Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * ebtables | |
3 | * | |
4 | * Authors: | |
5 | * Bart De Schuymer <bdschuym@pandora.be> | |
6 | * | |
7 | * ebtables.c,v 2.0, April, 2002 | |
8 | * | |
069d4a7b | 9 | * This code is strongly inspired by the iptables code which is |
1da177e4 LT |
10 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling |
11 | */ | |
1da177e4 LT |
12 | #ifndef __LINUX_BRIDGE_EFF_H |
13 | #define __LINUX_BRIDGE_EFF_H | |
1da177e4 | 14 | |
24477e57 PNA |
15 | #include <linux/if.h> |
16 | #include <linux/if_ether.h> | |
55c5cd3c | 17 | #include <uapi/linux/netfilter_bridge/ebtables.h> |
1e419cd9 | 18 | |
1da177e4 LT |
19 | /* return values for match() functions */ |
20 | #define EBT_MATCH 0 | |
21 | #define EBT_NOMATCH 1 | |
22 | ||
d94d9fee | 23 | struct ebt_match { |
1da177e4 LT |
24 | struct list_head list; |
25 | const char name[EBT_FUNCTION_MAXNAMELEN]; | |
8cc784ee | 26 | bool (*match)(const struct sk_buff *skb, const struct net_device *in, |
2d06d4a5 JE |
27 | const struct net_device *out, const struct xt_match *match, |
28 | const void *matchinfo, int offset, unsigned int protoff, | |
29 | bool *hotdrop); | |
30 | bool (*checkentry)(const char *table, const void *entry, | |
31 | const struct xt_match *match, void *matchinfo, | |
32 | unsigned int hook_mask); | |
33 | void (*destroy)(const struct xt_match *match, void *matchinfo); | |
18219d3f | 34 | unsigned int matchsize; |
001a18d3 JE |
35 | u_int8_t revision; |
36 | u_int8_t family; | |
1da177e4 LT |
37 | struct module *me; |
38 | }; | |
39 | ||
d94d9fee | 40 | struct ebt_watcher { |
1da177e4 LT |
41 | struct list_head list; |
42 | const char name[EBT_FUNCTION_MAXNAMELEN]; | |
2d06d4a5 JE |
43 | unsigned int (*target)(struct sk_buff *skb, |
44 | const struct net_device *in, const struct net_device *out, | |
45 | unsigned int hook_num, const struct xt_target *target, | |
46 | const void *targinfo); | |
47 | bool (*checkentry)(const char *table, const void *entry, | |
48 | const struct xt_target *target, void *targinfo, | |
49 | unsigned int hook_mask); | |
50 | void (*destroy)(const struct xt_target *target, void *targinfo); | |
18219d3f | 51 | unsigned int targetsize; |
001a18d3 JE |
52 | u_int8_t revision; |
53 | u_int8_t family; | |
1da177e4 LT |
54 | struct module *me; |
55 | }; | |
56 | ||
d94d9fee | 57 | struct ebt_target { |
1da177e4 LT |
58 | struct list_head list; |
59 | const char name[EBT_FUNCTION_MAXNAMELEN]; | |
0ac6ab1f | 60 | /* returns one of the standard EBT_* verdicts */ |
2d06d4a5 JE |
61 | unsigned int (*target)(struct sk_buff *skb, |
62 | const struct net_device *in, const struct net_device *out, | |
63 | unsigned int hook_num, const struct xt_target *target, | |
64 | const void *targinfo); | |
65 | bool (*checkentry)(const char *table, const void *entry, | |
66 | const struct xt_target *target, void *targinfo, | |
67 | unsigned int hook_mask); | |
68 | void (*destroy)(const struct xt_target *target, void *targinfo); | |
18219d3f | 69 | unsigned int targetsize; |
001a18d3 JE |
70 | u_int8_t revision; |
71 | u_int8_t family; | |
1da177e4 LT |
72 | struct module *me; |
73 | }; | |
74 | ||
75 | /* used for jumping from and into user defined chains (udc) */ | |
d94d9fee | 76 | struct ebt_chainstack { |
1da177e4 LT |
77 | struct ebt_entries *chaininfo; /* pointer to chain data */ |
78 | struct ebt_entry *e; /* pointer to entry data */ | |
79 | unsigned int n; /* n'th entry */ | |
80 | }; | |
81 | ||
d94d9fee | 82 | struct ebt_table_info { |
1da177e4 LT |
83 | /* total size of the entries */ |
84 | unsigned int entries_size; | |
85 | unsigned int nentries; | |
86 | /* pointers to the start of the chains */ | |
87 | struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; | |
88 | /* room to maintain the stack used for jumping from and into udc */ | |
89 | struct ebt_chainstack **chainstack; | |
90 | char *entries; | |
91 | struct ebt_counter counters[0] ____cacheline_aligned; | |
92 | }; | |
93 | ||
d94d9fee | 94 | struct ebt_table { |
1da177e4 LT |
95 | struct list_head list; |
96 | char name[EBT_TABLE_MAXNAMELEN]; | |
1e419cd9 | 97 | struct ebt_replace_kernel *table; |
1da177e4 LT |
98 | unsigned int valid_hooks; |
99 | rwlock_t lock; | |
100 | /* e.g. could be the table explicitly only allows certain | |
101 | * matches, targets, ... 0 == let it in */ | |
102 | int (*check)(const struct ebt_table_info *info, | |
103 | unsigned int valid_hooks); | |
104 | /* the data used by the kernel */ | |
105 | struct ebt_table_info *private; | |
106 | struct module *me; | |
107 | }; | |
108 | ||
88ba136d JW |
109 | #define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \ |
110 | ~(__alignof__(struct _xt_align)-1)) | |
6beceee5 | 111 | extern struct ebt_table *ebt_register_table(struct net *net, |
35aad0ff | 112 | const struct ebt_table *table); |
f54e9367 | 113 | extern void ebt_unregister_table(struct net *net, struct ebt_table *table); |
97b59c3a EB |
114 | extern unsigned int ebt_do_table(struct sk_buff *skb, |
115 | const struct nf_hook_state *state, | |
116 | struct ebt_table *table); | |
1da177e4 LT |
117 | |
118 | /* Used in the kernel match() functions */ | |
119 | #define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg)) | |
120 | /* True if the hook mask denotes that the rule is in a base chain, | |
121 | * used in the check() functions */ | |
af5d6dc2 | 122 | #define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS)) |
1da177e4 | 123 | /* Clear the bit in the hook mask that tells if the rule is on a base chain */ |
af5d6dc2 | 124 | #define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS)) |
1da177e4 LT |
125 | /* True if the target is not a standard target */ |
126 | #define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) | |
127 | ||
1da177e4 | 128 | #endif |