1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 #ifndef _UAPI_X_TABLES_H
3 #define _UAPI_X_TABLES_H
4 #include <linux/const.h>
5 #include <linux/types.h>
6 
7 #define XT_FUNCTION_MAXNAMELEN 30
8 #define XT_EXTENSION_MAXNAMELEN 29
9 #define XT_TABLE_MAXNAMELEN 32
10 
11 struct xt_entry_match {
12 	union {
13 		struct {
14 			__u16 match_size;
15 
16 			/* Used by userspace */
17 			char name[XT_EXTENSION_MAXNAMELEN];
18 			__u8 revision;
19 		} user;
20 		struct {
21 			__u16 match_size;
22 
23 			/* Used inside the kernel */
24 			struct xt_match *match;
25 		} kernel;
26 
27 		/* Total length */
28 		__u16 match_size;
29 	} u;
30 
31 	unsigned char data[0];
32 };
33 
34 struct xt_entry_target {
35 	union {
36 		struct {
37 			__u16 target_size;
38 
39 			/* Used by userspace */
40 			char name[XT_EXTENSION_MAXNAMELEN];
41 			__u8 revision;
42 		} user;
43 		struct {
44 			__u16 target_size;
45 
46 			/* Used inside the kernel */
47 			struct xt_target *target;
48 		} kernel;
49 
50 		/* Total length */
51 		__u16 target_size;
52 	} u;
53 
54 	unsigned char data[0];
55 };
56 
57 #define XT_TARGET_INIT(__name, __size)					       \
58 {									       \
59 	.target.u.user = {						       \
60 		.target_size	= XT_ALIGN(__size),			       \
61 		.name		= __name,				       \
62 	},								       \
63 }
64 
65 struct xt_standard_target {
66 	struct xt_entry_target target;
67 	int verdict;
68 };
69 
70 struct xt_error_target {
71 	struct xt_entry_target target;
72 	char errorname[XT_FUNCTION_MAXNAMELEN];
73 };
74 
75 /* The argument to IPT_SO_GET_REVISION_*.  Returns highest revision
76  * kernel supports, if >= revision. */
77 struct xt_get_revision {
78 	char name[XT_EXTENSION_MAXNAMELEN];
79 	__u8 revision;
80 };
81 
82 /* CONTINUE verdict for targets */
83 #define XT_CONTINUE 0xFFFFFFFF
84 
85 /* For standard target */
86 #define XT_RETURN (-NF_REPEAT - 1)
87 
88 /* this is a dummy structure to find out the alignment requirement for a struct
89  * containing all the fundamental data types that are used in ipt_entry,
90  * ip6t_entry and arpt_entry.  This sucks, and it is a hack.  It will be my
91  * personal pleasure to remove it -HW
92  */
93 struct _xt_align {
94 	__u8 u8;
95 	__u16 u16;
96 	__u32 u32;
97 	__u64 u64;
98 };
99 
100 #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
101 
102 /* Standard return verdict, or do jump. */
103 #define XT_STANDARD_TARGET ""
104 /* Error verdict. */
105 #define XT_ERROR_TARGET "ERROR"
106 
107 #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
108 #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
109 
110 struct xt_counters {
111 	__u64 pcnt, bcnt;			/* Packet and byte counters */
112 };
113 
114 /* The argument to IPT_SO_ADD_COUNTERS. */
115 struct xt_counters_info {
116 	/* Which table. */
117 	char name[XT_TABLE_MAXNAMELEN];
118 
119 	unsigned int num_counters;
120 
121 	/* The counters (actually `number' of these). */
122 	struct xt_counters counters[0];
123 };
124 
125 #define XT_INV_PROTO		0x40	/* Invert the sense of PROTO. */
126 
127 #ifndef __KERNEL__
128 /* fn returns 0 to continue iteration */
129 #define XT_MATCH_ITERATE(type, e, fn, args...)			\
130 ({								\
131 	unsigned int __i;					\
132 	int __ret = 0;						\
133 	struct xt_entry_match *__m;				\
134 								\
135 	for (__i = sizeof(type);				\
136 	     __i < (e)->target_offset;				\
137 	     __i += __m->u.match_size) {			\
138 		__m = (void *)e + __i;				\
139 								\
140 		__ret = fn(__m , ## args);			\
141 		if (__ret != 0)					\
142 			break;					\
143 	}							\
144 	__ret;							\
145 })
146 
147 /* fn returns 0 to continue iteration */
148 #define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
149 ({								\
150 	unsigned int __i, __n;					\
151 	int __ret = 0;						\
152 	type *__entry;						\
153 								\
154 	for (__i = 0, __n = 0; __i < (size);			\
155 	     __i += __entry->next_offset, __n++) { 		\
156 		__entry = (void *)(entries) + __i;		\
157 		if (__n < n)					\
158 			continue;				\
159 								\
160 		__ret = fn(__entry , ## args);			\
161 		if (__ret != 0)					\
162 			break;					\
163 	}							\
164 	__ret;							\
165 })
166 
167 /* fn returns 0 to continue iteration */
168 #define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
169 	XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
170 
171 #endif /* !__KERNEL__ */
172 
173 /* pos is normally a struct ipt_entry/ip6t_entry/etc. */
174 #define xt_entry_foreach(pos, ehead, esize) \
175 	for ((pos) = (typeof(pos))(ehead); \
176 	     (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
177 	     (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
178 
179 /* can only be xt_entry_match, so no use of typeof here */
180 #define xt_ematch_foreach(pos, entry) \
181 	for ((pos) = (struct xt_entry_match *)entry->elems; \
182 	     (pos) < (struct xt_entry_match *)((char *)(entry) + \
183 	             (entry)->target_offset); \
184 	     (pos) = (struct xt_entry_match *)((char *)(pos) + \
185 	             (pos)->u.match_size))
186 
187 
188 #endif /* _UAPI_X_TABLES_H */
189