search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
GUI: Fix Tomato RAF theme for all builds. Compilation typo.
[tomato.git] / release / src-rt-6.x.4708 / toolchains / hndtools-arm-linux-2.6.36-uclibc-4.5.3 / arm-brcm-linux-uclibcgnueabi / sysroot / usr / include / linux / netfilter_ipv6 / ip6_tables.h
blob6179032327c695c6b86d12ed264b7c43dc0ea19d
1 /*
2 * 25-Jul-1998 Major changes to allow for ip chain table
3 *
4 * 3-Jan-2000 Named tables to allow packet selection for different uses.
5 */
6
7 /*
8 * Format of an IP6 firewall descriptor
9 *
10 * src, dst, src_mask, dst_mask are always stored in network byte order.
11 * flags are stored in host byte order (of course).
12 * Port numbers are stored in HOST byte order.
13 */
14
15 #ifndef _IP6_TABLES_H
16 #define _IP6_TABLES_H
17
18 #include <linux/types.h>
19
20 #include <linux/netfilter_ipv6.h>
21
22 #include <linux/netfilter/x_tables.h>
23
24 #define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
25 #define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
26
27 #define ip6t_match xt_match
28 #define ip6t_target xt_target
29 #define ip6t_table xt_table
30 #define ip6t_get_revision xt_get_revision
31
32 /* Yes, Virginia, you have to zero the padding. */
33 struct ip6t_ip6 {
34 /* Source and destination IP6 addr */
35 struct in6_addr src, dst;
36 /* Mask for src and dest IP6 addr */
37 struct in6_addr smsk, dmsk;
38 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
39 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
40
41 /* Upper protocol number
42 * - The allowed value is 0 (any) or protocol number of last parsable
43 * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or
44 * the non IPv6 extension headers.
45 * - The protocol numbers of IPv6 extension headers except of ESP and
46 * MH do not match any packets.
47 * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.
48 */
49 u_int16_t proto;
50 /* TOS to match iff flags & IP6T_F_TOS */
51 u_int8_t tos;
52
53 /* Flags word */
54 u_int8_t flags;
55 /* Inverse flags */
56 u_int8_t invflags;
57 };
58
59 #define ip6t_entry_match xt_entry_match
60 #define ip6t_entry_target xt_entry_target
61 #define ip6t_standard_target xt_standard_target
62
63 #define ip6t_counters xt_counters
64
65 /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
66 #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
67 protocols */
68 #define IP6T_F_TOS 0x02 /* Match the TOS. */
69 #define IP6T_F_GOTO 0x04 /* Set if jump is a goto */
70 #define IP6T_F_MASK 0x07 /* All possible flag bits mask. */
71
72 /* Values for "inv" field in struct ip6t_ip6. */
73 #define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
74 #define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
75 #define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */
76 #define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
77 #define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
78 #define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
79 #define IP6T_INV_PROTO XT_INV_PROTO
80 #define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
81
82 /* This structure defines each of the firewall rules. Consists of 3
83 parts which are 1) general IP header stuff 2) match specific
84 stuff 3) the target to perform if the rule matches */
85 struct ip6t_entry {
86 struct ip6t_ip6 ipv6;
87
88 /* Mark with fields that we care about. */
89 unsigned int nfcache;
90
91 /* Size of ipt_entry + matches */
92 u_int16_t target_offset;
93 /* Size of ipt_entry + matches + target */
94 u_int16_t next_offset;
95
96 /* Back pointer */
97 unsigned int comefrom;
98
99 /* Packet and byte counters. */
100 struct xt_counters counters;
101
102 /* The matches (if any), then the target. */
103 unsigned char elems[0];
104 };
105
106 /* Standard entry */
107 struct ip6t_standard {
108 struct ip6t_entry entry;
109 struct ip6t_standard_target target;
110 };
111
112 struct ip6t_error_target {
113 struct ip6t_entry_target target;
114 char errorname[IP6T_FUNCTION_MAXNAMELEN];
115 };
116
117 struct ip6t_error {
118 struct ip6t_entry entry;
119 struct ip6t_error_target target;
120 };
121
122 #define IP6T_ENTRY_INIT(__size) \
123 { \
124 .target_offset = sizeof(struct ip6t_entry), \
125 .next_offset = (__size), \
126 }
127
128 #define IP6T_STANDARD_INIT(__verdict) \
129 { \
130 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
131 .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
132 sizeof(struct ip6t_standard_target)), \
133 .target.verdict = -(__verdict) - 1, \
134 }
135
136 #define IP6T_ERROR_INIT \
137 { \
138 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
139 .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \
140 sizeof(struct ip6t_error_target)), \
141 .target.errorname = "ERROR", \
142 }
143
144 /*
145 * New IP firewall options for [gs]etsockopt at the RAW IP level.
146 * Unlike BSD Linux inherits IP options so you don't have to use
147 * a raw socket for this. Instead we check rights in the calls.
148 *
149 * ATTENTION: check linux/in6.h before adding new number here.
150 */
151 #define IP6T_BASE_CTL 64
152
153 #define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
154 #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
155 #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
156
157 #define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
158 #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
159 #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
160 #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
161 #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
162
163 /* CONTINUE verdict for targets */
164 #define IP6T_CONTINUE XT_CONTINUE
165
166 /* For standard target */
167 #define IP6T_RETURN XT_RETURN
168
169 /* TCP/UDP matching stuff */
170 #include <linux/netfilter/xt_tcpudp.h>
171
172 #define ip6t_tcp xt_tcp
173 #define ip6t_udp xt_udp
174
175 /* Values for "inv" field in struct ipt_tcp. */
176 #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
177 #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
178 #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
179 #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
180 #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
181
182 /* Values for "invflags" field in struct ipt_udp. */
183 #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
184 #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
185 #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
186
187 /* ICMP matching stuff */
188 struct ip6t_icmp {
189 u_int8_t type; /* type to match */
190 u_int8_t code[2]; /* range of code */
191 u_int8_t invflags; /* Inverse flags */
192 };
193
194 /* Values for "inv" field for struct ipt_icmp. */
195 #define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
196
197 /* The argument to IP6T_SO_GET_INFO */
198 struct ip6t_getinfo {
199 /* Which table: caller fills this in. */
200 char name[IP6T_TABLE_MAXNAMELEN];
201
202 /* Kernel fills these in. */
203 /* Which hook entry points are valid: bitmask */
204 unsigned int valid_hooks;
205
206 /* Hook entry points: one per netfilter hook. */
207 unsigned int hook_entry[NF_INET_NUMHOOKS];
208
209 /* Underflow points. */
210 unsigned int underflow[NF_INET_NUMHOOKS];
211
212 /* Number of entries */
213 unsigned int num_entries;
214
215 /* Size of entries. */
216 unsigned int size;
217 };
218
219 /* The argument to IP6T_SO_SET_REPLACE. */
220 struct ip6t_replace {
221 /* Which table. */
222 char name[IP6T_TABLE_MAXNAMELEN];
223
224 /* Which hook entry points are valid: bitmask. You can't
225 change this. */
226 unsigned int valid_hooks;
227
228 /* Number of entries */
229 unsigned int num_entries;
230
231 /* Total size of new entries */
232 unsigned int size;
233
234 /* Hook entry points. */
235 unsigned int hook_entry[NF_INET_NUMHOOKS];
236
237 /* Underflow points. */
238 unsigned int underflow[NF_INET_NUMHOOKS];
239
240 /* Information about old entries: */
241 /* Number of counters (must be equal to current number of entries). */
242 unsigned int num_counters;
243 /* The old entries' counters. */
244 struct xt_counters *counters;
245
246 /* The entries (hang off end: not really an array). */
247 struct ip6t_entry entries[0];
248 };
249
250 /* The argument to IP6T_SO_ADD_COUNTERS. */
251 #define ip6t_counters_info xt_counters_info
252
253 /* The argument to IP6T_SO_GET_ENTRIES. */
254 struct ip6t_get_entries {
255 /* Which table: user fills this in. */
256 char name[IP6T_TABLE_MAXNAMELEN];
257
258 /* User fills this in: total entry size. */
259 unsigned int size;
260
261 /* The entries. */
262 struct ip6t_entry entrytable[0];
263 };
264
265 /* Standard return verdict, or do jump. */
266 #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
267 /* Error verdict. */
268 #define IP6T_ERROR_TARGET XT_ERROR_TARGET
269
270 /* Helper functions */
271 static __inline__ struct ip6t_entry_target *
272 ip6t_get_target(struct ip6t_entry *e)
273 {
274 return (void *)e + e->target_offset;
275 }
276
277 /* fn returns 0 to continue iteration */
278 #define IP6T_MATCH_ITERATE(e, fn, args...) \
279 XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
280
281 /* fn returns 0 to continue iteration */
282 #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
283 XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
284
285 /*
286 * Main firewall chains definitions and global var's definitions.
287 */
288
289 #endif /* _IP6_TABLES_H */
Tomato firmware and modifications.