1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2#ifndef _UAPI_X_TABLES_H 3#define _UAPI_X_TABLES_H 4#include <linux/const.h> 5#include <linux/types.h> 6 7#define XT_FUNCTION_MAXNAMELEN 30 8#define XT_EXTENSION_MAXNAMELEN 29 9#define XT_TABLE_MAXNAMELEN 32 10 11struct xt_entry_match { 12 union { 13 struct { 14 __u16 match_size; 15 16 /* Used by userspace */ 17 char name[XT_EXTENSION_MAXNAMELEN]; 18 __u8 revision; 19 } user; 20 struct { 21 __u16 match_size; 22 23 /* Used inside the kernel */ 24 struct xt_match *match; 25 } kernel; 26 27 /* Total length */ 28 __u16 match_size; 29 } u; 30 31 unsigned char data[]; 32}; 33 34struct xt_entry_target { 35 union { 36 struct { 37 __u16 target_size; 38 39 /* Used by userspace */ 40 char name[XT_EXTENSION_MAXNAMELEN]; 41 __u8 revision; 42 } user; 43 struct { 44 __u16 target_size; 45 46 /* Used inside the kernel */ 47 struct xt_target *target; 48 } kernel; 49 50 /* Total length */ 51 __u16 target_size; 52 } u; 53 54 unsigned char data[0]; 55}; 56 57#define XT_TARGET_INIT(__name, __size) \ 58{ \ 59 .target.u.user = { \ 60 .target_size = XT_ALIGN(__size), \ 61 .name = __name, \ 62 }, \ 63} 64 65struct xt_standard_target { 66 struct xt_entry_target target; 67 int verdict; 68}; 69 70struct xt_error_target { 71 struct xt_entry_target target; 72 char errorname[XT_FUNCTION_MAXNAMELEN]; 73}; 74 75/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision 76 * kernel supports, if >= revision. */ 77struct xt_get_revision { 78 char name[XT_EXTENSION_MAXNAMELEN]; 79 __u8 revision; 80}; 81 82/* CONTINUE verdict for targets */ 83#define XT_CONTINUE 0xFFFFFFFF 84 85/* For standard target */ 86#define XT_RETURN (-NF_REPEAT - 1) 87 88/* this is a dummy structure to find out the alignment requirement for a struct 89 * containing all the fundamental data types that are used in ipt_entry, 90 * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my 91 * personal pleasure to remove it -HW 92 */ 93struct _xt_align { 94 __u8 u8; 95 __u16 u16; 96 __u32 u32; 97 __u64 u64; 98}; 99 100#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) 101 102/* Standard return verdict, or do jump. */ 103#define XT_STANDARD_TARGET "" 104/* Error verdict. */ 105#define XT_ERROR_TARGET "ERROR" 106 107#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) 108#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) 109 110struct xt_counters { 111 __u64 pcnt, bcnt; /* Packet and byte counters */ 112}; 113 114/* The argument to IPT_SO_ADD_COUNTERS. */ 115struct xt_counters_info { 116 /* Which table. */ 117 char name[XT_TABLE_MAXNAMELEN]; 118 119 unsigned int num_counters; 120 121 /* The counters (actually `number' of these). */ 122 struct xt_counters counters[]; 123}; 124 125#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ 126 127#ifndef __KERNEL__ 128/* fn returns 0 to continue iteration */ 129#define XT_MATCH_ITERATE(type, e, fn, args...) \ 130({ \ 131 unsigned int __i; \ 132 int __ret = 0; \ 133 struct xt_entry_match *__m; \ 134 \ 135 for (__i = sizeof(type); \ 136 __i < (e)->target_offset; \ 137 __i += __m->u.match_size) { \ 138 __m = (void *)e + __i; \ 139 \ 140 __ret = fn(__m , ## args); \ 141 if (__ret != 0) \ 142 break; \ 143 } \ 144 __ret; \ 145}) 146 147/* fn returns 0 to continue iteration */ 148#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ 149({ \ 150 unsigned int __i, __n; \ 151 int __ret = 0; \ 152 type *__entry; \ 153 \ 154 for (__i = 0, __n = 0; __i < (size); \ 155 __i += __entry->next_offset, __n++) { \ 156 __entry = (void *)(entries) + __i; \ 157 if (__n < n) \ 158 continue; \ 159 \ 160 __ret = fn(__entry , ## args); \ 161 if (__ret != 0) \ 162 break; \ 163 } \ 164 __ret; \ 165}) 166 167/* fn returns 0 to continue iteration */ 168#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ 169 XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) 170 171#endif /* !__KERNEL__ */ 172 173/* pos is normally a struct ipt_entry/ip6t_entry/etc. */ 174#define xt_entry_foreach(pos, ehead, esize) \ 175 for ((pos) = (typeof(pos))(ehead); \ 176 (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ 177 (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) 178 179/* can only be xt_entry_match, so no use of typeof here */ 180#define xt_ematch_foreach(pos, entry) \ 181 for ((pos) = (struct xt_entry_match *)entry->elems; \ 182 (pos) < (struct xt_entry_match *)((char *)(entry) + \ 183 (entry)->target_offset); \ 184 (pos) = (struct xt_entry_match *)((char *)(pos) + \ 185 (pos)->u.match_size)) 186 187 188#endif /* _UAPI_X_TABLES_H */ 189