Lines Matching full:chain
6 * Each user chain starts with an ERROR node.
7 * Every chain ends with an unconditional jump: a RETURN for user chains,
16 * - Reimplementation of chain cache to use offsets instead of entries
19 * don't rebuild the chain cache after every operation, instead fix it
87 IPTCC_R_JUMP, /* jump to other chain */
93 struct chain_head *chain;
114 STRUCT_COUNTERS counters; /* per-chain counters */
139 /* allocate a new chain head for the cache */
162 r->chain = c;
270 /* Is the given chain builtin (1) or user-defined (0) */
276 /* Get a specific rule within a chain */
291 /* Get a specific rule within a chain backwards */
306 /* Returns chain head if found, otherwise NULL. */
323 /* Returns chain head if found, otherwise NULL. */
345 /* clean up reference count of called chain */
359 /* Delete policy rule of previous chain, since cache doesn't contain
360 * chain policy rules.
394 /* alphabetically insert a chain into the list */
441 /* This is the ERROR node at the end of the chain */
450 /* We know this is the start of a new chain if it's an ERROR
456 DEBUGP_C("%u:%u:new userdefined chain %s: %p\n", *num, offset,
469 DEBUGP_C("%u:%u new builtin chain: %p (rules=%p)\n",
627 /* compile chain from cache into blob */
637 /* put chain header in place */
657 /* put chain footer in place */
685 /* Chain has header */
724 /* Append one error rule at end of chain */
746 /* Append error rule at end of chain */
940 /* Does this chain exist? */
941 int TC_IS_CHAIN(const char *chain, const TC_HANDLE_T handle)
944 return iptcc_find_label(chain, handle) != NULL;
999 /* Get first rule in the given chain: NULL for empty chain. */
1001 TC_FIRST_RULE(const char *chain, TC_HANDLE_T *handle)
1008 DEBUGP("first rule(%s): ", chain);
1010 c = iptcc_find_label(chain, *handle);
1016 /* Empty chain: single return/policy rule */
1049 &(*handle)->rule_iterator_cur->chain->rules);
1051 if (&r->list == &(*handle)->rule_iterator_cur->chain->rules) {
1064 /* How many rules in this chain? */
1066 TC_NUM_RULES(const char *chain, TC_HANDLE_T *handle)
1072 c = iptcc_find_label(chain, *handle);
1081 const STRUCT_ENTRY *TC_GET_RULE(const char *chain,
1092 c = iptcc_find_label(chain, *handle);
1159 /* Is this a built-in chain? Actually returns hook + 1. */
1161 TC_BUILTIN(const char *chain, const TC_HANDLE_T handle)
1167 c = iptcc_find_label(chain, handle);
1176 /* Get the policy of a given built-in chain */
1178 TC_GET_POLICY(const char *chain,
1186 DEBUGP("called for chain %s\n", chain);
1188 c = iptcc_find_label(chain, *handle);
1251 /* Maybe it's an existing chain name. */
1253 DEBUGP("trying to find chain `%s': ", t->u.user.name);
1276 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
1278 TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
1289 if (!(c = iptcc_find_label(chain, *handle))) {
1335 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
1337 TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
1347 if (!(c = iptcc_find_label(chain, *handle))) {
1385 /* Append entry `fw' to chain `chain'. Equivalent to insert with
1386 rulenum = length of chain. */
1388 TC_APPEND_ENTRY(const IPT_CHAINLABEL chain,
1396 if (!(c = iptcc_find_label(chain, *handle))) {
1397 DEBUGP("unable to find chain `%s'\n", chain);
1403 DEBUGP("unable to allocate rule for chain `%s'\n", chain);
1412 DEBUGP("unable to map target of rule for chain `%s'\n", chain);
1493 /* Delete the first rule in `chain' which matches `fw'. */
1495 TC_DELETE_ENTRY(const IPT_CHAINLABEL chain,
1504 if (!(c = iptcc_find_label(chain, *handle))) {
1519 DEBUGP("unable to map target of rule for chain `%s'\n", chain);
1523 /* iptcc_map_target increment target chain references
1525 * the chain references count is decremented again.
1565 /* Delete the rule in position `rulenum' in `chain'. */
1567 TC_DELETE_NUM_ENTRY(const IPT_CHAINLABEL chain,
1576 if (!(c = iptcc_find_label(chain, *handle))) {
1610 /* Check the packet `fw' on chain `chain'. Returns the verdict, or
1613 TC_CHECK_PACKET(const IPT_CHAINLABEL chain,
1622 /* Flushes the entries in the given chain (ie. empties chain). */
1624 TC_FLUSH_ENTRIES(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
1630 if (!(c = iptcc_find_label(chain, *handle))) {
1646 /* Zeroes the counters in a chain. */
1648 TC_ZERO_ENTRIES(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
1654 if (!(c = iptcc_find_label(chain, *handle))) {
1673 TC_READ_COUNTER(const IPT_CHAINLABEL chain,
1683 if (!(c = iptcc_find_label(chain, *handle))) {
1697 TC_ZERO_COUNTER(const IPT_CHAINLABEL chain,
1707 if (!(c = iptcc_find_label(chain, *handle))) {
1726 TC_SET_COUNTER(const IPT_CHAINLABEL chain,
1738 if (!(c = iptcc_find_label(chain, *handle))) {
1758 /* Creates a new chain. */
1759 /* To create a chain, create two rules: error node and unconditional
1762 TC_CREATE_CHAIN(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
1770 if (iptcc_find_label(chain, *handle)
1771 || strcmp(chain, LABEL_DROP) == 0
1772 || strcmp(chain, LABEL_ACCEPT) == 0
1773 || strcmp(chain, LABEL_QUEUE) == 0
1774 || strcmp(chain, LABEL_RETURN) == 0) {
1775 DEBUGP("Chain `%s' already exists\n", chain);
1780 if (strlen(chain)+1 > sizeof(IPT_CHAINLABEL)) {
1781 DEBUGP("Chain name `%s' too long\n", chain);
1786 c = iptcc_alloc_chain_head(chain, 0);
1788 DEBUGP("Cannot allocate memory for chain `%s'\n", chain);
1794 DEBUGP("Creating chain `%s'\n", chain);
1802 /* Get the number of references to this chain. */
1804 TC_GET_REFERENCES(unsigned int *ref, const IPT_CHAINLABEL chain,
1810 if (!(c = iptcc_find_label(chain, *handle))) {
1820 /* Deletes a chain. */
1822 TC_DELETE_CHAIN(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
1829 if (!(c = iptcc_find_label(chain, *handle))) {
1830 DEBUGP("cannot find chain `%s'\n", chain);
1835 if (TC_BUILTIN(chain, *handle)) {
1836 DEBUGP("cannot remove builtin chain `%s'\n", chain);
1841 if (!TC_GET_REFERENCES(&references, chain, handle)) {
1842 DEBUGP("cannot get references on chain `%s'\n", chain);
1847 DEBUGP("chain `%s' still has references\n", chain);
1853 DEBUGP("chain `%s' is not empty\n", chain);
1858 /* If we are about to delete the chain that is the current
1859 * iterator, move chain iterator firward. */
1866 DEBUGP("chain `%s' deleted\n", chain);
1873 /* Renames a chain. */
1910 /* Sets the policy on a built-in chain. */
1912 TC_SET_POLICY(const IPT_CHAINLABEL chain,
1921 if (!(c = iptcc_find_label(chain, *handle))) {
1922 DEBUGP("cannot find chain `%s'\n", chain);
1928 DEBUGP("cannot set policy of userdefinedchain `%s'\n", chain);
2122 DEBUGP("counter for chain-index %u: ", c->foot_index);
2244 { TC_DELETE_CHAIN, ENOTEMPTY, "Chain is not empty" },
2245 { TC_DELETE_CHAIN, EINVAL, "Can't delete built-in chain" },
2247 "Can't delete chain with references left" },
2248 { TC_CREATE_CHAIN, EEXIST, "Chain already exists" },
2263 "Bad rule (does a matching rule exist in that chain?)" },
2265 "Bad built-in chain name" },
2273 { NULL, ENOENT, "No chain/target/match by that name" },
