1 /* 2 * 25-Jul-1998 Major changes to allow for ip chain table 3 * 4 * 3-Jan-2000 Named tables to allow packet selection for different uses. 5 */ 6 7 /* 8 * Format of an IP6 firewall descriptor 9 * 10 * src, dst, src_mask, dst_mask are always stored in network byte order. 11 * flags are stored in host byte order (of course). 12 * Port numbers are stored in HOST byte order. 13 */ 14 #ifndef _IP6_TABLES_H 15 #define _IP6_TABLES_H 16 17 #include <linux/if.h> 18 #include <linux/in6.h> 19 #include <linux/ipv6.h> 20 #include <linux/skbuff.h> 21 22 #include <linux/init.h> 23 #include <uapi/linux/netfilter_ipv6/ip6_tables.h> 24 25 extern void ip6t_init(void) __init; 26 27 extern void *ip6t_alloc_initial_table(const struct xt_table *); 28 int ip6t_register_table(struct net *net, const struct xt_table *table, 29 const struct ip6t_replace *repl, 30 const struct nf_hook_ops *ops, struct xt_table **res); 31 void ip6t_unregister_table(struct net *net, struct xt_table *table, 32 const struct nf_hook_ops *ops); 33 extern unsigned int ip6t_do_table(struct sk_buff *skb, 34 const struct nf_hook_state *state, 35 struct xt_table *table); 36 37 /* Check for an extension */ 38 static inline int 39 ip6t_ext_hdr(u8 nexthdr) 40 { return (nexthdr == IPPROTO_HOPOPTS) || 41 (nexthdr == IPPROTO_ROUTING) || 42 (nexthdr == IPPROTO_FRAGMENT) || 43 (nexthdr == IPPROTO_ESP) || 44 (nexthdr == IPPROTO_AH) || 45 (nexthdr == IPPROTO_NONE) || 46 (nexthdr == IPPROTO_DSTOPTS); 47 } 48 49 #ifdef CONFIG_COMPAT 50 #include <net/compat.h> 51 52 struct compat_ip6t_entry { 53 struct ip6t_ip6 ipv6; 54 compat_uint_t nfcache; 55 __u16 target_offset; 56 __u16 next_offset; 57 compat_uint_t comefrom; 58 struct compat_xt_counters counters; 59 unsigned char elems[0]; 60 }; 61 62 static inline struct xt_entry_target * 63 compat_ip6t_get_target(struct compat_ip6t_entry *e) 64 { 65 return (void *)e + e->target_offset; 66 } 67 68 #endif /* CONFIG_COMPAT */ 69 #endif /* _IP6_TABLES_H */ 70