Warning: This file is not a C or C++ file. It does not have highlighting.
| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | /* |
| 3 | * ebtables |
| 4 | * |
| 5 | * Authors: |
| 6 | * Bart De Schuymer <bdschuym@pandora.be> |
| 7 | * |
| 8 | * ebtables.c,v 2.0, April, 2002 |
| 9 | * |
| 10 | * This code is strongly inspired by the iptables code which is |
| 11 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling |
| 12 | */ |
| 13 | #ifndef __LINUX_BRIDGE_EFF_H |
| 14 | #define __LINUX_BRIDGE_EFF_H |
| 15 | |
| 16 | #include <linux/if.h> |
| 17 | #include <linux/if_ether.h> |
| 18 | #include <uapi/linux/netfilter_bridge/ebtables.h> |
| 19 | |
| 20 | struct ebt_match { |
| 21 | struct list_head list; |
| 22 | const char name[EBT_FUNCTION_MAXNAMELEN]; |
| 23 | bool (*match)(const struct sk_buff *skb, const struct net_device *in, |
| 24 | const struct net_device *out, const struct xt_match *match, |
| 25 | const void *matchinfo, int offset, unsigned int protoff, |
| 26 | bool *hotdrop); |
| 27 | bool (*checkentry)(const char *table, const void *entry, |
| 28 | const struct xt_match *match, void *matchinfo, |
| 29 | unsigned int hook_mask); |
| 30 | void (*destroy)(const struct xt_match *match, void *matchinfo); |
| 31 | unsigned int matchsize; |
| 32 | u_int8_t revision; |
| 33 | u_int8_t family; |
| 34 | struct module *me; |
| 35 | }; |
| 36 | |
| 37 | struct ebt_watcher { |
| 38 | struct list_head list; |
| 39 | const char name[EBT_FUNCTION_MAXNAMELEN]; |
| 40 | unsigned int (*target)(struct sk_buff *skb, |
| 41 | const struct net_device *in, const struct net_device *out, |
| 42 | unsigned int hook_num, const struct xt_target *target, |
| 43 | const void *targinfo); |
| 44 | bool (*checkentry)(const char *table, const void *entry, |
| 45 | const struct xt_target *target, void *targinfo, |
| 46 | unsigned int hook_mask); |
| 47 | void (*destroy)(const struct xt_target *target, void *targinfo); |
| 48 | unsigned int targetsize; |
| 49 | u_int8_t revision; |
| 50 | u_int8_t family; |
| 51 | struct module *me; |
| 52 | }; |
| 53 | |
| 54 | struct ebt_target { |
| 55 | struct list_head list; |
| 56 | const char name[EBT_FUNCTION_MAXNAMELEN]; |
| 57 | /* returns one of the standard EBT_* verdicts */ |
| 58 | unsigned int (*target)(struct sk_buff *skb, |
| 59 | const struct net_device *in, const struct net_device *out, |
| 60 | unsigned int hook_num, const struct xt_target *target, |
| 61 | const void *targinfo); |
| 62 | bool (*checkentry)(const char *table, const void *entry, |
| 63 | const struct xt_target *target, void *targinfo, |
| 64 | unsigned int hook_mask); |
| 65 | void (*destroy)(const struct xt_target *target, void *targinfo); |
| 66 | unsigned int targetsize; |
| 67 | u_int8_t revision; |
| 68 | u_int8_t family; |
| 69 | struct module *me; |
| 70 | }; |
| 71 | |
| 72 | /* used for jumping from and into user defined chains (udc) */ |
| 73 | struct ebt_chainstack { |
| 74 | struct ebt_entries *chaininfo; /* pointer to chain data */ |
| 75 | struct ebt_entry *e; /* pointer to entry data */ |
| 76 | unsigned int n; /* n'th entry */ |
| 77 | }; |
| 78 | |
| 79 | struct ebt_table_info { |
| 80 | /* total size of the entries */ |
| 81 | unsigned int entries_size; |
| 82 | unsigned int nentries; |
| 83 | /* pointers to the start of the chains */ |
| 84 | struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; |
| 85 | /* room to maintain the stack used for jumping from and into udc */ |
| 86 | struct ebt_chainstack **chainstack; |
| 87 | char *entries; |
| 88 | struct ebt_counter counters[] ____cacheline_aligned; |
| 89 | }; |
| 90 | |
| 91 | struct ebt_table { |
| 92 | struct list_head list; |
| 93 | char name[EBT_TABLE_MAXNAMELEN]; |
| 94 | struct ebt_replace_kernel *table; |
| 95 | unsigned int valid_hooks; |
| 96 | rwlock_t lock; |
| 97 | /* the data used by the kernel */ |
| 98 | struct ebt_table_info *private; |
| 99 | struct nf_hook_ops *ops; |
| 100 | struct module *me; |
| 101 | }; |
| 102 | |
| 103 | #define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \ |
| 104 | ~(__alignof__(struct _xt_align)-1)) |
| 105 | |
| 106 | extern int ebt_register_table(struct net *net, |
| 107 | const struct ebt_table *table, |
| 108 | const struct nf_hook_ops *ops); |
| 109 | extern void ebt_unregister_table(struct net *net, const char *tablename); |
| 110 | void ebt_unregister_table_pre_exit(struct net *net, const char *tablename); |
| 111 | extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb, |
| 112 | const struct nf_hook_state *state); |
| 113 | |
| 114 | /* True if the hook mask denotes that the rule is in a base chain, |
| 115 | * used in the check() functions */ |
| 116 | #define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS)) |
| 117 | /* Clear the bit in the hook mask that tells if the rule is on a base chain */ |
| 118 | #define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS)) |
| 119 | |
| 120 | static inline bool ebt_invalid_target(int target) |
| 121 | { |
| 122 | return (target < -NUM_STANDARD_TARGETS || target >= 0); |
| 123 | } |
| 124 | |
| 125 | int ebt_register_template(const struct ebt_table *t, int(*table_init)(struct net *net)); |
| 126 | void ebt_unregister_template(const struct ebt_table *t); |
| 127 | #endif |
| 128 |
Warning: This file is not a C or C++ file. It does not have highlighting.