1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */
21da177e4SLinus Torvalds /*
31da177e4SLinus Torvalds * 25-Jul-1998 Major changes to allow for ip chain table
41da177e4SLinus Torvalds *
51da177e4SLinus Torvalds * 3-Jan-2000 Named tables to allow packet selection for different uses.
61da177e4SLinus Torvalds */
71da177e4SLinus Torvalds
81da177e4SLinus Torvalds /*
91da177e4SLinus Torvalds * Format of an IP firewall descriptor
101da177e4SLinus Torvalds *
111da177e4SLinus Torvalds * src, dst, src_mask, dst_mask are always stored in network byte order.
121da177e4SLinus Torvalds * flags are stored in host byte order (of course).
131da177e4SLinus Torvalds * Port numbers are stored in HOST byte order.
141da177e4SLinus Torvalds */
151da177e4SLinus Torvalds #ifndef _IPTABLES_H
161da177e4SLinus Torvalds #define _IPTABLES_H
171da177e4SLinus Torvalds
181da177e4SLinus Torvalds #include <linux/if.h>
191da177e4SLinus Torvalds #include <linux/in.h>
20f19438bdSJeremy Sowden #include <linux/init.h>
211da177e4SLinus Torvalds #include <linux/ip.h>
221da177e4SLinus Torvalds #include <linux/skbuff.h>
2317c07592SDavid Howells #include <uapi/linux/netfilter_ipv4/ip_tables.h>
2417c07592SDavid Howells
25a67dd266SFlorian Westphal int ipt_register_table(struct net *net, const struct xt_table *table,
26a67dd266SFlorian Westphal const struct ipt_replace *repl,
271cbf9098SDavid Wilder const struct nf_hook_ops *ops);
281cbf9098SDavid Wilder
29ae689334SFlorian Westphal void ipt_unregister_table_pre_exit(struct net *net, const char *name);
3020a9df33SFlorian Westphal void ipt_unregister_table_exit(struct net *net, const char *name);
311cbf9098SDavid Wilder
321da177e4SLinus Torvalds /* Standard entry. */
33d94d9feeSEric Dumazet struct ipt_standard {
341da177e4SLinus Torvalds struct ipt_entry entry;
3587a2e70dSJan Engelhardt struct xt_standard_target target;
361da177e4SLinus Torvalds };
371da177e4SLinus Torvalds
38d94d9feeSEric Dumazet struct ipt_error {
391da177e4SLinus Torvalds struct ipt_entry entry;
4075f0a0fdSJan Engelhardt struct xt_error_target target;
411da177e4SLinus Torvalds };
421da177e4SLinus Torvalds
433c2ad469SPatrick McHardy #define IPT_ENTRY_INIT(__size) \
443c2ad469SPatrick McHardy { \
453c2ad469SPatrick McHardy .target_offset = sizeof(struct ipt_entry), \
463c2ad469SPatrick McHardy .next_offset = (__size), \
473c2ad469SPatrick McHardy }
483c2ad469SPatrick McHardy
493c2ad469SPatrick McHardy #define IPT_STANDARD_INIT(__verdict) \
503c2ad469SPatrick McHardy { \
513c2ad469SPatrick McHardy .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
52243bf6e2SJan Engelhardt .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
533c2ad469SPatrick McHardy sizeof(struct xt_standard_target)), \
543c2ad469SPatrick McHardy .target.verdict = -(__verdict) - 1, \
553c2ad469SPatrick McHardy }
563c2ad469SPatrick McHardy
573c2ad469SPatrick McHardy #define IPT_ERROR_INIT \
583c2ad469SPatrick McHardy { \
593c2ad469SPatrick McHardy .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
60243bf6e2SJan Engelhardt .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
6175f0a0fdSJan Engelhardt sizeof(struct xt_error_target)), \
623c2ad469SPatrick McHardy .target.errorname = "ERROR", \
633c2ad469SPatrick McHardy }
643c2ad469SPatrick McHardy
65e3eaa991SJan Engelhardt extern void *ipt_alloc_initial_table(const struct xt_table *);
66*8844e010SFlorian Westphal extern unsigned int ipt_do_table(void *priv,
67*8844e010SFlorian Westphal struct sk_buff *skb,
68*8844e010SFlorian Westphal const struct nf_hook_state *state);
691da177e4SLinus Torvalds
7047a6959fSFlorian Westphal #ifdef CONFIG_NETFILTER_XTABLES_COMPAT
712722971cSDmitry Mishin #include <net/compat.h>
722722971cSDmitry Mishin
73d94d9feeSEric Dumazet struct compat_ipt_entry {
742722971cSDmitry Mishin struct ipt_ip ip;
752722971cSDmitry Mishin compat_uint_t nfcache;
767ff30c43SBen Hutchings __u16 target_offset;
777ff30c43SBen Hutchings __u16 next_offset;
782722971cSDmitry Mishin compat_uint_t comefrom;
792722971cSDmitry Mishin struct compat_xt_counters counters;
806daf1414SGustavo A. R. Silva unsigned char elems[];
812722971cSDmitry Mishin };
822722971cSDmitry Mishin
8373cd598dSPatrick McHardy /* Helper functions */
8487a2e70dSJan Engelhardt static inline struct xt_entry_target *
compat_ipt_get_target(struct compat_ipt_entry * e)8573cd598dSPatrick McHardy compat_ipt_get_target(struct compat_ipt_entry *e)
8673cd598dSPatrick McHardy {
8773cd598dSPatrick McHardy return (void *)e + e->target_offset;
8873cd598dSPatrick McHardy }
8973cd598dSPatrick McHardy
902722971cSDmitry Mishin #endif /* CONFIG_COMPAT */
911da177e4SLinus Torvalds #endif /* _IPTABLES_H */
92