UAPI: (Scripted) Disintegrate include/linux/netfilter_ipv6

-12

include/linux/netfilter_ipv6/Kbuild

··· 1 - header-y += ip6_tables.h 2 - header-y += ip6t_HL.h 3 - header-y += ip6t_LOG.h 4 - header-y += ip6t_NPT.h 5 - header-y += ip6t_REJECT.h 6 - header-y += ip6t_ah.h 7 - header-y += ip6t_frag.h 8 - header-y += ip6t_hl.h 9 - header-y += ip6t_ipv6header.h 10 - header-y += ip6t_mh.h 11 - header-y += ip6t_opts.h 12 - header-y += ip6t_rt.h

+2 -254

include/linux/netfilter_ipv6/ip6_tables.h

··· 11 11 * flags are stored in host byte order (of course). 12 12 * Port numbers are stored in HOST byte order. 13 13 */ 14 - 15 14 #ifndef _IP6_TABLES_H 16 15 #define _IP6_TABLES_H 17 16 18 - #ifdef __KERNEL__ 19 17 #include <linux/if.h> 20 18 #include <linux/in6.h> 21 19 #include <linux/ipv6.h> 22 20 #include <linux/skbuff.h> 23 - #endif 24 - #include <linux/types.h> 25 - #include <linux/compiler.h> 26 - #include <linux/netfilter_ipv6.h> 27 - 28 - #include <linux/netfilter/x_tables.h> 29 - 30 - #ifndef __KERNEL__ 31 - #define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 32 - #define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 33 - #define ip6t_match xt_match 34 - #define ip6t_target xt_target 35 - #define ip6t_table xt_table 36 - #define ip6t_get_revision xt_get_revision 37 - #define ip6t_entry_match xt_entry_match 38 - #define ip6t_entry_target xt_entry_target 39 - #define ip6t_standard_target xt_standard_target 40 - #define ip6t_error_target xt_error_target 41 - #define ip6t_counters xt_counters 42 - #define IP6T_CONTINUE XT_CONTINUE 43 - #define IP6T_RETURN XT_RETURN 44 - 45 - /* Pre-iptables-1.4.0 */ 46 - #include <linux/netfilter/xt_tcpudp.h> 47 - #define ip6t_tcp xt_tcp 48 - #define ip6t_udp xt_udp 49 - #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT 50 - #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT 51 - #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS 52 - #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION 53 - #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK 54 - #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT 55 - #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT 56 - #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK 57 - 58 - #define ip6t_counters_info xt_counters_info 59 - #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET 60 - #define IP6T_ERROR_TARGET XT_ERROR_TARGET 61 - #define IP6T_MATCH_ITERATE(e, fn, args...) \ 62 - XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) 63 - #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ 64 - XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) 65 - #endif 66 - 67 - /* Yes, Virginia, you have to zero the padding. */ 68 - struct ip6t_ip6 { 69 - /* Source and destination IP6 addr */ 70 - struct in6_addr src, dst; 71 - /* Mask for src and dest IP6 addr */ 72 - struct in6_addr smsk, dmsk; 73 - char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 74 - unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 75 - 76 - /* Upper protocol number 77 - * - The allowed value is 0 (any) or protocol number of last parsable 78 - * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or 79 - * the non IPv6 extension headers. 80 - * - The protocol numbers of IPv6 extension headers except of ESP and 81 - * MH do not match any packets. 82 - * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol. 83 - */ 84 - __u16 proto; 85 - /* TOS to match iff flags & IP6T_F_TOS */ 86 - __u8 tos; 87 - 88 - /* Flags word */ 89 - __u8 flags; 90 - /* Inverse flags */ 91 - __u8 invflags; 92 - }; 93 - 94 - /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ 95 - #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper 96 - protocols */ 97 - #define IP6T_F_TOS 0x02 /* Match the TOS. */ 98 - #define IP6T_F_GOTO 0x04 /* Set if jump is a goto */ 99 - #define IP6T_F_MASK 0x07 /* All possible flag bits mask. */ 100 - 101 - /* Values for "inv" field in struct ip6t_ip6. */ 102 - #define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 103 - #define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ 104 - #define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */ 105 - #define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 106 - #define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 107 - #define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 108 - #define IP6T_INV_PROTO XT_INV_PROTO 109 - #define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ 110 - 111 - /* This structure defines each of the firewall rules. Consists of 3 112 - parts which are 1) general IP header stuff 2) match specific 113 - stuff 3) the target to perform if the rule matches */ 114 - struct ip6t_entry { 115 - struct ip6t_ip6 ipv6; 116 - 117 - /* Mark with fields that we care about. */ 118 - unsigned int nfcache; 119 - 120 - /* Size of ipt_entry + matches */ 121 - __u16 target_offset; 122 - /* Size of ipt_entry + matches + target */ 123 - __u16 next_offset; 124 - 125 - /* Back pointer */ 126 - unsigned int comefrom; 127 - 128 - /* Packet and byte counters. */ 129 - struct xt_counters counters; 130 - 131 - /* The matches (if any), then the target. */ 132 - unsigned char elems[0]; 133 - }; 134 - 135 - /* Standard entry */ 136 - struct ip6t_standard { 137 - struct ip6t_entry entry; 138 - struct xt_standard_target target; 139 - }; 140 - 141 - struct ip6t_error { 142 - struct ip6t_entry entry; 143 - struct xt_error_target target; 144 - }; 145 - 146 - #define IP6T_ENTRY_INIT(__size) \ 147 - { \ 148 - .target_offset = sizeof(struct ip6t_entry), \ 149 - .next_offset = (__size), \ 150 - } 151 - 152 - #define IP6T_STANDARD_INIT(__verdict) \ 153 - { \ 154 - .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ 155 - .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ 156 - sizeof(struct xt_standard_target)), \ 157 - .target.verdict = -(__verdict) - 1, \ 158 - } 159 - 160 - #define IP6T_ERROR_INIT \ 161 - { \ 162 - .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ 163 - .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ 164 - sizeof(struct xt_error_target)), \ 165 - .target.errorname = "ERROR", \ 166 - } 167 - 168 - /* 169 - * New IP firewall options for [gs]etsockopt at the RAW IP level. 170 - * Unlike BSD Linux inherits IP options so you don't have to use 171 - * a raw socket for this. Instead we check rights in the calls. 172 - * 173 - * ATTENTION: check linux/in6.h before adding new number here. 174 - */ 175 - #define IP6T_BASE_CTL 64 176 - 177 - #define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) 178 - #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) 179 - #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS 180 - 181 - #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) 182 - #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) 183 - #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) 184 - #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) 185 - #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET 186 - 187 - /* ICMP matching stuff */ 188 - struct ip6t_icmp { 189 - __u8 type; /* type to match */ 190 - __u8 code[2]; /* range of code */ 191 - __u8 invflags; /* Inverse flags */ 192 - }; 193 - 194 - /* Values for "inv" field for struct ipt_icmp. */ 195 - #define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */ 196 - 197 - /* The argument to IP6T_SO_GET_INFO */ 198 - struct ip6t_getinfo { 199 - /* Which table: caller fills this in. */ 200 - char name[XT_TABLE_MAXNAMELEN]; 201 - 202 - /* Kernel fills these in. */ 203 - /* Which hook entry points are valid: bitmask */ 204 - unsigned int valid_hooks; 205 - 206 - /* Hook entry points: one per netfilter hook. */ 207 - unsigned int hook_entry[NF_INET_NUMHOOKS]; 208 - 209 - /* Underflow points. */ 210 - unsigned int underflow[NF_INET_NUMHOOKS]; 211 - 212 - /* Number of entries */ 213 - unsigned int num_entries; 214 - 215 - /* Size of entries. */ 216 - unsigned int size; 217 - }; 218 - 219 - /* The argument to IP6T_SO_SET_REPLACE. */ 220 - struct ip6t_replace { 221 - /* Which table. */ 222 - char name[XT_TABLE_MAXNAMELEN]; 223 - 224 - /* Which hook entry points are valid: bitmask. You can't 225 - change this. */ 226 - unsigned int valid_hooks; 227 - 228 - /* Number of entries */ 229 - unsigned int num_entries; 230 - 231 - /* Total size of new entries */ 232 - unsigned int size; 233 - 234 - /* Hook entry points. */ 235 - unsigned int hook_entry[NF_INET_NUMHOOKS]; 236 - 237 - /* Underflow points. */ 238 - unsigned int underflow[NF_INET_NUMHOOKS]; 239 - 240 - /* Information about old entries: */ 241 - /* Number of counters (must be equal to current number of entries). */ 242 - unsigned int num_counters; 243 - /* The old entries' counters. */ 244 - struct xt_counters __user *counters; 245 - 246 - /* The entries (hang off end: not really an array). */ 247 - struct ip6t_entry entries[0]; 248 - }; 249 - 250 - /* The argument to IP6T_SO_GET_ENTRIES. */ 251 - struct ip6t_get_entries { 252 - /* Which table: user fills this in. */ 253 - char name[XT_TABLE_MAXNAMELEN]; 254 - 255 - /* User fills this in: total entry size. */ 256 - unsigned int size; 257 - 258 - /* The entries. */ 259 - struct ip6t_entry entrytable[0]; 260 - }; 261 - 262 - /* Helper functions */ 263 - static __inline__ struct xt_entry_target * 264 - ip6t_get_target(struct ip6t_entry *e) 265 - { 266 - return (void *)e + e->target_offset; 267 - } 268 - 269 - /* 270 - * Main firewall chains definitions and global var's definitions. 271 - */ 272 - 273 - #ifdef __KERNEL__ 274 21 275 22 #include <linux/init.h> 23 + #include <uapi/linux/netfilter_ipv6/ip6_tables.h> 24 + 276 25 extern void ip6t_init(void) __init; 277 26 278 27 extern void *ip6t_alloc_initial_table(const struct xt_table *); ··· 76 327 } 77 328 78 329 #endif /* CONFIG_COMPAT */ 79 - #endif /*__KERNEL__*/ 80 330 #endif /* _IP6_TABLES_H */

include/linux/netfilter_ipv6/ip6t_HL.h include/uapi/linux/netfilter_ipv6/ip6t_HL.h

include/linux/netfilter_ipv6/ip6t_LOG.h include/uapi/linux/netfilter_ipv6/ip6t_LOG.h

include/linux/netfilter_ipv6/ip6t_NPT.h include/uapi/linux/netfilter_ipv6/ip6t_NPT.h

include/linux/netfilter_ipv6/ip6t_REJECT.h include/uapi/linux/netfilter_ipv6/ip6t_REJECT.h

include/linux/netfilter_ipv6/ip6t_ah.h include/uapi/linux/netfilter_ipv6/ip6t_ah.h

include/linux/netfilter_ipv6/ip6t_frag.h include/uapi/linux/netfilter_ipv6/ip6t_frag.h

include/linux/netfilter_ipv6/ip6t_hl.h include/uapi/linux/netfilter_ipv6/ip6t_hl.h

include/linux/netfilter_ipv6/ip6t_ipv6header.h include/uapi/linux/netfilter_ipv6/ip6t_ipv6header.h

include/linux/netfilter_ipv6/ip6t_mh.h include/uapi/linux/netfilter_ipv6/ip6t_mh.h

include/linux/netfilter_ipv6/ip6t_opts.h include/uapi/linux/netfilter_ipv6/ip6t_opts.h

include/linux/netfilter_ipv6/ip6t_rt.h include/uapi/linux/netfilter_ipv6/ip6t_rt.h

+12

include/uapi/linux/netfilter_ipv6/Kbuild

··· 1 1 # UAPI Header export list 2 + header-y += ip6_tables.h 3 + header-y += ip6t_HL.h 4 + header-y += ip6t_LOG.h 5 + header-y += ip6t_NPT.h 6 + header-y += ip6t_REJECT.h 7 + header-y += ip6t_ah.h 8 + header-y += ip6t_frag.h 9 + header-y += ip6t_hl.h 10 + header-y += ip6t_ipv6header.h 11 + header-y += ip6t_mh.h 12 + header-y += ip6t_opts.h 13 + header-y += ip6t_rt.h

+267

include/uapi/linux/netfilter_ipv6/ip6_tables.h

··· 1 + /* 2 + * 25-Jul-1998 Major changes to allow for ip chain table 3 + * 4 + * 3-Jan-2000 Named tables to allow packet selection for different uses. 5 + */ 6 + 7 + /* 8 + * Format of an IP6 firewall descriptor 9 + * 10 + * src, dst, src_mask, dst_mask are always stored in network byte order. 11 + * flags are stored in host byte order (of course). 12 + * Port numbers are stored in HOST byte order. 13 + */ 14 + 15 + #ifndef _UAPI_IP6_TABLES_H 16 + #define _UAPI_IP6_TABLES_H 17 + 18 + #include <linux/types.h> 19 + #include <linux/compiler.h> 20 + #include <linux/netfilter_ipv6.h> 21 + 22 + #include <linux/netfilter/x_tables.h> 23 + 24 + #ifndef __KERNEL__ 25 + #define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 26 + #define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 27 + #define ip6t_match xt_match 28 + #define ip6t_target xt_target 29 + #define ip6t_table xt_table 30 + #define ip6t_get_revision xt_get_revision 31 + #define ip6t_entry_match xt_entry_match 32 + #define ip6t_entry_target xt_entry_target 33 + #define ip6t_standard_target xt_standard_target 34 + #define ip6t_error_target xt_error_target 35 + #define ip6t_counters xt_counters 36 + #define IP6T_CONTINUE XT_CONTINUE 37 + #define IP6T_RETURN XT_RETURN 38 + 39 + /* Pre-iptables-1.4.0 */ 40 + #include <linux/netfilter/xt_tcpudp.h> 41 + #define ip6t_tcp xt_tcp 42 + #define ip6t_udp xt_udp 43 + #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT 44 + #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT 45 + #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS 46 + #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION 47 + #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK 48 + #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT 49 + #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT 50 + #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK 51 + 52 + #define ip6t_counters_info xt_counters_info 53 + #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET 54 + #define IP6T_ERROR_TARGET XT_ERROR_TARGET 55 + #define IP6T_MATCH_ITERATE(e, fn, args...) \ 56 + XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) 57 + #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ 58 + XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) 59 + #endif 60 + 61 + /* Yes, Virginia, you have to zero the padding. */ 62 + struct ip6t_ip6 { 63 + /* Source and destination IP6 addr */ 64 + struct in6_addr src, dst; 65 + /* Mask for src and dest IP6 addr */ 66 + struct in6_addr smsk, dmsk; 67 + char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 68 + unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 69 + 70 + /* Upper protocol number 71 + * - The allowed value is 0 (any) or protocol number of last parsable 72 + * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or 73 + * the non IPv6 extension headers. 74 + * - The protocol numbers of IPv6 extension headers except of ESP and 75 + * MH do not match any packets. 76 + * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol. 77 + */ 78 + __u16 proto; 79 + /* TOS to match iff flags & IP6T_F_TOS */ 80 + __u8 tos; 81 + 82 + /* Flags word */ 83 + __u8 flags; 84 + /* Inverse flags */ 85 + __u8 invflags; 86 + }; 87 + 88 + /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ 89 + #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper 90 + protocols */ 91 + #define IP6T_F_TOS 0x02 /* Match the TOS. */ 92 + #define IP6T_F_GOTO 0x04 /* Set if jump is a goto */ 93 + #define IP6T_F_MASK 0x07 /* All possible flag bits mask. */ 94 + 95 + /* Values for "inv" field in struct ip6t_ip6. */ 96 + #define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 97 + #define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ 98 + #define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */ 99 + #define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 100 + #define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 101 + #define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 102 + #define IP6T_INV_PROTO XT_INV_PROTO 103 + #define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ 104 + 105 + /* This structure defines each of the firewall rules. Consists of 3 106 + parts which are 1) general IP header stuff 2) match specific 107 + stuff 3) the target to perform if the rule matches */ 108 + struct ip6t_entry { 109 + struct ip6t_ip6 ipv6; 110 + 111 + /* Mark with fields that we care about. */ 112 + unsigned int nfcache; 113 + 114 + /* Size of ipt_entry + matches */ 115 + __u16 target_offset; 116 + /* Size of ipt_entry + matches + target */ 117 + __u16 next_offset; 118 + 119 + /* Back pointer */ 120 + unsigned int comefrom; 121 + 122 + /* Packet and byte counters. */ 123 + struct xt_counters counters; 124 + 125 + /* The matches (if any), then the target. */ 126 + unsigned char elems[0]; 127 + }; 128 + 129 + /* Standard entry */ 130 + struct ip6t_standard { 131 + struct ip6t_entry entry; 132 + struct xt_standard_target target; 133 + }; 134 + 135 + struct ip6t_error { 136 + struct ip6t_entry entry; 137 + struct xt_error_target target; 138 + }; 139 + 140 + #define IP6T_ENTRY_INIT(__size) \ 141 + { \ 142 + .target_offset = sizeof(struct ip6t_entry), \ 143 + .next_offset = (__size), \ 144 + } 145 + 146 + #define IP6T_STANDARD_INIT(__verdict) \ 147 + { \ 148 + .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ 149 + .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ 150 + sizeof(struct xt_standard_target)), \ 151 + .target.verdict = -(__verdict) - 1, \ 152 + } 153 + 154 + #define IP6T_ERROR_INIT \ 155 + { \ 156 + .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ 157 + .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ 158 + sizeof(struct xt_error_target)), \ 159 + .target.errorname = "ERROR", \ 160 + } 161 + 162 + /* 163 + * New IP firewall options for [gs]etsockopt at the RAW IP level. 164 + * Unlike BSD Linux inherits IP options so you don't have to use 165 + * a raw socket for this. Instead we check rights in the calls. 166 + * 167 + * ATTENTION: check linux/in6.h before adding new number here. 168 + */ 169 + #define IP6T_BASE_CTL 64 170 + 171 + #define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) 172 + #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) 173 + #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS 174 + 175 + #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) 176 + #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) 177 + #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) 178 + #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) 179 + #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET 180 + 181 + /* ICMP matching stuff */ 182 + struct ip6t_icmp { 183 + __u8 type; /* type to match */ 184 + __u8 code[2]; /* range of code */ 185 + __u8 invflags; /* Inverse flags */ 186 + }; 187 + 188 + /* Values for "inv" field for struct ipt_icmp. */ 189 + #define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */ 190 + 191 + /* The argument to IP6T_SO_GET_INFO */ 192 + struct ip6t_getinfo { 193 + /* Which table: caller fills this in. */ 194 + char name[XT_TABLE_MAXNAMELEN]; 195 + 196 + /* Kernel fills these in. */ 197 + /* Which hook entry points are valid: bitmask */ 198 + unsigned int valid_hooks; 199 + 200 + /* Hook entry points: one per netfilter hook. */ 201 + unsigned int hook_entry[NF_INET_NUMHOOKS]; 202 + 203 + /* Underflow points. */ 204 + unsigned int underflow[NF_INET_NUMHOOKS]; 205 + 206 + /* Number of entries */ 207 + unsigned int num_entries; 208 + 209 + /* Size of entries. */ 210 + unsigned int size; 211 + }; 212 + 213 + /* The argument to IP6T_SO_SET_REPLACE. */ 214 + struct ip6t_replace { 215 + /* Which table. */ 216 + char name[XT_TABLE_MAXNAMELEN]; 217 + 218 + /* Which hook entry points are valid: bitmask. You can't 219 + change this. */ 220 + unsigned int valid_hooks; 221 + 222 + /* Number of entries */ 223 + unsigned int num_entries; 224 + 225 + /* Total size of new entries */ 226 + unsigned int size; 227 + 228 + /* Hook entry points. */ 229 + unsigned int hook_entry[NF_INET_NUMHOOKS]; 230 + 231 + /* Underflow points. */ 232 + unsigned int underflow[NF_INET_NUMHOOKS]; 233 + 234 + /* Information about old entries: */ 235 + /* Number of counters (must be equal to current number of entries). */ 236 + unsigned int num_counters; 237 + /* The old entries' counters. */ 238 + struct xt_counters __user *counters; 239 + 240 + /* The entries (hang off end: not really an array). */ 241 + struct ip6t_entry entries[0]; 242 + }; 243 + 244 + /* The argument to IP6T_SO_GET_ENTRIES. */ 245 + struct ip6t_get_entries { 246 + /* Which table: user fills this in. */ 247 + char name[XT_TABLE_MAXNAMELEN]; 248 + 249 + /* User fills this in: total entry size. */ 250 + unsigned int size; 251 + 252 + /* The entries. */ 253 + struct ip6t_entry entrytable[0]; 254 + }; 255 + 256 + /* Helper functions */ 257 + static __inline__ struct xt_entry_target * 258 + ip6t_get_target(struct ip6t_entry *e) 259 + { 260 + return (void *)e + e->target_offset; 261 + } 262 + 263 + /* 264 + * Main firewall chains definitions and global var's definitions. 265 + */ 266 + 267 + #endif /* _UAPI_IP6_TABLES_H */