Subversion Repositories shark

Compare Revisions

Ignore whitespace Rev 643 → Rev 642

/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_pkttype.h
0,0 → 1,11
#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
#define __LINUX_BRIDGE_EBT_PKTTYPE_H
 
struct ebt_pkttype_info
{
uint8_t pkt_type;
uint8_t invert;
};
#define EBT_PKTTYPE_MATCH "pkttype"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_vlan.h
0,0 → 1,20
#ifndef __LINUX_BRIDGE_EBT_VLAN_H
#define __LINUX_BRIDGE_EBT_VLAN_H
 
#define EBT_VLAN_ID 0x01
#define EBT_VLAN_PRIO 0x02
#define EBT_VLAN_ENCAP 0x04
#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP)
#define EBT_VLAN_MATCH "vlan"
 
struct ebt_vlan_info {
uint16_t id; /* VLAN ID {1-4095} */
uint8_t prio; /* VLAN User Priority {0-7} */
uint16_t encap; /* VLAN Encapsulated frame code {0-65535} */
uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg,
bit 2=1 User-Priority arg, bit 3=1 encap*/
uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
bit 2=1 - inversed Pirority arg */
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_log.h
0,0 → 1,17
#ifndef __LINUX_BRIDGE_EBT_LOG_H
#define __LINUX_BRIDGE_EBT_LOG_H
 
#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
#define EBT_LOG_ARP 0x02
#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP)
#define EBT_LOG_PREFIX_SIZE 30
#define EBT_LOG_WATCHER "log"
 
struct ebt_log_info
{
uint8_t loglevel;
uint8_t prefix[EBT_LOG_PREFIX_SIZE];
uint32_t bitmask;
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_redirect.h
0,0 → 1,11
#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
#define __LINUX_BRIDGE_EBT_REDIRECT_H
 
struct ebt_redirect_info
{
/* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_REDIRECT_TARGET "redirect"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_among.h
0,0 → 1,65
#ifndef __LINUX_BRIDGE_EBT_AMONG_H
#define __LINUX_BRIDGE_EBT_AMONG_H
 
#define EBT_AMONG_DST 0x01
#define EBT_AMONG_SRC 0x02
 
/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
*
* Write-once-read-many hash table, used for checking if a given
* MAC address belongs to a set or not and possibly for checking
* if it is related with a given IPv4 address.
*
* The hash value of an address is its last byte.
*
* In real-world ethernet addresses, values of the last byte are
* evenly distributed and there is no need to consider other bytes.
* It would only slow the routines down.
*
* For MAC address comparison speedup reasons, we introduce a trick.
* MAC address is mapped onto an array of two 32-bit integers.
* This pair of integers is compared with MAC addresses in the
* hash table, which are stored also in form of pairs of integers
* (in `cmp' array). This is quick as it requires only two elementary
* number comparisons in worst case. Further, we take advantage of
* fact that entropy of 3 last bytes of address is larger than entropy
* of 3 first bytes. So first we compare 4 last bytes of addresses and
* if they are the same we compare 2 first.
*
* Yes, it is a memory overhead, but in 2003 AD, who cares?
*/
 
struct ebt_mac_wormhash_tuple
{
uint32_t cmp[2];
uint32_t ip;
};
 
struct ebt_mac_wormhash
{
int table[257];
int poolsize;
struct ebt_mac_wormhash_tuple pool[0];
};
 
#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
+ (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
 
struct ebt_among_info
{
int wh_dst_ofs;
int wh_src_ofs;
int bitmask;
};
 
#define EBT_AMONG_DST_NEG 0x1
#define EBT_AMONG_SRC_NEG 0x2
 
#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
(struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
(struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
 
#define EBT_AMONG_MATCH "among"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_arp.h
0,0 → 1,32
#ifndef __LINUX_BRIDGE_EBT_ARP_H
#define __LINUX_BRIDGE_EBT_ARP_H
 
#define EBT_ARP_OPCODE 0x01
#define EBT_ARP_HTYPE 0x02
#define EBT_ARP_PTYPE 0x04
#define EBT_ARP_SRC_IP 0x08
#define EBT_ARP_DST_IP 0x10
#define EBT_ARP_SRC_MAC 0x20
#define EBT_ARP_DST_MAC 0x40
#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)
#define EBT_ARP_MATCH "arp"
 
struct ebt_arp_info
{
uint16_t htype;
uint16_t ptype;
uint16_t opcode;
uint32_t saddr;
uint32_t smsk;
uint32_t daddr;
uint32_t dmsk;
unsigned char smaddr[ETH_ALEN];
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
uint8_t bitmask;
uint8_t invflags;
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_nat.h
0,0 → 1,13
#ifndef __LINUX_BRIDGE_EBT_NAT_H
#define __LINUX_BRIDGE_EBT_NAT_H
 
struct ebt_nat_info
{
unsigned char mac[ETH_ALEN];
/* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_SNAT_TARGET "snat"
#define EBT_DNAT_TARGET "dnat"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_mark_m.h
0,0 → 1,15
#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
#define __LINUX_BRIDGE_EBT_MARK_M_H
 
#define EBT_MARK_AND 0x01
#define EBT_MARK_OR 0x02
#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
struct ebt_mark_m_info
{
unsigned long mark, mask;
uint8_t invert;
uint8_t bitmask;
};
#define EBT_MARK_MATCH "mark_m"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_stp.h
0,0 → 1,46
#ifndef __LINUX_BRIDGE_EBT_STP_H
#define __LINUX_BRIDGE_EBT_STP_H
 
#define EBT_STP_TYPE 0x0001
 
#define EBT_STP_FLAGS 0x0002
#define EBT_STP_ROOTPRIO 0x0004
#define EBT_STP_ROOTADDR 0x0008
#define EBT_STP_ROOTCOST 0x0010
#define EBT_STP_SENDERPRIO 0x0020
#define EBT_STP_SENDERADDR 0x0040
#define EBT_STP_PORT 0x0080
#define EBT_STP_MSGAGE 0x0100
#define EBT_STP_MAXAGE 0x0200
#define EBT_STP_HELLOTIME 0x0400
#define EBT_STP_FWDD 0x0800
 
#define EBT_STP_MASK 0x0fff
#define EBT_STP_CONFIG_MASK 0x0ffe
 
#define EBT_STP_MATCH "stp"
 
struct ebt_stp_config_info
{
uint8_t flags;
uint16_t root_priol, root_priou;
char root_addr[6], root_addrmsk[6];
uint32_t root_costl, root_costu;
uint16_t sender_priol, sender_priou;
char sender_addr[6], sender_addrmsk[6];
uint16_t portl, portu;
uint16_t msg_agel, msg_ageu;
uint16_t max_agel, max_ageu;
uint16_t hello_timel, hello_timeu;
uint16_t forward_delayl, forward_delayu;
};
 
struct ebt_stp_info
{
uint8_t type;
struct ebt_stp_config_info config;
uint16_t bitmask;
uint16_t invflags;
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebtables.h
0,0 → 1,363
/*
* ebtables
*
* Authors:
* Bart De Schuymer <bdschuym@pandora.be>
*
* ebtables.c,v 2.0, April, 2002
*
* This code is stongly inspired on the iptables code which is
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
*/
 
#ifndef __LINUX_BRIDGE_EFF_H
#define __LINUX_BRIDGE_EFF_H
#include <linux/if.h>
#include <linux/netfilter_bridge.h>
#include <linux/if_ether.h>
 
#define EBT_TABLE_MAXNAMELEN 32
#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
 
/* verdicts >0 are "branches" */
#define EBT_ACCEPT -1
#define EBT_DROP -2
#define EBT_CONTINUE -3
#define EBT_RETURN -4
#define NUM_STANDARD_TARGETS 4
 
struct ebt_counter
{
uint64_t pcnt;
uint64_t bcnt;
};
 
struct ebt_replace
{
char name[EBT_TABLE_MAXNAMELEN];
unsigned int valid_hooks;
/* nr of rules in the table */
unsigned int nentries;
/* total size of the entries */
unsigned int entries_size;
/* start of the chains */
struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
/* nr of counters userspace expects back */
unsigned int num_counters;
/* where the kernel will put the old counters */
struct ebt_counter *counters;
char *entries;
};
 
struct ebt_entries {
/* this field is always set to zero
* See EBT_ENTRY_OR_ENTRIES.
* Must be same size as ebt_entry.bitmask */
unsigned int distinguisher;
/* the chain name */
char name[EBT_CHAIN_MAXNAMELEN];
/* counter offset for this chain */
unsigned int counter_offset;
/* one standard (accept, drop, return) per hook */
int policy;
/* nr. of entries */
unsigned int nentries;
/* entry list */
char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
 
/* used for the bitmask of struct ebt_entry */
 
/* This is a hack to make a difference between an ebt_entry struct and an
* ebt_entries struct when traversing the entries from start to end.
* Using this simplifies the code alot, while still being able to use
* ebt_entries.
* Contrary, iptables doesn't use something like ebt_entries and therefore uses
* different techniques for naming the policy and such. So, iptables doesn't
* need a hack like this.
*/
#define EBT_ENTRY_OR_ENTRIES 0x01
/* these are the normal masks */
#define EBT_NOPROTO 0x02
#define EBT_802_3 0x04
#define EBT_SOURCEMAC 0x08
#define EBT_DESTMAC 0x10
#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
| EBT_ENTRY_OR_ENTRIES)
 
#define EBT_IPROTO 0x01
#define EBT_IIN 0x02
#define EBT_IOUT 0x04
#define EBT_ISOURCE 0x8
#define EBT_IDEST 0x10
#define EBT_ILOGICALIN 0x20
#define EBT_ILOGICALOUT 0x40
#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
| EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
 
struct ebt_entry_match
{
union {
char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_match *match;
} u;
/* size of data */
unsigned int match_size;
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
 
struct ebt_entry_watcher
{
union {
char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_watcher *watcher;
} u;
/* size of data */
unsigned int watcher_size;
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
 
struct ebt_entry_target
{
union {
char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_target *target;
} u;
/* size of data */
unsigned int target_size;
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
 
#define EBT_STANDARD_TARGET "standard"
struct ebt_standard_target
{
struct ebt_entry_target target;
int verdict;
};
 
/* one entry */
struct ebt_entry {
/* this needs to be the first field */
unsigned int bitmask;
unsigned int invflags;
uint16_t ethproto;
/* the physical in-dev */
char in[IFNAMSIZ];
/* the logical in-dev */
char logical_in[IFNAMSIZ];
/* the physical out-dev */
char out[IFNAMSIZ];
/* the logical out-dev */
char logical_out[IFNAMSIZ];
unsigned char sourcemac[ETH_ALEN];
unsigned char sourcemsk[ETH_ALEN];
unsigned char destmac[ETH_ALEN];
unsigned char destmsk[ETH_ALEN];
/* sizeof ebt_entry + matches */
unsigned int watchers_offset;
/* sizeof ebt_entry + matches + watchers */
unsigned int target_offset;
/* sizeof ebt_entry + matches + watchers + target */
unsigned int next_offset;
unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
 
/* {g,s}etsockopt numbers */
#define EBT_BASE_CTL 128
 
#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
 
#define EBT_SO_GET_INFO (EBT_BASE_CTL)
#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
 
#ifdef __KERNEL__
 
/* return values for match() functions */
#define EBT_MATCH 0
#define EBT_NOMATCH 1
 
struct ebt_match
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
/* 0 == it matches */
int (*match)(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *matchdata,
unsigned int datalen);
/* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *matchdata, unsigned int datalen);
void (*destroy)(void *matchdata, unsigned int datalen);
struct module *me;
};
 
struct ebt_watcher
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
void (*watcher)(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *watcherdata,
unsigned int datalen);
/* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
void (*destroy)(void *watcherdata, unsigned int datalen);
struct module *me;
};
 
struct ebt_target
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
/* returns one of the standard verdicts */
int (*target)(struct sk_buff **pskb, unsigned int hooknr,
const struct net_device *in, const struct net_device *out,
const void *targetdata, unsigned int datalen);
/* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *targetdata, unsigned int datalen);
void (*destroy)(void *targetdata, unsigned int datalen);
struct module *me;
};
 
/* used for jumping from and into user defined chains (udc) */
struct ebt_chainstack
{
struct ebt_entries *chaininfo; /* pointer to chain data */
struct ebt_entry *e; /* pointer to entry data */
unsigned int n; /* n'th entry */
};
 
struct ebt_table_info
{
/* total size of the entries */
unsigned int entries_size;
unsigned int nentries;
/* pointers to the start of the chains */
struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
/* room to maintain the stack used for jumping from and into udc */
struct ebt_chainstack **chainstack;
char *entries;
struct ebt_counter counters[0] ____cacheline_aligned;
};
 
struct ebt_table
{
struct list_head list;
char name[EBT_TABLE_MAXNAMELEN];
struct ebt_replace *table;
unsigned int valid_hooks;
rwlock_t lock;
/* e.g. could be the table explicitly only allows certain
* matches, targets, ... 0 == let it in */
int (*check)(const struct ebt_table_info *info,
unsigned int valid_hooks);
/* the data used by the kernel */
struct ebt_table_info *private;
struct module *me;
};
 
#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \
~(__alignof__(struct ebt_replace)-1))
extern int ebt_register_table(struct ebt_table *table);
extern void ebt_unregister_table(struct ebt_table *table);
extern int ebt_register_match(struct ebt_match *match);
extern void ebt_unregister_match(struct ebt_match *match);
extern int ebt_register_watcher(struct ebt_watcher *watcher);
extern void ebt_unregister_watcher(struct ebt_watcher *watcher);
extern int ebt_register_target(struct ebt_target *target);
extern void ebt_unregister_target(struct ebt_target *target);
extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
struct ebt_table *table);
 
/* Used in the kernel match() functions */
#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))
/* True if the hook mask denotes that the rule is in a base chain,
* used in the check() functions */
#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS))
/* Clear the bit in the hook mask that tells if the rule is on a base chain */
#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS))
/* True if the target is not a standard target */
#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)
 
#endif /* __KERNEL__ */
 
/* blatently stolen from ip_tables.h
* fn returns 0 to continue iteration */
#define EBT_MATCH_ITERATE(e, fn, args...) \
({ \
unsigned int __i; \
int __ret = 0; \
struct ebt_entry_match *__match; \
\
for (__i = sizeof(struct ebt_entry); \
__i < (e)->watchers_offset; \
__i += __match->match_size + \
sizeof(struct ebt_entry_match)) { \
__match = (void *)(e) + __i; \
\
__ret = fn(__match , ## args); \
if (__ret != 0) \
break; \
} \
if (__ret == 0) { \
if (__i != (e)->watchers_offset) \
__ret = -EINVAL; \
} \
__ret; \
})
 
#define EBT_WATCHER_ITERATE(e, fn, args...) \
({ \
unsigned int __i; \
int __ret = 0; \
struct ebt_entry_watcher *__watcher; \
\
for (__i = e->watchers_offset; \
__i < (e)->target_offset; \
__i += __watcher->watcher_size + \
sizeof(struct ebt_entry_watcher)) { \
__watcher = (void *)(e) + __i; \
\
__ret = fn(__watcher , ## args); \
if (__ret != 0) \
break; \
} \
if (__ret == 0) { \
if (__i != (e)->target_offset) \
__ret = -EINVAL; \
} \
__ret; \
})
 
#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
({ \
unsigned int __i; \
int __ret = 0; \
struct ebt_entry *__entry; \
\
for (__i = 0; __i < (size);) { \
__entry = (void *)(entries) + __i; \
__ret = fn(__entry , ## args); \
if (__ret != 0) \
break; \
if (__entry->bitmask != 0) \
__i += __entry->next_offset; \
else \
__i += sizeof(struct ebt_entries); \
} \
if (__ret == 0) { \
if (__i != (size)) \
__ret = -EINVAL; \
} \
__ret; \
})
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_ip.h
0,0 → 1,43
/*
* ebt_ip
*
* Authors:
* Bart De Schuymer <bart.de.schuymer@pandora.be>
*
* April, 2002
*
* Changes:
* added ip-sport and ip-dport
* Innominate Security Technologies AG <mhopf@innominate.com>
* September, 2002
*/
 
#ifndef __LINUX_BRIDGE_EBT_IP_H
#define __LINUX_BRIDGE_EBT_IP_H
 
#define EBT_IP_SOURCE 0x01
#define EBT_IP_DEST 0x02
#define EBT_IP_TOS 0x04
#define EBT_IP_PROTO 0x08
#define EBT_IP_SPORT 0x10
#define EBT_IP_DPORT 0x20
#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
EBT_IP_SPORT | EBT_IP_DPORT )
#define EBT_IP_MATCH "ip"
 
/* the same values are used for the invflags */
struct ebt_ip_info
{
uint32_t saddr;
uint32_t daddr;
uint32_t smsk;
uint32_t dmsk;
uint8_t tos;
uint8_t protocol;
uint8_t bitmask;
uint8_t invflags;
uint16_t sport[2];
uint16_t dport[2];
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_802_3.h
0,0 → 1,60
#ifndef __LINUX_BRIDGE_EBT_802_3_H
#define __LINUX_BRIDGE_EBT_802_3_H
 
#define EBT_802_3_SAP 0x01
#define EBT_802_3_TYPE 0x02
 
#define EBT_802_3_MATCH "802_3"
 
/*
* If frame has DSAP/SSAP value 0xaa you must check the SNAP type
* to discover what kind of packet we're carrying.
*/
#define CHECK_TYPE 0xaa
 
/*
* Control field may be one or two bytes. If the first byte has
* the value 0x03 then the entire length is one byte, otherwise it is two.
* One byte controls are used in Unnumbered Information frames.
* Two byte controls are used in Numbered Information frames.
*/
#define IS_UI 0x03
 
#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
 
/* ui has one byte ctrl, ni has two */
struct hdr_ui {
uint8_t dsap;
uint8_t ssap;
uint8_t ctrl;
uint8_t orig[3];
uint16_t type;
};
 
struct hdr_ni {
uint8_t dsap;
uint8_t ssap;
uint16_t ctrl;
uint8_t orig[3];
uint16_t type;
};
 
struct ebt_802_3_hdr {
uint8_t daddr[6];
uint8_t saddr[6];
uint16_t len;
union {
struct hdr_ui ui;
struct hdr_ni ni;
} llc;
};
 
struct ebt_802_3_info
{
uint8_t sap;
uint16_t type;
uint8_t bitmask;
uint8_t invflags;
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_mark_t.h
0,0 → 1,12
#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
#define __LINUX_BRIDGE_EBT_MARK_T_H
 
struct ebt_mark_t_info
{
unsigned long mark;
/* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_MARK_TARGET "mark"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_arpreply.h
0,0 → 1,11
#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
#define __LINUX_BRIDGE_EBT_ARPREPLY_H
 
struct ebt_arpreply_info
{
unsigned char mac[ETH_ALEN];
int target;
};
#define EBT_ARPREPLY_TARGET "arpreply"
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_bridge/ebt_limit.h
0,0 → 1,23
#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
#define __LINUX_BRIDGE_EBT_LIMIT_H
 
#define EBT_LIMIT_MATCH "limit"
 
/* timings are in milliseconds. */
#define EBT_LIMIT_SCALE 10000
 
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
 
struct ebt_limit_info
{
u_int32_t avg; /* Average secs between packets * scale */
u_int32_t burst; /* Period multiplier for upper limit. */
 
/* Used internally by the kernel */
unsigned long prev;
u_int32_t credit;
u_int32_t credit_cap, cost;
};
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_esp.h
0,0 → 1,23
#ifndef _IP6T_ESP_H
#define _IP6T_ESP_H
 
struct ip6t_esp
{
u_int32_t spis[2]; /* Security Parameter Index */
u_int8_t invflags; /* Inverse flags */
};
 
#define MASK_HOPOPTS 128
#define MASK_DSTOPTS 64
#define MASK_ROUTING 32
#define MASK_FRAGMENT 16
#define MASK_AH 8
#define MASK_ESP 4
#define MASK_NONE 2
#define MASK_PROTO 1
 
/* Values for "invflags" field in struct ip6t_esp. */
#define IP6T_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
#define IP6T_ESP_INV_MASK 0x01 /* All possible flags. */
 
#endif /*_IP6T_ESP_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_ah.h
0,0 → 1,30
#ifndef _IP6T_AH_H
#define _IP6T_AH_H
 
struct ip6t_ah
{
u_int32_t spis[2]; /* Security Parameter Index */
u_int32_t hdrlen; /* Header Length */
u_int8_t hdrres; /* Test of the Reserved Filed */
u_int8_t invflags; /* Inverse flags */
};
 
#define IP6T_AH_SPI 0x01
#define IP6T_AH_LEN 0x02
#define IP6T_AH_RES 0x04
 
/* Values for "invflags" field in struct ip6t_ah. */
#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */
#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */
#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */
 
#define MASK_HOPOPTS 128
#define MASK_DSTOPTS 64
#define MASK_ROUTING 32
#define MASK_FRAGMENT 16
#define MASK_AH 8
#define MASK_ESP 4
#define MASK_NONE 2
#define MASK_PROTO 1
 
#endif /*_IP6T_AH_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_mark.h
0,0 → 1,9
#ifndef _IP6T_MARK_H
#define _IP6T_MARK_H
 
struct ip6t_mark_info {
unsigned long mark, mask;
u_int8_t invert;
};
 
#endif /*_IPT_MARK_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_owner.h
0,0 → 1,18
#ifndef _IP6T_OWNER_H
#define _IP6T_OWNER_H
 
/* match and invert flags */
#define IP6T_OWNER_UID 0x01
#define IP6T_OWNER_GID 0x02
#define IP6T_OWNER_PID 0x04
#define IP6T_OWNER_SID 0x08
 
struct ip6t_owner_info {
uid_t uid;
gid_t gid;
pid_t pid;
pid_t sid;
u_int8_t match, invert; /* flags */
};
 
#endif /*_IPT_OWNER_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_MARK.h
0,0 → 1,8
#ifndef _IP6T_MARK_H_target
#define _IP6T_MARK_H_target
 
struct ip6t_mark_target_info {
unsigned long mark;
};
 
#endif /*_IPT_MARK_H_target*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_ipv6header.h
0,0 → 1,27
/* ipv6header match - matches IPv6 packets based
on whether they contain certain headers */
 
/* Original idea: Brad Chapman
* Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
 
 
#ifndef __IPV6HEADER_H
#define __IPV6HEADER_H
 
struct ip6t_ipv6header_info
{
u_int8_t matchflags;
u_int8_t invflags;
u_int8_t modeflag;
};
 
#define MASK_HOPOPTS 128
#define MASK_DSTOPTS 64
#define MASK_ROUTING 32
#define MASK_FRAGMENT 16
#define MASK_AH 8
#define MASK_ESP 4
#define MASK_NONE 2
#define MASK_PROTO 1
 
#endif /* __IPV6HEADER_H */
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_multiport.h
0,0 → 1,21
#ifndef _IP6T_MULTIPORT_H
#define _IP6T_MULTIPORT_H
#include <linux/netfilter_ipv6/ip6_tables.h>
 
enum ip6t_multiport_flags
{
IP6T_MULTIPORT_SOURCE,
IP6T_MULTIPORT_DESTINATION,
IP6T_MULTIPORT_EITHER
};
 
#define IP6T_MULTI_PORTS 15
 
/* Must fit inside union ip6t_matchinfo: 16 bytes */
struct ip6t_multiport
{
u_int8_t flags; /* Type of comparison */
u_int8_t count; /* Number of ports */
u_int16_t ports[IP6T_MULTI_PORTS]; /* Ports */
};
#endif /*_IPT_MULTIPORT_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_mac.h
0,0 → 1,8
#ifndef _IP6T_MAC_H
#define _IP6T_MAC_H
 
struct ip6t_mac_info {
unsigned char srcaddr[ETH_ALEN];
int invert;
};
#endif /*_IPT_MAC_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_hl.h
0,0 → 1,22
/* ip6tables module for matching the Hop Limit value
* Maciej Soltysiak <solt@dns.toxicfilms.tv>
* Based on HW's ttl module */
 
#ifndef _IP6T_HL_H
#define _IP6T_HL_H
 
enum {
IP6T_HL_EQ = 0, /* equals */
IP6T_HL_NE, /* not equals */
IP6T_HL_LT, /* less than */
IP6T_HL_GT, /* greater than */
};
 
 
struct ip6t_hl_info {
u_int8_t mode;
u_int8_t hop_limit;
};
 
 
#endif
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_REJECT.h
0,0 → 1,16
#ifndef _IP6T_REJECT_H
#define _IP6T_REJECT_H
 
enum ip6t_reject_with {
IP6T_ICMP_NET_UNREACHABLE,
IP6T_ICMP_HOST_UNREACHABLE,
IP6T_ICMP_PROT_UNREACHABLE,
IP6T_ICMP_PORT_UNREACHABLE,
IP6T_ICMP_ECHOREPLY
};
 
struct ip6t_reject_info {
enum ip6t_reject_with with; /* reject type */
};
 
#endif /*_IPT_REJECT_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_limit.h
0,0 → 1,21
#ifndef _IP6T_RATE_H
#define _IP6T_RATE_H
 
/* timings are in milliseconds. */
#define IP6T_LIMIT_SCALE 10000
 
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
struct ip6t_rateinfo {
u_int32_t avg; /* Average secs between packets * scale */
u_int32_t burst; /* Period multiplier for upper limit. */
 
/* Used internally by the kernel */
unsigned long prev;
u_int32_t credit;
u_int32_t credit_cap, cost;
 
/* Ugly, ugly fucker. */
struct ip6t_rateinfo *master;
};
#endif /*_IPT_RATE_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_frag.h
0,0 → 1,33
#ifndef _IP6T_FRAG_H
#define _IP6T_FRAG_H
 
struct ip6t_frag
{
u_int32_t ids[2]; /* Security Parameter Index */
u_int32_t hdrlen; /* Header Length */
u_int8_t flags; /* */
u_int8_t invflags; /* Inverse flags */
};
 
#define IP6T_FRAG_IDS 0x01
#define IP6T_FRAG_LEN 0x02
#define IP6T_FRAG_RES 0x04
#define IP6T_FRAG_FST 0x08
#define IP6T_FRAG_MF 0x10
#define IP6T_FRAG_NMF 0x20
 
/* Values for "invflags" field in struct ip6t_frag. */
#define IP6T_FRAG_INV_IDS 0x01 /* Invert the sense of ids. */
#define IP6T_FRAG_INV_LEN 0x02 /* Invert the sense of length. */
#define IP6T_FRAG_INV_MASK 0x03 /* All possible flags. */
 
#define MASK_HOPOPTS 128
#define MASK_DSTOPTS 64
#define MASK_ROUTING 32
#define MASK_FRAGMENT 16
#define MASK_AH 8
#define MASK_ESP 4
#define MASK_NONE 2
#define MASK_PROTO 1
 
#endif /*_IP6T_FRAG_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_LOG.h
0,0 → 1,15
#ifndef _IP6T_LOG_H
#define _IP6T_LOG_H
 
#define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */
#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
#define IP6T_LOG_MASK 0x07
 
struct ip6t_log_info {
unsigned char level;
unsigned char logflags;
char prefix[30];
};
 
#endif /*_IPT_LOG_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_length.h
0,0 → 1,10
#ifndef _IP6T_LENGTH_H
#define _IP6T_LENGTH_H
 
struct ip6t_length_info {
u_int16_t min, max;
u_int8_t invert;
};
 
#endif /*_IP6T_LENGTH_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_rt.h
0,0 → 1,42
#ifndef _IP6T_RT_H
#define _IP6T_RT_H
 
/*#include <linux/in6.h>*/
 
#define IP6T_RT_HOPS 16
 
struct ip6t_rt
{
u_int32_t rt_type; /* Routing Type */
u_int32_t segsleft[2]; /* Segments Left */
u_int32_t hdrlen; /* Header Length */
u_int8_t flags; /* */
u_int8_t invflags; /* Inverse flags */
struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */
u_int8_t addrnr; /* Nr of Addresses */
};
 
#define IP6T_RT_TYP 0x01
#define IP6T_RT_SGS 0x02
#define IP6T_RT_LEN 0x04
#define IP6T_RT_RES 0x08
#define IP6T_RT_FST_MASK 0x30
#define IP6T_RT_FST 0x10
#define IP6T_RT_FST_NSTRICT 0x20
 
/* Values for "invflags" field in struct ip6t_rt. */
#define IP6T_RT_INV_TYP 0x01 /* Invert the sense of type. */
#define IP6T_RT_INV_SGS 0x02 /* Invert the sense of Segments. */
#define IP6T_RT_INV_LEN 0x04 /* Invert the sense of length. */
#define IP6T_RT_INV_MASK 0x07 /* All possible flags. */
 
#define MASK_HOPOPTS 128
#define MASK_DSTOPTS 64
#define MASK_ROUTING 32
#define MASK_FRAGMENT 16
#define MASK_AH 8
#define MASK_ESP 4
#define MASK_NONE 2
#define MASK_PROTO 1
 
#endif /*_IP6T_RT_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6t_opts.h
0,0 → 1,32
#ifndef _IP6T_OPTS_H
#define _IP6T_OPTS_H
 
#define IP6T_OPTS_OPTSNR 16
 
struct ip6t_opts
{
u_int32_t hdrlen; /* Header Length */
u_int8_t flags; /* */
u_int8_t invflags; /* Inverse flags */
u_int16_t opts[IP6T_OPTS_OPTSNR]; /* opts */
u_int8_t optsnr; /* Nr of OPts */
};
 
#define IP6T_OPTS_LEN 0x01
#define IP6T_OPTS_OPTS 0x02
#define IP6T_OPTS_NSTRICT 0x04
 
/* Values for "invflags" field in struct ip6t_rt. */
#define IP6T_OPTS_INV_LEN 0x01 /* Invert the sense of length. */
#define IP6T_OPTS_INV_MASK 0x01 /* All possible flags. */
 
#define MASK_HOPOPTS 128
#define MASK_DSTOPTS 64
#define MASK_ROUTING 32
#define MASK_FRAGMENT 16
#define MASK_AH 8
#define MASK_ESP 4
#define MASK_NONE 2
#define MASK_PROTO 1
 
#endif /*_IP6T_OPTS_H*/
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv6/ip6_tables.h
0,0 → 1,458
/*
* 25-Jul-1998 Major changes to allow for ip chain table
*
* 3-Jan-2000 Named tables to allow packet selection for different uses.
*/
 
/*
* Format of an IP6 firewall descriptor
*
* src, dst, src_mask, dst_mask are always stored in network byte order.
* flags are stored in host byte order (of course).
* Port numbers are stored in HOST byte order.
*/
 
#ifndef _IP6_TABLES_H
#define _IP6_TABLES_H
 
#ifdef __KERNEL__
#include <linux/if.h>
#include <linux/types.h>
#include <linux/in6.h>
#include <linux/ipv6.h>
#include <linux/skbuff.h>
#endif
#include <linux/netfilter_ipv6.h>
 
#define IP6T_FUNCTION_MAXNAMELEN 30
#define IP6T_TABLE_MAXNAMELEN 32
 
/* Yes, Virginia, you have to zero the padding. */
struct ip6t_ip6 {
/* Source and destination IP6 addr */
struct in6_addr src, dst;
/* Mask for src and dest IP6 addr */
struct in6_addr smsk, dmsk;
char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
 
/* ARGH, HopByHop uses 0, so can't do 0 = ANY,
instead IP6T_F_NOPROTO must be set */
u_int16_t proto;
/* TOS to match iff flags & IP6T_F_TOS */
u_int8_t tos;
 
/* Flags word */
u_int8_t flags;
/* Inverse flags */
u_int8_t invflags;
};
 
/* FIXME: If alignment in kernel different from userspace? --RR */
struct ip6t_entry_match
{
union {
struct {
u_int16_t match_size;
 
/* Used by userspace */
char name[IP6T_FUNCTION_MAXNAMELEN];
} user;
struct {
u_int16_t match_size;
 
/* Used inside the kernel */
struct ip6t_match *match;
} kernel;
 
/* Total length */
u_int16_t match_size;
} u;
 
unsigned char data[0];
};
 
struct ip6t_entry_target
{
union {
struct {
u_int16_t target_size;
 
/* Used by userspace */
char name[IP6T_FUNCTION_MAXNAMELEN];
} user;
struct {
u_int16_t target_size;
 
/* Used inside the kernel */
struct ip6t_target *target;
} kernel;
 
/* Total length */
u_int16_t target_size;
} u;
 
unsigned char data[0];
};
 
struct ip6t_standard_target
{
struct ip6t_entry_target target;
int verdict;
};
 
struct ip6t_counters
{
u_int64_t pcnt, bcnt; /* Packet and byte counters */
};
 
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
protocols */
#define IP6T_F_TOS 0x02 /* Match the TOS. */
#define IP6T_F_MASK 0x03 /* All possible flag bits mask. */
 
/* Values for "inv" field in struct ip6t_ip6. */
#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */
#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
#define IP6T_INV_PROTO 0x40 /* Invert the sense of PROTO. */
#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
 
/* This structure defines each of the firewall rules. Consists of 3
parts which are 1) general IP header stuff 2) match specific
stuff 3) the target to perform if the rule matches */
struct ip6t_entry
{
struct ip6t_ip6 ipv6;
 
/* Mark with fields that we care about. */
unsigned int nfcache;
 
/* Size of ipt_entry + matches */
u_int16_t target_offset;
/* Size of ipt_entry + matches + target */
u_int16_t next_offset;
 
/* Back pointer */
unsigned int comefrom;
 
/* Packet and byte counters. */
struct ip6t_counters counters;
 
/* The matches (if any), then the target. */
unsigned char elems[0];
};
 
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use
* a raw socket for this. Instead we check rights in the calls. */
#define IP6T_BASE_CTL 64 /* base for firewall socket options */
 
#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
 
#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
#define IP6T_SO_GET_MAX IP6T_SO_GET_ENTRIES
 
/* CONTINUE verdict for targets */
#define IP6T_CONTINUE 0xFFFFFFFF
 
/* For standard target */
#define IP6T_RETURN (-NF_MAX_VERDICT - 1)
 
/* TCP matching stuff */
struct ip6t_tcp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t option; /* TCP Option iff non-zero*/
u_int8_t flg_mask; /* TCP flags mask byte */
u_int8_t flg_cmp; /* TCP flags compare byte */
u_int8_t invflags; /* Inverse flags */
};
 
/* Values for "inv" field in struct ipt_tcp. */
#define IP6T_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define IP6T_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define IP6T_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
#define IP6T_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
#define IP6T_TCP_INV_MASK 0x0F /* All possible flags. */
 
/* UDP matching stuff */
struct ip6t_udp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t invflags; /* Inverse flags */
};
 
/* Values for "invflags" field in struct ipt_udp. */
#define IP6T_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define IP6T_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define IP6T_UDP_INV_MASK 0x03 /* All possible flags. */
 
/* ICMP matching stuff */
struct ip6t_icmp
{
u_int8_t type; /* type to match */
u_int8_t code[2]; /* range of code */
u_int8_t invflags; /* Inverse flags */
};
 
/* Values for "inv" field for struct ipt_icmp. */
#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
 
/* The argument to IP6T_SO_GET_INFO */
struct ip6t_getinfo
{
/* Which table: caller fills this in. */
char name[IP6T_TABLE_MAXNAMELEN];
 
/* Kernel fills these in. */
/* Which hook entry points are valid: bitmask */
unsigned int valid_hooks;
 
/* Hook entry points: one per netfilter hook. */
unsigned int hook_entry[NF_IP6_NUMHOOKS];
 
/* Underflow points. */
unsigned int underflow[NF_IP6_NUMHOOKS];
 
/* Number of entries */
unsigned int num_entries;
 
/* Size of entries. */
unsigned int size;
};
 
/* The argument to IP6T_SO_SET_REPLACE. */
struct ip6t_replace
{
/* Which table. */
char name[IP6T_TABLE_MAXNAMELEN];
 
/* Which hook entry points are valid: bitmask. You can't
change this. */
unsigned int valid_hooks;
 
/* Number of entries */
unsigned int num_entries;
 
/* Total size of new entries */
unsigned int size;
 
/* Hook entry points. */
unsigned int hook_entry[NF_IP6_NUMHOOKS];
 
/* Underflow points. */
unsigned int underflow[NF_IP6_NUMHOOKS];
 
/* Information about old entries: */
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
struct ip6t_counters *counters;
 
/* The entries (hang off end: not really an array). */
struct ip6t_entry entries[0];
};
 
/* The argument to IP6T_SO_ADD_COUNTERS. */
struct ip6t_counters_info
{
/* Which table. */
char name[IP6T_TABLE_MAXNAMELEN];
 
unsigned int num_counters;
 
/* The counters (actually `number' of these). */
struct ip6t_counters counters[0];
};
 
/* The argument to IP6T_SO_GET_ENTRIES. */
struct ip6t_get_entries
{
/* Which table: user fills this in. */
char name[IP6T_TABLE_MAXNAMELEN];
 
/* User fills this in: total entry size. */
unsigned int size;
 
/* The entries. */
struct ip6t_entry entrytable[0];
};
 
/* Standard return verdict, or do jump. */
#define IP6T_STANDARD_TARGET ""
/* Error verdict. */
#define IP6T_ERROR_TARGET "ERROR"
 
/* Helper functions */
static __inline__ struct ip6t_entry_target *
ip6t_get_target(struct ip6t_entry *e)
{
return (void *)e + e->target_offset;
}
 
/* fn returns 0 to continue iteration */
#define IP6T_MATCH_ITERATE(e, fn, args...) \
({ \
unsigned int __i; \
int __ret = 0; \
struct ip6t_entry_match *__m; \
\
for (__i = sizeof(struct ip6t_entry); \
__i < (e)->target_offset; \
__i += __m->u.match_size) { \
__m = (void *)(e) + __i; \
\
__ret = fn(__m , ## args); \
if (__ret != 0) \
break; \
} \
__ret; \
})
 
/* fn returns 0 to continue iteration */
#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
({ \
unsigned int __i; \
int __ret = 0; \
struct ip6t_entry *__e; \
\
for (__i = 0; __i < (size); __i += __e->next_offset) { \
__e = (void *)(entries) + __i; \
\
__ret = fn(__e , ## args); \
if (__ret != 0) \
break; \
} \
__ret; \
})
 
/*
* Main firewall chains definitions and global var's definitions.
*/
 
#ifdef __KERNEL__
 
#include <linux/init.h>
extern void ip6t_init(void) __init;
 
struct ip6t_match
{
struct list_head list;
 
const char name[IP6T_FUNCTION_MAXNAMELEN];
 
/* Return true or false: return FALSE and set *hotdrop = 1 to
force immediate packet drop. */
int (*match)(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo,
int offset,
const void *hdr,
u_int16_t datalen,
int *hotdrop);
 
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask);
 
/* Called when entry of this type deleted. */
void (*destroy)(void *matchinfo, unsigned int matchinfosize);
 
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
 
/* Registration hooks for targets. */
struct ip6t_target
{
struct list_head list;
 
const char name[IP6T_FUNCTION_MAXNAMELEN];
 
/* Returns verdict. */
unsigned int (*target)(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const void *targinfo,
void *userdata);
 
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask);
 
/* Called when entry of this type deleted. */
void (*destroy)(void *targinfo, unsigned int targinfosize);
 
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
 
extern int ip6t_register_target(struct ip6t_target *target);
extern void ip6t_unregister_target(struct ip6t_target *target);
 
extern int ip6t_register_match(struct ip6t_match *match);
extern void ip6t_unregister_match(struct ip6t_match *match);
 
/* Furniture shopping... */
struct ip6t_table
{
struct list_head list;
 
/* A unique name... */
char name[IP6T_TABLE_MAXNAMELEN];
 
/* Seed table: copied in register_table */
struct ip6t_replace *table;
 
/* What hooks you will enter on */
unsigned int valid_hooks;
 
/* Lock for the curtain */
rwlock_t lock;
 
/* Man behind the curtain... */
struct ip6t_table_info *private;
 
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
 
extern int ip6t_register_table(struct ip6t_table *table);
extern void ip6t_unregister_table(struct ip6t_table *table);
extern unsigned int ip6t_do_table(struct sk_buff **pskb,
unsigned int hook,
const struct net_device *in,
const struct net_device *out,
struct ip6t_table *table,
void *userdata);
 
/* Check for an extension */
extern int ip6t_ext_hdr(u8 nexthdr);
 
#define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1))
 
#endif /*__KERNEL__*/
#endif /* _IP6_TABLES_H */