1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2#ifndef _UAPI_X_TABLES_H
3#define _UAPI_X_TABLES_H
4#include <linux/const.h>
5#include <linux/types.h>
6
7#define XT_FUNCTION_MAXNAMELEN 30
8#define XT_EXTENSION_MAXNAMELEN 29
9#define XT_TABLE_MAXNAMELEN 32
10
11struct xt_entry_match {
12	union {
13		struct {
14			__u16 match_size;
15
16			/* Used by userspace */
17			char name[XT_EXTENSION_MAXNAMELEN];
18			__u8 revision;
19		} user;
20		struct {
21			__u16 match_size;
22
23			/* Used inside the kernel */
24			struct xt_match *match;
25		} kernel;
26
27		/* Total length */
28		__u16 match_size;
29	} u;
30
31	unsigned char data[];
32};
33
34struct xt_entry_target {
35	union {
36		struct {
37			__u16 target_size;
38
39			/* Used by userspace */
40			char name[XT_EXTENSION_MAXNAMELEN];
41			__u8 revision;
42		} user;
43		struct {
44			__u16 target_size;
45
46			/* Used inside the kernel */
47			struct xt_target *target;
48		} kernel;
49
50		/* Total length */
51		__u16 target_size;
52	} u;
53
54	unsigned char data[0];
55};
56
57#define XT_TARGET_INIT(__name, __size)					       \
58{									       \
59	.target.u.user = {						       \
60		.target_size	= XT_ALIGN(__size),			       \
61		.name		= __name,				       \
62	},								       \
63}
64
65struct xt_standard_target {
66	struct xt_entry_target target;
67	int verdict;
68};
69
70struct xt_error_target {
71	struct xt_entry_target target;
72	char errorname[XT_FUNCTION_MAXNAMELEN];
73};
74
75/* The argument to IPT_SO_GET_REVISION_*.  Returns highest revision
76 * kernel supports, if >= revision. */
77struct xt_get_revision {
78	char name[XT_EXTENSION_MAXNAMELEN];
79	__u8 revision;
80};
81
82/* CONTINUE verdict for targets */
83#define XT_CONTINUE 0xFFFFFFFF
84
85/* For standard target */
86#define XT_RETURN (-NF_REPEAT - 1)
87
88/* this is a dummy structure to find out the alignment requirement for a struct
89 * containing all the fundamental data types that are used in ipt_entry,
90 * ip6t_entry and arpt_entry.  This sucks, and it is a hack.  It will be my
91 * personal pleasure to remove it -HW
92 */
93struct _xt_align {
94	__u8 u8;
95	__u16 u16;
96	__u32 u32;
97	__u64 u64;
98};
99
100#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
101
102/* Standard return verdict, or do jump. */
103#define XT_STANDARD_TARGET ""
104/* Error verdict. */
105#define XT_ERROR_TARGET "ERROR"
106
107#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
108#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
109
110struct xt_counters {
111	__u64 pcnt, bcnt;			/* Packet and byte counters */
112};
113
114/* The argument to IPT_SO_ADD_COUNTERS. */
115struct xt_counters_info {
116	/* Which table. */
117	char name[XT_TABLE_MAXNAMELEN];
118
119	unsigned int num_counters;
120
121	/* The counters (actually `number' of these). */
122	struct xt_counters counters[];
123};
124
125#define XT_INV_PROTO		0x40	/* Invert the sense of PROTO. */
126
127#ifndef __KERNEL__
128/* fn returns 0 to continue iteration */
129#define XT_MATCH_ITERATE(type, e, fn, args...)			\
130({								\
131	unsigned int __i;					\
132	int __ret = 0;						\
133	struct xt_entry_match *__m;				\
134								\
135	for (__i = sizeof(type);				\
136	     __i < (e)->target_offset;				\
137	     __i += __m->u.match_size) {			\
138		__m = (void *)e + __i;				\
139								\
140		__ret = fn(__m , ## args);			\
141		if (__ret != 0)					\
142			break;					\
143	}							\
144	__ret;							\
145})
146
147/* fn returns 0 to continue iteration */
148#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
149({								\
150	unsigned int __i, __n;					\
151	int __ret = 0;						\
152	type *__entry;						\
153								\
154	for (__i = 0, __n = 0; __i < (size);			\
155	     __i += __entry->next_offset, __n++) { 		\
156		__entry = (void *)(entries) + __i;		\
157		if (__n < n)					\
158			continue;				\
159								\
160		__ret = fn(__entry , ## args);			\
161		if (__ret != 0)					\
162			break;					\
163	}							\
164	__ret;							\
165})
166
167/* fn returns 0 to continue iteration */
168#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
169	XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
170
171#endif /* !__KERNEL__ */
172
173/* pos is normally a struct ipt_entry/ip6t_entry/etc. */
174#define xt_entry_foreach(pos, ehead, esize) \
175	for ((pos) = (typeof(pos))(ehead); \
176	     (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
177	     (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
178
179/* can only be xt_entry_match, so no use of typeof here */
180#define xt_ematch_foreach(pos, entry) \
181	for ((pos) = (struct xt_entry_match *)entry->elems; \
182	     (pos) < (struct xt_entry_match *)((char *)(entry) + \
183	             (entry)->target_offset); \
184	     (pos) = (struct xt_entry_match *)((char *)(pos) + \
185	             (pos)->u.match_size))
186
187
188#endif /* _UAPI_X_TABLES_H */
189