1/* 2 * 25-Jul-1998 Major changes to allow for ip chain table 3 * 4 * 3-Jan-2000 Named tables to allow packet selection for different uses. 5 */ 6 7/* 8 * Format of an IP6 firewall descriptor 9 * 10 * src, dst, src_mask, dst_mask are always stored in network byte order. 11 * flags are stored in host byte order (of course). 12 * Port numbers are stored in HOST byte order. 13 */ 14#ifndef _IP6_TABLES_H 15#define _IP6_TABLES_H 16 17#include <linux/if.h> 18#include <linux/in6.h> 19#include <linux/ipv6.h> 20#include <linux/skbuff.h> 21 22#include <linux/init.h> 23#include <uapi/linux/netfilter_ipv6/ip6_tables.h> 24 25extern void ip6t_init(void) __init; 26 27extern void *ip6t_alloc_initial_table(const struct xt_table *); 28extern struct xt_table *ip6t_register_table(struct net *net, 29 const struct xt_table *table, 30 const struct ip6t_replace *repl); 31extern void ip6t_unregister_table(struct net *net, struct xt_table *table); 32extern unsigned int ip6t_do_table(struct sk_buff *skb, 33 unsigned int hook, 34 const struct nf_hook_state *state, 35 struct xt_table *table); 36 37/* Check for an extension */ 38static inline int 39ip6t_ext_hdr(u8 nexthdr) 40{ return (nexthdr == IPPROTO_HOPOPTS) || 41 (nexthdr == IPPROTO_ROUTING) || 42 (nexthdr == IPPROTO_FRAGMENT) || 43 (nexthdr == IPPROTO_ESP) || 44 (nexthdr == IPPROTO_AH) || 45 (nexthdr == IPPROTO_NONE) || 46 (nexthdr == IPPROTO_DSTOPTS); 47} 48 49#ifdef CONFIG_COMPAT 50#include <net/compat.h> 51 52struct compat_ip6t_entry { 53 struct ip6t_ip6 ipv6; 54 compat_uint_t nfcache; 55 __u16 target_offset; 56 __u16 next_offset; 57 compat_uint_t comefrom; 58 struct compat_xt_counters counters; 59 unsigned char elems[0]; 60}; 61 62static inline struct xt_entry_target * 63compat_ip6t_get_target(struct compat_ip6t_entry *e) 64{ 65 return (void *)e + e->target_offset; 66} 67 68#endif /* CONFIG_COMPAT */ 69#endif /* _IP6_TABLES_H */ 70