total length */ |
28 | __u16 match_size; |
29 | } u; |
30 | |
31 | unsigned char data[]; |
32 | }; |
33 | |
34 | struct xt_entry_target { |
35 | union { |
36 | struct { |
37 | __u16 target_size; |
38 | |
39 | /* Used by userspace */ |
40 | char name[XT_EXTENSION_MAXNAMELEN]; |
41 | __u8 revision; |
42 | } user; |
43 | struct { |
44 | __u16 target_size; |
45 | |
46 | /* Used inside the kernel */ |
47 | struct xt_target *target; |
48 | } kernel; |
49 | |
50 | /* Total length */ |
51 | __u16 target_size; |
52 | } u; |
53 | |
54 | unsigned char data[0]; |
55 | }; |
56 | |
57 | #define XT_TARGET_INIT(__name, __size) \ |
58 | { \ |
59 | .target.u.user = { \ |
60 | .target_size = XT_ALIGN(__size), \ |
61 | .name = __name, \ |
62 | }, \ |
63 | } |
64 | |
65 | struct xt_standard_target { |
66 | struct xt_entry_target target; |
67 | int verdict; |
68 | }; |
69 | |
70 | struct xt_error_target { |
71 | struct xt_entry_target target; |
72 | char errorname[XT_FUNCTION_MAXNAMELEN]; |
73 | }; |
74 | |
75 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision |
76 | * kernel supports, if >= revision. */ |
77 | struct xt_get_revision { |
78 | char name[XT_EXTENSION_MAXNAMELEN]; |
79 | __u8 revision; |
80 | }; |
81 | |
82 | /* CONTINUE verdict for targets */ |
83 | #define XT_CONTINUE 0xFFFFFFFF |
84 | |
85 | /* For standard target */ |
86 | #define XT_RETURN (-NF_REPEAT - 1) |
87 | |
88 | /* this is a dummy structure to find out the alignment requirement for a struct |
89 | * containing all the fundamental data types that are used in ipt_entry, |
90 | * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my |
91 | * personal pleasure to remove it -HW |
92 | */ |
93 | struct _xt_align { |
94 | __u8 u8; |
95 | __u16 u16; |
96 | __u32 u32; |
97 | __u64 u64; |
98 | }; |
99 | |
100 | #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) |
101 | |
102 | /* Standard return verdict, or do jump. */ |
103 | #define XT_STANDARD_TARGET "" |
104 | /* Error verdict. */ |
105 | #define XT_ERROR_TARGET "ERROR" |
106 | |
107 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) |
108 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) |
109 | |
110 | struct xt_counters { |
111 | __u64 pcnt, bcnt; /* Packet and byte counters */ |
112 | }; |
113 | |
114 | /* The argument to IPT_SO_ADD_COUNTERS. */ |
115 | struct xt_counters_info { |
116 | /* Which table. */ |
117 | char name[XT_TABLE_MAXNAMELEN]; |
118 | |
119 | unsigned int num_counters; |
120 | |
121 | /* The counters (actually `number' of these). */ |
122 | struct xt_counters counters[]; |
123 | }; |
124 | |
125 | #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ |
126 | |
127 | #ifndef __KERNEL__ |
128 | /* fn returns 0 to continue iteration */ |
129 | #define XT_MATCH_ITERATE(type, e, fn, args...) \ |
130 | ({ \ |
131 | unsigned int __i; \ |
132 | int __ret = 0; \ |
133 | struct xt_entry_match *__m; \ |
134 | \ |
135 | for (__i = sizeof(type); \ |
136 | __i < (e)->target_offset; \ |
137 | __i += __m->u.match_size) { \ |
138 | __m = (void *)e + __i; \ |
139 | \ |
140 | __ret = fn(__m , ## args); \ |
141 | if (__ret != 0) \ |
142 | break; \ |
143 | } \ |
144 | __ret; \ |
145 | }) |
146 | |
147 | /* fn returns 0 to continue iteration */ |
148 | #define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ |
149 | ({ \ |
150 | unsigned int __i, __n; \ |
151 | int __ret = 0; \ |
152 | type *__entry; \ |
153 | \ |
154 | for (__i = 0, __n = 0; __i < (size); \ |
155 | __i += __entry->next_offset, __n++) { \ |
156 | __entry = (void *)(entries) + __i; \ |
157 | if (__n < n) \ |
158 | continue; \ |
159 | \ |
160 | __ret = fn(__entry , ## args); \ |
161 | if (__ret != 0) \ |
162 | break; \ |
163 | } \ |
164 | __ret; \ |
165 | }) |
166 | |
167 | /* fn returns 0 to continue iteration */ |
168 | #define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ |
169 | XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) |
170 | |
171 | #endif /* !__KERNEL__ */ |
172 | |
173 | /* pos is normally a struct ipt_entry/ip6t_entry/etc. */ |
174 | #define xt_entry_foreach(pos, ehead, esize) \ |
175 | for ((pos) = (typeof(pos))(ehead); \ |
176 | (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ |
177 | (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) |
178 | |
179 | /* can only be xt_entry_match, so no use of typeof here */ |
180 | #define xt_ematch_foreach(pos, entry) \ |
181 | for ((pos) = (struct xt_entry_match *)entry->elems; \ |
182 | (pos) < (struct xt_entry_match *)((char *)(entry) + \ |
183 | (entry)->target_offset); \ |
184 | (pos) = (struct xt_entry_match *)((char *)(pos) + \ |
185 | (pos)->u.match_size)) |
186 | |
187 | |
188 | #endif /* _UAPI_X_TABLES_H */ |
189 | |