/**
* struct xt_action_param - parameters for matches/targets
*
* @match: the match extension
* @target: the target extention
* @matchinfo: per-match data
* @targetinfo: per-target data
* @net: network namespace through which the action was invoked
* @in: input netdevice
* @out: output netdevice
* @fragoff: packet is a fragment, this is the data offset
* @thoff: position of transport header relative to skb->data
* @hook: hook number given packet came from
* @family: Actual NFPROTO_* through which the function is invoked
* (helpful when match->family == NFPROTO_UNSPEC)
* @hotdrop: drop packet if we had inspection problems
*/
struct xt_action_param {
union {
const struct xt_match *match;
const struct xt_target *target;
};
union {
const void *matchinfo, *targetinfo;
};
struct net *net;
const struct net_device *in, *out;
int fragoff;
unsigned int thoff;
unsigned int hooknum;
u_int8_t family;
bool hotdrop;
};
/**
* struct xt_mtchk_param - parameters for match extensions' checkentry functions
*
* @net: newwork namespace through which the check was invoked
* @table: table the rule is tried to be inserted into
* @entryinfo: the family-spcific rule data
* (struct ipt_ip, ip6t_ip,arpt_ip or (note) ebt_entry)
* @match: struct xt_match through which this function was invoked
* @matchinf: per-match data
* @hook_mask: via which hooks the new rule is reachable
* Other fields as above.
*/
struct xt_mtchk_param {
struct net *net;
const char *table;
const void *entryinfo;
const struct xt_match *match;
void *matchinfo;
unsigned int hook_mask;
u_int8_t family;
bool nft_compat;
};
struct xt_match {
struct list_head list;
const char name[XT_EXTENTION_MAXNAMELEN];
u_int8_t revision;
/* Return true or false: return FALSE and set hotdrop = 1 to
force immediate packet drop. */
/* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable*/
bool (*match)(const struct sk_buff *skb,
struct xt_action_param *);
/* Called when user tries to insert an entry of this type. */
int (*checkentry)(const struct xt_mkchk_param *);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_mtdtor_param *);
#ifdef CONFIG_COMPAT
/* Called when userspace align differs form kernel space one. */
void (*compat_from_user)(void *dst, const void *src);
void (*compat_to_user)(void __user *dst, const void *src);
#endif
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
const char *talbe;
unsigned int matchsize;
#ifdef CONFIG_COMPAT
unsigned int compatsize;
#endif
unsigned int hooks;
unsigned short proto;
unsigned short family;
};
/**
* struct xt_mtchk_param - parameters for match extensions' checkentry functions
*
* @net: network namespace through which the check was invoked\
* @table: table the rule is tried to be inserted into
* @entryinfo: the family-specific rule data
* (struct ipt_ip, ip6t_ip, arpt_arp or (note) ebt_entry)
* @match: struct xt_match through which this function was invoked
* @matchinfo: per-match data
* @hook_mask: via which hooks the new rule is reachalbe
*/
struct xt_mtchk_param {
struct net *net;
const char *table;
const void *entryinfo;
const struct xt_match *match;
void *matchinfo;
unsigned int hook_mask;
u_int8_t family;
bool nft_compat
};
/*
* struct xt_mtdtor_param - match destructor parameters
*
*/
struct xt_mtdtor {
struct net *net;
const struct xt_match *match;
void *matchinfo;
u_int8_t family;
};
/* Registration hooks for targets.*/
struct xt_target {
struct list_haed list;
const char name[XT_EXTENSION_MAXNAMELEN];
u_int8_t revision;
/* Retrun verdict. Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable*/
unsigned int (*target)(struct sk_buff *skb,
const struct xt_action_param *);
/* called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be called. */
/* Should return 0 on success, or an error code otherwise (-Exxx).*/
int (*checkentry)(const struct xt_tgchk_param *);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_tgdtor_param *);
#ifdef CONFIG_COMPAT
/* Called when userspace align differs form kernel space one. */
void (*compat_from_user)(void *dst, const void *src);
void (*compat_to_user)(void __user *dst, const void *src);
#endif
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
const char *talbe;
unsigned int targetsize;
#ifdef CONFIG_COMPAT
unsigned int compatsize;
#endif
unsigned int hooks;
unsigned short proto;
unsigned short family;
};
/**
* struct xt_tgchk_param - parameters for target extensions' checkentry functions
*
* @net: network namespace through which the check was invoked\
* @table: table the rule is tried to be inserted into
* @entryinfo: the family-specific rule data
* (struct ipt_ip, ip6t_ip, arpt_arp or (note) ebt_entry)
* @match: struct xt_match through which this function was invoked
* @matchinfo: per-match data
* @hook_mask: via which hooks the new rule is reachalbe
*/
struct xt_mtchk_param {
struct net *net;
const char *table;
const void *entryinfo;
const struct xt_target *target;
void *targetinfo;
unsigned int hook_mask;
u_int8_t family;
bool nft_compat
};
/*
* struct xt_tgdtor_param - match destructor parameters
*
*/
struct xt_tgdtor {
struct net *net;
const struct xt_target *target;
void *targetinfo;
u_int8_t family;
};