1/* 2 * 25-Jul-1998 Major changes to allow for ip chain table 3 * 4 * 3-Jan-2000 Named tables to allow packet selection for different uses. 5 */ 6 7/* 8 * Format of an IP6 firewall descriptor 9 * 10 * src, dst, src_mask, dst_mask are always stored in network byte order. 11 * flags are stored in host byte order (of course). 12 * Port numbers are stored in HOST byte order. 13 */ 14#ifndef _IP6_TABLES_H 15#define _IP6_TABLES_H 16 17#include <linux/if.h> 18#include <linux/in6.h> 19#include <linux/ipv6.h> 20#include <linux/skbuff.h> 21 22#include <linux/init.h> 23#include <uapi/linux/netfilter_ipv6/ip6_tables.h> 24 25extern void ip6t_init(void) __init; 26 27extern void *ip6t_alloc_initial_table(const struct xt_table *); 28extern struct xt_table *ip6t_register_table(struct net *net, 29 const struct xt_table *table, 30 const struct ip6t_replace *repl); 31extern void ip6t_unregister_table(struct net *net, struct xt_table *table); 32extern unsigned int ip6t_do_table(struct sk_buff *skb, 33 unsigned int hook, 34 const struct net_device *in, 35 const struct net_device *out, 36 struct xt_table *table); 37 38/* Check for an extension */ 39static inline int 40ip6t_ext_hdr(u8 nexthdr) 41{ return (nexthdr == IPPROTO_HOPOPTS) || 42 (nexthdr == IPPROTO_ROUTING) || 43 (nexthdr == IPPROTO_FRAGMENT) || 44 (nexthdr == IPPROTO_ESP) || 45 (nexthdr == IPPROTO_AH) || 46 (nexthdr == IPPROTO_NONE) || 47 (nexthdr == IPPROTO_DSTOPTS); 48} 49 50#ifdef CONFIG_COMPAT 51#include <net/compat.h> 52 53struct compat_ip6t_entry { 54 struct ip6t_ip6 ipv6; 55 compat_uint_t nfcache; 56 __u16 target_offset; 57 __u16 next_offset; 58 compat_uint_t comefrom; 59 struct compat_xt_counters counters; 60 unsigned char elems[0]; 61}; 62 63static inline struct xt_entry_target * 64compat_ip6t_get_target(struct compat_ip6t_entry *e) 65{ 66 return (void *)e + e->target_offset; 67} 68 69#endif /* CONFIG_COMPAT */ 70#endif /* _IP6_TABLES_H */ 71