projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
| 1da177e4 LT |
2 | /* |
| 3 | * ebtables | |
| 4 | * | |
| 5 | * Authors: | |
| 6 | * Bart De Schuymer <bdschuym@pandora.be> | |
| 7 | * | |
| 8 | * ebtables.c,v 2.0, April, 2002 | |
| 9 | * | |
| 069d4a7b | 10 | * This code is strongly inspired by the iptables code which is |
| 1da177e4 LT |
11 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling |
| 12 | */ | |
| 1da177e4 LT |
13 | #ifndef __LINUX_BRIDGE_EFF_H |
| 14 | #define __LINUX_BRIDGE_EFF_H | |
| 1da177e4 | 15 | |
| 24477e57 PNA |
16 | #include <linux/if.h> |
| 17 | #include <linux/if_ether.h> | |
| 55c5cd3c | 18 | #include <uapi/linux/netfilter_bridge/ebtables.h> |
| 1e419cd9 | 19 | |
| d94d9fee | 20 | struct ebt_match { |
| 1da177e4 LT |
21 | struct list_head list; |
| 22 | const char name[EBT_FUNCTION_MAXNAMELEN]; | |
| 8cc784ee | 23 | bool (*match)(const struct sk_buff *skb, const struct net_device *in, |
| 2d06d4a5 JE |
24 | const struct net_device *out, const struct xt_match *match, |
| 25 | const void *matchinfo, int offset, unsigned int protoff, | |
| 26 | bool *hotdrop); | |
| 27 | bool (*checkentry)(const char *table, const void *entry, | |
| 28 | const struct xt_match *match, void *matchinfo, | |
| 29 | unsigned int hook_mask); | |
| 30 | void (*destroy)(const struct xt_match *match, void *matchinfo); | |
| 18219d3f | 31 | unsigned int matchsize; |
| 001a18d3 JE |
32 | u_int8_t revision; |
| 33 | u_int8_t family; | |
| 1da177e4 LT |
34 | struct module *me; |
| 35 | }; | |
| 36 | ||
| d94d9fee | 37 | struct ebt_watcher { |
| 1da177e4 LT |
38 | struct list_head list; |
| 39 | const char name[EBT_FUNCTION_MAXNAMELEN]; | |
| 2d06d4a5 JE |
40 | unsigned int (*target)(struct sk_buff *skb, |
| 41 | const struct net_device *in, const struct net_device *out, | |
| 42 | unsigned int hook_num, const struct xt_target *target, | |
| 43 | const void *targinfo); | |
| 44 | bool (*checkentry)(const char *table, const void *entry, | |
| 45 | const struct xt_target *target, void *targinfo, | |
| 46 | unsigned int hook_mask); | |
| 47 | void (*destroy)(const struct xt_target *target, void *targinfo); | |
| 18219d3f | 48 | unsigned int targetsize; |
| 001a18d3 JE |
49 | u_int8_t revision; |
| 50 | u_int8_t family; | |
| 1da177e4 LT |
51 | struct module *me; |
| 52 | }; | |
| 53 | ||
| d94d9fee | 54 | struct ebt_target { |
| 1da177e4 LT |
55 | struct list_head list; |
| 56 | const char name[EBT_FUNCTION_MAXNAMELEN]; | |
| 0ac6ab1f | 57 | /* returns one of the standard EBT_* verdicts */ |
| 2d06d4a5 JE |
58 | unsigned int (*target)(struct sk_buff *skb, |
| 59 | const struct net_device *in, const struct net_device *out, | |
| 60 | unsigned int hook_num, const struct xt_target *target, | |
| 61 | const void *targinfo); | |
| 62 | bool (*checkentry)(const char *table, const void *entry, | |
| 63 | const struct xt_target *target, void *targinfo, | |
| 64 | unsigned int hook_mask); | |
| 65 | void (*destroy)(const struct xt_target *target, void *targinfo); | |
| 18219d3f | 66 | unsigned int targetsize; |
| 001a18d3 JE |
67 | u_int8_t revision; |
| 68 | u_int8_t family; | |
| 1da177e4 LT |
69 | struct module *me; |
| 70 | }; | |
| 71 | ||
| 72 | /* used for jumping from and into user defined chains (udc) */ | |
| d94d9fee | 73 | struct ebt_chainstack { |
| 1da177e4 LT |
74 | struct ebt_entries *chaininfo; /* pointer to chain data */ |
| 75 | struct ebt_entry *e; /* pointer to entry data */ | |
| 76 | unsigned int n; /* n'th entry */ | |
| 77 | }; | |
| 78 | ||
| d94d9fee | 79 | struct ebt_table_info { |
| 1da177e4 LT |
80 | /* total size of the entries */ |
| 81 | unsigned int entries_size; | |
| 82 | unsigned int nentries; | |
| 83 | /* pointers to the start of the chains */ | |
| 84 | struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; | |
| 85 | /* room to maintain the stack used for jumping from and into udc */ | |
| 86 | struct ebt_chainstack **chainstack; | |
| 87 | char *entries; | |
| 6daf1414 | 88 | struct ebt_counter counters[] ____cacheline_aligned; |
| 1da177e4 LT |
89 | }; |
| 90 | ||
| d94d9fee | 91 | struct ebt_table { |
| 1da177e4 LT |
92 | struct list_head list; |
| 93 | char name[EBT_TABLE_MAXNAMELEN]; | |
| 1e419cd9 | 94 | struct ebt_replace_kernel *table; |
| 1da177e4 LT |
95 | unsigned int valid_hooks; |
| 96 | rwlock_t lock; | |
| 1da177e4 LT |
97 | /* the data used by the kernel */ |
| 98 | struct ebt_table_info *private; | |
| 4c95e072 | 99 | struct nf_hook_ops *ops; |
| 1da177e4 LT |
100 | struct module *me; |
| 101 | }; | |
| 102 | ||
| 88ba136d JW |
103 | #define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \ |
| 104 | ~(__alignof__(struct _xt_align)-1)) | |
| f19438bd | 105 | |
| e6b72ee8 AS |
106 | extern int ebt_register_table(struct net *net, |
| 107 | const struct ebt_table *table, | |
| 4c95e072 FW |
108 | const struct nf_hook_ops *ops); |
| 109 | extern void ebt_unregister_table(struct net *net, const char *tablename); | |
| 110 | void ebt_unregister_table_pre_exit(struct net *net, const char *tablename); | |
| f0d6764f FW |
111 | extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb, |
| 112 | const struct nf_hook_state *state); | |
| 1da177e4 | 113 | |
| 1da177e4 LT |
114 | /* True if the hook mask denotes that the rule is in a base chain, |
| 115 | * used in the check() functions */ | |
| af5d6dc2 | 116 | #define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS)) |
| 1da177e4 | 117 | /* Clear the bit in the hook mask that tells if the rule is on a base chain */ |
| af5d6dc2 | 118 | #define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS)) |
| 1da177e4 | 119 | |
| c953d635 GF |
120 | static inline bool ebt_invalid_target(int target) |
| 121 | { | |
| 122 | return (target < -NUM_STANDARD_TARGETS || target >= 0); | |
| 123 | } | |
| 124 | ||
| 87663c39 FW |
125 | int ebt_register_template(const struct ebt_table *t, int(*table_init)(struct net *net)); |
| 126 | void ebt_unregister_template(const struct ebt_table *t); | |
| 1da177e4 | 127 | #endif |