1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 #ifndef _UAPI_X_TABLES_H
3 #define _UAPI_X_TABLES_H
4 #include <linux/kernel.h>
5 #include <linux/types.h>
6
7 #define XT_FUNCTION_MAXNAMELEN 30
8 #define XT_EXTENSION_MAXNAMELEN 29
9 #define XT_TABLE_MAXNAMELEN 32
10
11 struct xt_entry_match {
12 union {
13 struct {
14 __u16 match_size;
15
16 /* Used by userspace */
17 char name[XT_EXTENSION_MAXNAMELEN];
18 __u8 revision;
19 } user;
20 struct {
21 __u16 match_size;
22
23 /* Used inside the kernel */
24 struct xt_match *match;
25 } kernel;
26
27 /* Total length */
28 __u16 match_size;
29 } u;
30
31 unsigned char data[0];
32 };
33
34 struct xt_entry_target {
35 union {
36 struct {
37 __u16 target_size;
38
39 /* Used by userspace */
40 char name[XT_EXTENSION_MAXNAMELEN];
41 __u8 revision;
42 } user;
43 struct {
44 __u16 target_size;
45
46 /* Used inside the kernel */
47 struct xt_target *target;
48 } kernel;
49
50 /* Total length */
51 __u16 target_size;
52 } u;
53
54 unsigned char data[0];
55 };
56
57 #define XT_TARGET_INIT(__name, __size) \
58 { \
59 .target.u.user = { \
60 .target_size = XT_ALIGN(__size), \
61 .name = __name, \
62 }, \
63 }
64
65 struct xt_standard_target {
66 struct xt_entry_target target;
67 int verdict;
68 };
69
70 struct xt_error_target {
71 struct xt_entry_target target;
72 char errorname[XT_FUNCTION_MAXNAMELEN];
73 };
74
75 /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
76 * kernel supports, if >= revision. */
77 struct xt_get_revision {
78 char name[XT_EXTENSION_MAXNAMELEN];
79 __u8 revision;
80 };
81
82 /* CONTINUE verdict for targets */
83 #define XT_CONTINUE 0xFFFFFFFF
84
85 /* For standard target */
86 #define XT_RETURN (-NF_REPEAT - 1)
87
88 /* this is a dummy structure to find out the alignment requirement for a struct
89 * containing all the fundamental data types that are used in ipt_entry,
90 * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
91 * personal pleasure to remove it -HW
92 */
93 struct _xt_align {
94 __u8 u8;
95 __u16 u16;
96 __u32 u32;
97 __u64 u64;
98 };
99
100 #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
101
102 /* Standard return verdict, or do jump. */
103 #define XT_STANDARD_TARGET ""
104 /* Error verdict. */
105 #define XT_ERROR_TARGET "ERROR"
106
107 #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
108 #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
109
110 struct xt_counters {
111 __u64 pcnt, bcnt; /* Packet and byte counters */
112 };
113
114 /* The argument to IPT_SO_ADD_COUNTERS. */
115 struct xt_counters_info {
116 /* Which table. */
117 char name[XT_TABLE_MAXNAMELEN];
118
119 unsigned int num_counters;
120
121 /* The counters (actually `number' of these). */
122 struct xt_counters counters[0];
123 };
124
125 #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
126
127 #ifndef __KERNEL__
128 /* fn returns 0 to continue iteration */
129 #define XT_MATCH_ITERATE(type, e, fn, args...) \
130 ({ \
131 unsigned int __i; \
132 int __ret = 0; \
133 struct xt_entry_match *__m; \
134 \
135 for (__i = sizeof(type); \
136 __i < (e)->target_offset; \
137 __i += __m->u.match_size) { \
138 __m = (void *)e + __i; \
139 \
140 __ret = fn(__m , ## args); \
141 if (__ret != 0) \
142 break; \
143 } \
144 __ret; \
145 })
146
147 /* fn returns 0 to continue iteration */
148 #define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
149 ({ \
150 unsigned int __i, __n; \
151 int __ret = 0; \
152 type *__entry; \
153 \
154 for (__i = 0, __n = 0; __i < (size); \
155 __i += __entry->next_offset, __n++) { \
156 __entry = (void *)(entries) + __i; \
157 if (__n < n) \
158 continue; \
159 \
160 __ret = fn(__entry , ## args); \
161 if (__ret != 0) \
162 break; \
163 } \
164 __ret; \
165 })
166
167 /* fn returns 0 to continue iteration */
168 #define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
169 XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
170
171 #endif /* !__KERNEL__ */
172
173 /* pos is normally a struct ipt_entry/ip6t_entry/etc. */
174 #define xt_entry_foreach(pos, ehead, esize) \
175 for ((pos) = (typeof(pos))(ehead); \
176 (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
177 (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
178
179 /* can only be xt_entry_match, so no use of typeof here */
180 #define xt_ematch_foreach(pos, entry) \
181 for ((pos) = (struct xt_entry_match *)entry->elems; \
182 (pos) < (struct xt_entry_match *)((char *)(entry) + \
183 (entry)->target_offset); \
184 (pos) = (struct xt_entry_match *)((char *)(pos) + \
185 (pos)->u.match_size))
186
187
188 #endif /* _UAPI_X_TABLES_H */