URL
https://opencores.org/ocsvn/or1k/or1k/trunk
Subversion Repositories or1k
Compare Revisions
- This comparison shows the changes necessary to convert path
/or1k/tags/LINUX_2_4_26_OR32/linux/linux-2.4/include/linux/netfilter_ipv6
- from Rev 1279 to Rev 1765
- ↔ Reverse comparison
Rev 1279 → Rev 1765
/ip6t_esp.h
0,0 → 1,23
#ifndef _IP6T_ESP_H |
#define _IP6T_ESP_H |
|
struct ip6t_esp |
{ |
u_int32_t spis[2]; /* Security Parameter Index */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
|
#define MASK_HOPOPTS 128 |
#define MASK_DSTOPTS 64 |
#define MASK_ROUTING 32 |
#define MASK_FRAGMENT 16 |
#define MASK_AH 8 |
#define MASK_ESP 4 |
#define MASK_NONE 2 |
#define MASK_PROTO 1 |
|
/* Values for "invflags" field in struct ip6t_esp. */ |
#define IP6T_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ |
#define IP6T_ESP_INV_MASK 0x01 /* All possible flags. */ |
|
#endif /*_IP6T_ESP_H*/ |
/ip6t_ah.h
0,0 → 1,30
#ifndef _IP6T_AH_H |
#define _IP6T_AH_H |
|
struct ip6t_ah |
{ |
u_int32_t spis[2]; /* Security Parameter Index */ |
u_int32_t hdrlen; /* Header Length */ |
u_int8_t hdrres; /* Test of the Reserved Filed */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
|
#define IP6T_AH_SPI 0x01 |
#define IP6T_AH_LEN 0x02 |
#define IP6T_AH_RES 0x04 |
|
/* Values for "invflags" field in struct ip6t_ah. */ |
#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */ |
#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */ |
#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */ |
|
#define MASK_HOPOPTS 128 |
#define MASK_DSTOPTS 64 |
#define MASK_ROUTING 32 |
#define MASK_FRAGMENT 16 |
#define MASK_AH 8 |
#define MASK_ESP 4 |
#define MASK_NONE 2 |
#define MASK_PROTO 1 |
|
#endif /*_IP6T_AH_H*/ |
/ip6t_MARK.h
0,0 → 1,8
#ifndef _IP6T_MARK_H_target |
#define _IP6T_MARK_H_target |
|
struct ip6t_mark_target_info { |
unsigned long mark; |
}; |
|
#endif /*_IPT_MARK_H_target*/ |
/ip6t_owner.h
0,0 → 1,18
#ifndef _IP6T_OWNER_H |
#define _IP6T_OWNER_H |
|
/* match and invert flags */ |
#define IP6T_OWNER_UID 0x01 |
#define IP6T_OWNER_GID 0x02 |
#define IP6T_OWNER_PID 0x04 |
#define IP6T_OWNER_SID 0x08 |
|
struct ip6t_owner_info { |
uid_t uid; |
gid_t gid; |
pid_t pid; |
pid_t sid; |
u_int8_t match, invert; /* flags */ |
}; |
|
#endif /*_IPT_OWNER_H*/ |
/ip6t_mark.h
0,0 → 1,9
#ifndef _IP6T_MARK_H |
#define _IP6T_MARK_H |
|
struct ip6t_mark_info { |
unsigned long mark, mask; |
u_int8_t invert; |
}; |
|
#endif /*_IPT_MARK_H*/ |
/ip6t_ipv6header.h
0,0 → 1,27
/* ipv6header match - matches IPv6 packets based |
on whether they contain certain headers */ |
|
/* Original idea: Brad Chapman |
* Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */ |
|
|
#ifndef __IPV6HEADER_H |
#define __IPV6HEADER_H |
|
struct ip6t_ipv6header_info |
{ |
u_int8_t matchflags; |
u_int8_t invflags; |
u_int8_t modeflag; |
}; |
|
#define MASK_HOPOPTS 128 |
#define MASK_DSTOPTS 64 |
#define MASK_ROUTING 32 |
#define MASK_FRAGMENT 16 |
#define MASK_AH 8 |
#define MASK_ESP 4 |
#define MASK_NONE 2 |
#define MASK_PROTO 1 |
|
#endif /* __IPV6HEADER_H */ |
/ip6t_multiport.h
0,0 → 1,21
#ifndef _IP6T_MULTIPORT_H |
#define _IP6T_MULTIPORT_H |
#include <linux/netfilter_ipv6/ip6_tables.h> |
|
enum ip6t_multiport_flags |
{ |
IP6T_MULTIPORT_SOURCE, |
IP6T_MULTIPORT_DESTINATION, |
IP6T_MULTIPORT_EITHER |
}; |
|
#define IP6T_MULTI_PORTS 15 |
|
/* Must fit inside union ip6t_matchinfo: 16 bytes */ |
struct ip6t_multiport |
{ |
u_int8_t flags; /* Type of comparison */ |
u_int8_t count; /* Number of ports */ |
u_int16_t ports[IP6T_MULTI_PORTS]; /* Ports */ |
}; |
#endif /*_IPT_MULTIPORT_H*/ |
/ip6t_mac.h
0,0 → 1,8
#ifndef _IP6T_MAC_H |
#define _IP6T_MAC_H |
|
struct ip6t_mac_info { |
unsigned char srcaddr[ETH_ALEN]; |
int invert; |
}; |
#endif /*_IPT_MAC_H*/ |
/ip6t_hl.h
0,0 → 1,22
/* ip6tables module for matching the Hop Limit value |
* Maciej Soltysiak <solt@dns.toxicfilms.tv> |
* Based on HW's ttl module */ |
|
#ifndef _IP6T_HL_H |
#define _IP6T_HL_H |
|
enum { |
IP6T_HL_EQ = 0, /* equals */ |
IP6T_HL_NE, /* not equals */ |
IP6T_HL_LT, /* less than */ |
IP6T_HL_GT, /* greater than */ |
}; |
|
|
struct ip6t_hl_info { |
u_int8_t mode; |
u_int8_t hop_limit; |
}; |
|
|
#endif |
/ip6t_REJECT.h
0,0 → 1,16
#ifndef _IP6T_REJECT_H |
#define _IP6T_REJECT_H |
|
enum ip6t_reject_with { |
IP6T_ICMP_NET_UNREACHABLE, |
IP6T_ICMP_HOST_UNREACHABLE, |
IP6T_ICMP_PROT_UNREACHABLE, |
IP6T_ICMP_PORT_UNREACHABLE, |
IP6T_ICMP_ECHOREPLY |
}; |
|
struct ip6t_reject_info { |
enum ip6t_reject_with with; /* reject type */ |
}; |
|
#endif /*_IPT_REJECT_H*/ |
/ip6t_limit.h
0,0 → 1,21
#ifndef _IP6T_RATE_H |
#define _IP6T_RATE_H |
|
/* timings are in milliseconds. */ |
#define IP6T_LIMIT_SCALE 10000 |
|
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 |
seconds, or one every 59 hours. */ |
struct ip6t_rateinfo { |
u_int32_t avg; /* Average secs between packets * scale */ |
u_int32_t burst; /* Period multiplier for upper limit. */ |
|
/* Used internally by the kernel */ |
unsigned long prev; |
u_int32_t credit; |
u_int32_t credit_cap, cost; |
|
/* Ugly, ugly fucker. */ |
struct ip6t_rateinfo *master; |
}; |
#endif /*_IPT_RATE_H*/ |
/ip6t_frag.h
0,0 → 1,33
#ifndef _IP6T_FRAG_H |
#define _IP6T_FRAG_H |
|
struct ip6t_frag |
{ |
u_int32_t ids[2]; /* Security Parameter Index */ |
u_int32_t hdrlen; /* Header Length */ |
u_int8_t flags; /* */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
|
#define IP6T_FRAG_IDS 0x01 |
#define IP6T_FRAG_LEN 0x02 |
#define IP6T_FRAG_RES 0x04 |
#define IP6T_FRAG_FST 0x08 |
#define IP6T_FRAG_MF 0x10 |
#define IP6T_FRAG_NMF 0x20 |
|
/* Values for "invflags" field in struct ip6t_frag. */ |
#define IP6T_FRAG_INV_IDS 0x01 /* Invert the sense of ids. */ |
#define IP6T_FRAG_INV_LEN 0x02 /* Invert the sense of length. */ |
#define IP6T_FRAG_INV_MASK 0x03 /* All possible flags. */ |
|
#define MASK_HOPOPTS 128 |
#define MASK_DSTOPTS 64 |
#define MASK_ROUTING 32 |
#define MASK_FRAGMENT 16 |
#define MASK_AH 8 |
#define MASK_ESP 4 |
#define MASK_NONE 2 |
#define MASK_PROTO 1 |
|
#endif /*_IP6T_FRAG_H*/ |
/ip6t_length.h
0,0 → 1,10
#ifndef _IP6T_LENGTH_H |
#define _IP6T_LENGTH_H |
|
struct ip6t_length_info { |
u_int16_t min, max; |
u_int8_t invert; |
}; |
|
#endif /*_IP6T_LENGTH_H*/ |
|
/ip6t_LOG.h
0,0 → 1,15
#ifndef _IP6T_LOG_H |
#define _IP6T_LOG_H |
|
#define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ |
#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */ |
#define IP6T_LOG_IPOPT 0x04 /* Log IP options */ |
#define IP6T_LOG_MASK 0x07 |
|
struct ip6t_log_info { |
unsigned char level; |
unsigned char logflags; |
char prefix[30]; |
}; |
|
#endif /*_IPT_LOG_H*/ |
/ip6t_rt.h
0,0 → 1,42
#ifndef _IP6T_RT_H |
#define _IP6T_RT_H |
|
/*#include <linux/in6.h>*/ |
|
#define IP6T_RT_HOPS 16 |
|
struct ip6t_rt |
{ |
u_int32_t rt_type; /* Routing Type */ |
u_int32_t segsleft[2]; /* Segments Left */ |
u_int32_t hdrlen; /* Header Length */ |
u_int8_t flags; /* */ |
u_int8_t invflags; /* Inverse flags */ |
struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */ |
u_int8_t addrnr; /* Nr of Addresses */ |
}; |
|
#define IP6T_RT_TYP 0x01 |
#define IP6T_RT_SGS 0x02 |
#define IP6T_RT_LEN 0x04 |
#define IP6T_RT_RES 0x08 |
#define IP6T_RT_FST_MASK 0x30 |
#define IP6T_RT_FST 0x10 |
#define IP6T_RT_FST_NSTRICT 0x20 |
|
/* Values for "invflags" field in struct ip6t_rt. */ |
#define IP6T_RT_INV_TYP 0x01 /* Invert the sense of type. */ |
#define IP6T_RT_INV_SGS 0x02 /* Invert the sense of Segments. */ |
#define IP6T_RT_INV_LEN 0x04 /* Invert the sense of length. */ |
#define IP6T_RT_INV_MASK 0x07 /* All possible flags. */ |
|
#define MASK_HOPOPTS 128 |
#define MASK_DSTOPTS 64 |
#define MASK_ROUTING 32 |
#define MASK_FRAGMENT 16 |
#define MASK_AH 8 |
#define MASK_ESP 4 |
#define MASK_NONE 2 |
#define MASK_PROTO 1 |
|
#endif /*_IP6T_RT_H*/ |
/ip6t_opts.h
0,0 → 1,32
#ifndef _IP6T_OPTS_H |
#define _IP6T_OPTS_H |
|
#define IP6T_OPTS_OPTSNR 16 |
|
struct ip6t_opts |
{ |
u_int32_t hdrlen; /* Header Length */ |
u_int8_t flags; /* */ |
u_int8_t invflags; /* Inverse flags */ |
u_int16_t opts[IP6T_OPTS_OPTSNR]; /* opts */ |
u_int8_t optsnr; /* Nr of OPts */ |
}; |
|
#define IP6T_OPTS_LEN 0x01 |
#define IP6T_OPTS_OPTS 0x02 |
#define IP6T_OPTS_NSTRICT 0x04 |
|
/* Values for "invflags" field in struct ip6t_rt. */ |
#define IP6T_OPTS_INV_LEN 0x01 /* Invert the sense of length. */ |
#define IP6T_OPTS_INV_MASK 0x01 /* All possible flags. */ |
|
#define MASK_HOPOPTS 128 |
#define MASK_DSTOPTS 64 |
#define MASK_ROUTING 32 |
#define MASK_FRAGMENT 16 |
#define MASK_AH 8 |
#define MASK_ESP 4 |
#define MASK_NONE 2 |
#define MASK_PROTO 1 |
|
#endif /*_IP6T_OPTS_H*/ |
/ip6_tables.h
0,0 → 1,458
/* |
* 25-Jul-1998 Major changes to allow for ip chain table |
* |
* 3-Jan-2000 Named tables to allow packet selection for different uses. |
*/ |
|
/* |
* Format of an IP6 firewall descriptor |
* |
* src, dst, src_mask, dst_mask are always stored in network byte order. |
* flags are stored in host byte order (of course). |
* Port numbers are stored in HOST byte order. |
*/ |
|
#ifndef _IP6_TABLES_H |
#define _IP6_TABLES_H |
|
#ifdef __KERNEL__ |
#include <linux/if.h> |
#include <linux/types.h> |
#include <linux/in6.h> |
#include <linux/ipv6.h> |
#include <linux/skbuff.h> |
#endif |
#include <linux/netfilter_ipv6.h> |
|
#define IP6T_FUNCTION_MAXNAMELEN 30 |
#define IP6T_TABLE_MAXNAMELEN 32 |
|
/* Yes, Virginia, you have to zero the padding. */ |
struct ip6t_ip6 { |
/* Source and destination IP6 addr */ |
struct in6_addr src, dst; |
/* Mask for src and dest IP6 addr */ |
struct in6_addr smsk, dmsk; |
char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; |
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; |
|
/* ARGH, HopByHop uses 0, so can't do 0 = ANY, |
instead IP6T_F_NOPROTO must be set */ |
u_int16_t proto; |
/* TOS to match iff flags & IP6T_F_TOS */ |
u_int8_t tos; |
|
/* Flags word */ |
u_int8_t flags; |
/* Inverse flags */ |
u_int8_t invflags; |
}; |
|
/* FIXME: If alignment in kernel different from userspace? --RR */ |
struct ip6t_entry_match |
{ |
union { |
struct { |
u_int16_t match_size; |
|
/* Used by userspace */ |
char name[IP6T_FUNCTION_MAXNAMELEN]; |
} user; |
struct { |
u_int16_t match_size; |
|
/* Used inside the kernel */ |
struct ip6t_match *match; |
} kernel; |
|
/* Total length */ |
u_int16_t match_size; |
} u; |
|
unsigned char data[0]; |
}; |
|
struct ip6t_entry_target |
{ |
union { |
struct { |
u_int16_t target_size; |
|
/* Used by userspace */ |
char name[IP6T_FUNCTION_MAXNAMELEN]; |
} user; |
struct { |
u_int16_t target_size; |
|
/* Used inside the kernel */ |
struct ip6t_target *target; |
} kernel; |
|
/* Total length */ |
u_int16_t target_size; |
} u; |
|
unsigned char data[0]; |
}; |
|
struct ip6t_standard_target |
{ |
struct ip6t_entry_target target; |
int verdict; |
}; |
|
struct ip6t_counters |
{ |
u_int64_t pcnt, bcnt; /* Packet and byte counters */ |
}; |
|
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ |
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper |
protocols */ |
#define IP6T_F_TOS 0x02 /* Match the TOS. */ |
#define IP6T_F_MASK 0x03 /* All possible flag bits mask. */ |
|
/* Values for "inv" field in struct ip6t_ip6. */ |
#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ |
#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ |
#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */ |
#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ |
#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ |
#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ |
#define IP6T_INV_PROTO 0x40 /* Invert the sense of PROTO. */ |
#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ |
|
/* This structure defines each of the firewall rules. Consists of 3 |
parts which are 1) general IP header stuff 2) match specific |
stuff 3) the target to perform if the rule matches */ |
struct ip6t_entry |
{ |
struct ip6t_ip6 ipv6; |
|
/* Mark with fields that we care about. */ |
unsigned int nfcache; |
|
/* Size of ipt_entry + matches */ |
u_int16_t target_offset; |
/* Size of ipt_entry + matches + target */ |
u_int16_t next_offset; |
|
/* Back pointer */ |
unsigned int comefrom; |
|
/* Packet and byte counters. */ |
struct ip6t_counters counters; |
|
/* The matches (if any), then the target. */ |
unsigned char elems[0]; |
}; |
|
/* |
* New IP firewall options for [gs]etsockopt at the RAW IP level. |
* Unlike BSD Linux inherits IP options so you don't have to use |
* a raw socket for this. Instead we check rights in the calls. */ |
#define IP6T_BASE_CTL 64 /* base for firewall socket options */ |
|
#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) |
#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) |
#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS |
|
#define IP6T_SO_GET_INFO (IP6T_BASE_CTL) |
#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) |
#define IP6T_SO_GET_MAX IP6T_SO_GET_ENTRIES |
|
/* CONTINUE verdict for targets */ |
#define IP6T_CONTINUE 0xFFFFFFFF |
|
/* For standard target */ |
#define IP6T_RETURN (-NF_MAX_VERDICT - 1) |
|
/* TCP matching stuff */ |
struct ip6t_tcp |
{ |
u_int16_t spts[2]; /* Source port range. */ |
u_int16_t dpts[2]; /* Destination port range. */ |
u_int8_t option; /* TCP Option iff non-zero*/ |
u_int8_t flg_mask; /* TCP flags mask byte */ |
u_int8_t flg_cmp; /* TCP flags compare byte */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
|
/* Values for "inv" field in struct ipt_tcp. */ |
#define IP6T_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ |
#define IP6T_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ |
#define IP6T_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ |
#define IP6T_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ |
#define IP6T_TCP_INV_MASK 0x0F /* All possible flags. */ |
|
/* UDP matching stuff */ |
struct ip6t_udp |
{ |
u_int16_t spts[2]; /* Source port range. */ |
u_int16_t dpts[2]; /* Destination port range. */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
|
/* Values for "invflags" field in struct ipt_udp. */ |
#define IP6T_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ |
#define IP6T_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ |
#define IP6T_UDP_INV_MASK 0x03 /* All possible flags. */ |
|
/* ICMP matching stuff */ |
struct ip6t_icmp |
{ |
u_int8_t type; /* type to match */ |
u_int8_t code[2]; /* range of code */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
|
/* Values for "inv" field for struct ipt_icmp. */ |
#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */ |
|
/* The argument to IP6T_SO_GET_INFO */ |
struct ip6t_getinfo |
{ |
/* Which table: caller fills this in. */ |
char name[IP6T_TABLE_MAXNAMELEN]; |
|
/* Kernel fills these in. */ |
/* Which hook entry points are valid: bitmask */ |
unsigned int valid_hooks; |
|
/* Hook entry points: one per netfilter hook. */ |
unsigned int hook_entry[NF_IP6_NUMHOOKS]; |
|
/* Underflow points. */ |
unsigned int underflow[NF_IP6_NUMHOOKS]; |
|
/* Number of entries */ |
unsigned int num_entries; |
|
/* Size of entries. */ |
unsigned int size; |
}; |
|
/* The argument to IP6T_SO_SET_REPLACE. */ |
struct ip6t_replace |
{ |
/* Which table. */ |
char name[IP6T_TABLE_MAXNAMELEN]; |
|
/* Which hook entry points are valid: bitmask. You can't |
change this. */ |
unsigned int valid_hooks; |
|
/* Number of entries */ |
unsigned int num_entries; |
|
/* Total size of new entries */ |
unsigned int size; |
|
/* Hook entry points. */ |
unsigned int hook_entry[NF_IP6_NUMHOOKS]; |
|
/* Underflow points. */ |
unsigned int underflow[NF_IP6_NUMHOOKS]; |
|
/* Information about old entries: */ |
/* Number of counters (must be equal to current number of entries). */ |
unsigned int num_counters; |
/* The old entries' counters. */ |
struct ip6t_counters *counters; |
|
/* The entries (hang off end: not really an array). */ |
struct ip6t_entry entries[0]; |
}; |
|
/* The argument to IP6T_SO_ADD_COUNTERS. */ |
struct ip6t_counters_info |
{ |
/* Which table. */ |
char name[IP6T_TABLE_MAXNAMELEN]; |
|
unsigned int num_counters; |
|
/* The counters (actually `number' of these). */ |
struct ip6t_counters counters[0]; |
}; |
|
/* The argument to IP6T_SO_GET_ENTRIES. */ |
struct ip6t_get_entries |
{ |
/* Which table: user fills this in. */ |
char name[IP6T_TABLE_MAXNAMELEN]; |
|
/* User fills this in: total entry size. */ |
unsigned int size; |
|
/* The entries. */ |
struct ip6t_entry entrytable[0]; |
}; |
|
/* Standard return verdict, or do jump. */ |
#define IP6T_STANDARD_TARGET "" |
/* Error verdict. */ |
#define IP6T_ERROR_TARGET "ERROR" |
|
/* Helper functions */ |
static __inline__ struct ip6t_entry_target * |
ip6t_get_target(struct ip6t_entry *e) |
{ |
return (void *)e + e->target_offset; |
} |
|
/* fn returns 0 to continue iteration */ |
#define IP6T_MATCH_ITERATE(e, fn, args...) \ |
({ \ |
unsigned int __i; \ |
int __ret = 0; \ |
struct ip6t_entry_match *__m; \ |
\ |
for (__i = sizeof(struct ip6t_entry); \ |
__i < (e)->target_offset; \ |
__i += __m->u.match_size) { \ |
__m = (void *)(e) + __i; \ |
\ |
__ret = fn(__m , ## args); \ |
if (__ret != 0) \ |
break; \ |
} \ |
__ret; \ |
}) |
|
/* fn returns 0 to continue iteration */ |
#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ |
({ \ |
unsigned int __i; \ |
int __ret = 0; \ |
struct ip6t_entry *__e; \ |
\ |
for (__i = 0; __i < (size); __i += __e->next_offset) { \ |
__e = (void *)(entries) + __i; \ |
\ |
__ret = fn(__e , ## args); \ |
if (__ret != 0) \ |
break; \ |
} \ |
__ret; \ |
}) |
|
/* |
* Main firewall chains definitions and global var's definitions. |
*/ |
|
#ifdef __KERNEL__ |
|
#include <linux/init.h> |
extern void ip6t_init(void) __init; |
|
struct ip6t_match |
{ |
struct list_head list; |
|
const char name[IP6T_FUNCTION_MAXNAMELEN]; |
|
/* Return true or false: return FALSE and set *hotdrop = 1 to |
force immediate packet drop. */ |
int (*match)(const struct sk_buff *skb, |
const struct net_device *in, |
const struct net_device *out, |
const void *matchinfo, |
int offset, |
const void *hdr, |
u_int16_t datalen, |
int *hotdrop); |
|
/* Called when user tries to insert an entry of this type. */ |
/* Should return true or false. */ |
int (*checkentry)(const char *tablename, |
const struct ip6t_ip6 *ip, |
void *matchinfo, |
unsigned int matchinfosize, |
unsigned int hook_mask); |
|
/* Called when entry of this type deleted. */ |
void (*destroy)(void *matchinfo, unsigned int matchinfosize); |
|
/* Set this to THIS_MODULE if you are a module, otherwise NULL */ |
struct module *me; |
}; |
|
/* Registration hooks for targets. */ |
struct ip6t_target |
{ |
struct list_head list; |
|
const char name[IP6T_FUNCTION_MAXNAMELEN]; |
|
/* Returns verdict. */ |
unsigned int (*target)(struct sk_buff **pskb, |
unsigned int hooknum, |
const struct net_device *in, |
const struct net_device *out, |
const void *targinfo, |
void *userdata); |
|
/* Called when user tries to insert an entry of this type: |
hook_mask is a bitmask of hooks from which it can be |
called. */ |
/* Should return true or false. */ |
int (*checkentry)(const char *tablename, |
const struct ip6t_entry *e, |
void *targinfo, |
unsigned int targinfosize, |
unsigned int hook_mask); |
|
/* Called when entry of this type deleted. */ |
void (*destroy)(void *targinfo, unsigned int targinfosize); |
|
/* Set this to THIS_MODULE if you are a module, otherwise NULL */ |
struct module *me; |
}; |
|
extern int ip6t_register_target(struct ip6t_target *target); |
extern void ip6t_unregister_target(struct ip6t_target *target); |
|
extern int ip6t_register_match(struct ip6t_match *match); |
extern void ip6t_unregister_match(struct ip6t_match *match); |
|
/* Furniture shopping... */ |
struct ip6t_table |
{ |
struct list_head list; |
|
/* A unique name... */ |
char name[IP6T_TABLE_MAXNAMELEN]; |
|
/* Seed table: copied in register_table */ |
struct ip6t_replace *table; |
|
/* What hooks you will enter on */ |
unsigned int valid_hooks; |
|
/* Lock for the curtain */ |
rwlock_t lock; |
|
/* Man behind the curtain... */ |
struct ip6t_table_info *private; |
|
/* Set this to THIS_MODULE if you are a module, otherwise NULL */ |
struct module *me; |
}; |
|
extern int ip6t_register_table(struct ip6t_table *table); |
extern void ip6t_unregister_table(struct ip6t_table *table); |
extern unsigned int ip6t_do_table(struct sk_buff **pskb, |
unsigned int hook, |
const struct net_device *in, |
const struct net_device *out, |
struct ip6t_table *table, |
void *userdata); |
|
/* Check for an extension */ |
extern int ip6t_ext_hdr(u8 nexthdr); |
|
#define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) |
|
#endif /*__KERNEL__*/ |
#endif /* _IP6_TABLES_H */ |