/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ /* * 25-Jul-1998 Major changes to allow for ip chain table * * 3-Jan-2000 Named tables to allow packet selection for different uses. */ /* * Format of an IP6 firewall descriptor * * src, dst, src_mask, dst_mask are always stored in network byte order. * flags are stored in host byte order (of course). * Port numbers are stored in HOST byte order. */ #ifndef _UAPI_IP6_TABLES_H #define _UAPI_IP6_TABLES_H #include <linux/types.h> #include <linux/compiler.h> #include <linux/if.h> #include <linux/netfilter_ipv6.h> #include <linux/netfilter/x_tables.h> #ifndef __KERNEL__ #define IP6T_FUNCTION_MAXNAMELEN … #define IP6T_TABLE_MAXNAMELEN … #define ip6t_match … #define ip6t_target … #define ip6t_table … #define ip6t_get_revision … #define ip6t_entry_match … #define ip6t_entry_target … #define ip6t_standard_target … #define ip6t_error_target … #define ip6t_counters … #define IP6T_CONTINUE … #define IP6T_RETURN … /* Pre-iptables-1.4.0 */ #include <linux/netfilter/xt_tcpudp.h> #define ip6t_tcp … #define ip6t_udp … #define IP6T_TCP_INV_SRCPT … #define IP6T_TCP_INV_DSTPT … #define IP6T_TCP_INV_FLAGS … #define IP6T_TCP_INV_OPTION … #define IP6T_TCP_INV_MASK … #define IP6T_UDP_INV_SRCPT … #define IP6T_UDP_INV_DSTPT … #define IP6T_UDP_INV_MASK … #define ip6t_counters_info … #define IP6T_STANDARD_TARGET … #define IP6T_ERROR_TARGET … #define IP6T_MATCH_ITERATE … #define IP6T_ENTRY_ITERATE … #endif /* Yes, Virginia, you have to zero the padding. */ struct ip6t_ip6 { … }; /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ #define IP6T_F_PROTO … #define IP6T_F_TOS … #define IP6T_F_GOTO … #define IP6T_F_MASK … /* Values for "inv" field in struct ip6t_ip6. */ #define IP6T_INV_VIA_IN … #define IP6T_INV_VIA_OUT … #define IP6T_INV_TOS … #define IP6T_INV_SRCIP … #define IP6T_INV_DSTIP … #define IP6T_INV_FRAG … #define IP6T_INV_PROTO … #define IP6T_INV_MASK … /* This structure defines each of the firewall rules. Consists of 3 parts which are 1) general IP header stuff 2) match specific stuff 3) the target to perform if the rule matches */ struct ip6t_entry { … }; /* Standard entry */ struct ip6t_standard { … }; struct ip6t_error { … }; #define IP6T_ENTRY_INIT(__size) … #define IP6T_STANDARD_INIT(__verdict) … #define IP6T_ERROR_INIT … /* * New IP firewall options for [gs]etsockopt at the RAW IP level. * Unlike BSD Linux inherits IP options so you don't have to use * a raw socket for this. Instead we check rights in the calls. * * ATTENTION: check linux/in6.h before adding new number here. */ #define IP6T_BASE_CTL … #define IP6T_SO_SET_REPLACE … #define IP6T_SO_SET_ADD_COUNTERS … #define IP6T_SO_SET_MAX … #define IP6T_SO_GET_INFO … #define IP6T_SO_GET_ENTRIES … #define IP6T_SO_GET_REVISION_MATCH … #define IP6T_SO_GET_REVISION_TARGET … #define IP6T_SO_GET_MAX … /* obtain original address if REDIRECT'd connection */ #define IP6T_SO_ORIGINAL_DST … /* ICMP matching stuff */ struct ip6t_icmp { … }; /* Values for "inv" field for struct ipt_icmp. */ #define IP6T_ICMP_INV … /* The argument to IP6T_SO_GET_INFO */ struct ip6t_getinfo { … }; /* The argument to IP6T_SO_SET_REPLACE. */ struct ip6t_replace { … }; /* The argument to IP6T_SO_GET_ENTRIES. */ struct ip6t_get_entries { … }; /* Helper functions */ static __inline__ struct xt_entry_target * ip6t_get_target(struct ip6t_entry *e) { … } /* * Main firewall chains definitions and global var's definitions. */ #endif /* _UAPI_IP6_TABLES_H */
Codebase Browser
linux