linux/include/linux/netfilter_bridge/ebtables.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 *  ebtables
   4 *
   5 *      Authors:
   6 *      Bart De Schuymer                <bdschuym@pandora.be>
   7 *
   8 *  ebtables.c,v 2.0, April, 2002
   9 *
  10 *  This code is strongly inspired by the iptables code which is
  11 *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
  12 */
  13#ifndef __LINUX_BRIDGE_EFF_H
  14#define __LINUX_BRIDGE_EFF_H
  15
  16#include <linux/if.h>
  17#include <linux/if_ether.h>
  18#include <uapi/linux/netfilter_bridge/ebtables.h>
  19
  20struct ebt_match {
  21        struct list_head list;
  22        const char name[EBT_FUNCTION_MAXNAMELEN];
  23        bool (*match)(const struct sk_buff *skb, const struct net_device *in,
  24                const struct net_device *out, const struct xt_match *match,
  25                const void *matchinfo, int offset, unsigned int protoff,
  26                bool *hotdrop);
  27        bool (*checkentry)(const char *table, const void *entry,
  28                const struct xt_match *match, void *matchinfo,
  29                unsigned int hook_mask);
  30        void (*destroy)(const struct xt_match *match, void *matchinfo);
  31        unsigned int matchsize;
  32        u_int8_t revision;
  33        u_int8_t family;
  34        struct module *me;
  35};
  36
  37struct ebt_watcher {
  38        struct list_head list;
  39        const char name[EBT_FUNCTION_MAXNAMELEN];
  40        unsigned int (*target)(struct sk_buff *skb,
  41                const struct net_device *in, const struct net_device *out,
  42                unsigned int hook_num, const struct xt_target *target,
  43                const void *targinfo);
  44        bool (*checkentry)(const char *table, const void *entry,
  45                const struct xt_target *target, void *targinfo,
  46                unsigned int hook_mask);
  47        void (*destroy)(const struct xt_target *target, void *targinfo);
  48        unsigned int targetsize;
  49        u_int8_t revision;
  50        u_int8_t family;
  51        struct module *me;
  52};
  53
  54struct ebt_target {
  55        struct list_head list;
  56        const char name[EBT_FUNCTION_MAXNAMELEN];
  57        /* returns one of the standard EBT_* verdicts */
  58        unsigned int (*target)(struct sk_buff *skb,
  59                const struct net_device *in, const struct net_device *out,
  60                unsigned int hook_num, const struct xt_target *target,
  61                const void *targinfo);
  62        bool (*checkentry)(const char *table, const void *entry,
  63                const struct xt_target *target, void *targinfo,
  64                unsigned int hook_mask);
  65        void (*destroy)(const struct xt_target *target, void *targinfo);
  66        unsigned int targetsize;
  67        u_int8_t revision;
  68        u_int8_t family;
  69        struct module *me;
  70};
  71
  72/* used for jumping from and into user defined chains (udc) */
  73struct ebt_chainstack {
  74        struct ebt_entries *chaininfo; /* pointer to chain data */
  75        struct ebt_entry *e; /* pointer to entry data */
  76        unsigned int n; /* n'th entry */
  77};
  78
  79struct ebt_table_info {
  80        /* total size of the entries */
  81        unsigned int entries_size;
  82        unsigned int nentries;
  83        /* pointers to the start of the chains */
  84        struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
  85        /* room to maintain the stack used for jumping from and into udc */
  86        struct ebt_chainstack **chainstack;
  87        char *entries;
  88        struct ebt_counter counters[] ____cacheline_aligned;
  89};
  90
  91struct ebt_table {
  92        struct list_head list;
  93        char name[EBT_TABLE_MAXNAMELEN];
  94        struct ebt_replace_kernel *table;
  95        unsigned int valid_hooks;
  96        rwlock_t lock;
  97        /* e.g. could be the table explicitly only allows certain
  98         * matches, targets, ... 0 == let it in */
  99        int (*check)(const struct ebt_table_info *info,
 100           unsigned int valid_hooks);
 101        /* the data used by the kernel */
 102        struct ebt_table_info *private;
 103        struct nf_hook_ops *ops;
 104        struct module *me;
 105};
 106
 107#define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \
 108                     ~(__alignof__(struct _xt_align)-1))
 109
 110extern int ebt_register_table(struct net *net,
 111                              const struct ebt_table *table,
 112                              const struct nf_hook_ops *ops);
 113extern void ebt_unregister_table(struct net *net, const char *tablename);
 114void ebt_unregister_table_pre_exit(struct net *net, const char *tablename);
 115extern unsigned int ebt_do_table(struct sk_buff *skb,
 116                                 const struct nf_hook_state *state,
 117                                 struct ebt_table *table);
 118
 119/* True if the hook mask denotes that the rule is in a base chain,
 120 * used in the check() functions */
 121#define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))
 122/* Clear the bit in the hook mask that tells if the rule is on a base chain */
 123#define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS))
 124
 125static inline bool ebt_invalid_target(int target)
 126{
 127        return (target < -NUM_STANDARD_TARGETS || target >= 0);
 128}
 129
 130int ebt_register_template(const struct ebt_table *t, int(*table_init)(struct net *net));
 131void ebt_unregister_template(const struct ebt_table *t);
 132#endif
 133
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.