blob: c6935be7c6ca3e9a33f2835a8dc10035bee43f1d [file] [log] [blame]
/* SPDX-License-Identifier: GPL-2.0 */
/*
* ebtables
*
* Authors:
* Bart De Schuymer <bdschuym@pandora.be>
*
* ebtables.c,v 2.0, April, 2002
*
* This code is strongly inspired by the iptables code which is
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
*/
#ifndef __LINUX_BRIDGE_EFF_H
#define __LINUX_BRIDGE_EFF_H
#include <linux/if.h>
#include <linux/if_ether.h>
#include <uapi/linux/netfilter_bridge/ebtables.h>
struct ebt_match {
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
bool (*match)(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const struct xt_match *match,
const void *matchinfo, int offset, unsigned int protoff,
bool *hotdrop);
bool (*checkentry)(const char *table, const void *entry,
const struct xt_match *match, void *matchinfo,
unsigned int hook_mask);
void (*destroy)(const struct xt_match *match, void *matchinfo);
unsigned int matchsize;
u_int8_t revision;
u_int8_t family;
struct module *me;
};
struct ebt_watcher {
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
unsigned int (*target)(struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
unsigned int hook_num, const struct xt_target *target,
const void *targinfo);
bool (*checkentry)(const char *table, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask);
void (*destroy)(const struct xt_target *target, void *targinfo);
unsigned int targetsize;
u_int8_t revision;
u_int8_t family;
struct module *me;
};
struct ebt_target {
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
/* returns one of the standard EBT_* verdicts */
unsigned int (*target)(struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
unsigned int hook_num, const struct xt_target *target,
const void *targinfo);
bool (*checkentry)(const char *table, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask);
void (*destroy)(const struct xt_target *target, void *targinfo);
unsigned int targetsize;
u_int8_t revision;
u_int8_t family;
struct module *me;
};
/* used for jumping from and into user defined chains (udc) */
struct ebt_chainstack {
struct ebt_entries *chaininfo; /* pointer to chain data */
struct ebt_entry *e; /* pointer to entry data */
unsigned int n; /* n'th entry */
};
struct ebt_table_info {
/* total size of the entries */
unsigned int entries_size;
unsigned int nentries;
/* pointers to the start of the chains */
struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
/* room to maintain the stack used for jumping from and into udc */
struct ebt_chainstack **chainstack;
char *entries;
struct ebt_counter counters[0] ____cacheline_aligned;
};
struct ebt_table {
struct list_head list;
char name[EBT_TABLE_MAXNAMELEN];
struct ebt_replace_kernel *table;
unsigned int valid_hooks;
rwlock_t lock;
/* e.g. could be the table explicitly only allows certain
* matches, targets, ... 0 == let it in */
int (*check)(const struct ebt_table_info *info,
unsigned int valid_hooks);
/* the data used by the kernel */
struct ebt_table_info *private;
struct module *me;
};
#define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \
~(__alignof__(struct _xt_align)-1))
extern int ebt_register_table(struct net *net,
const struct ebt_table *table,
const struct nf_hook_ops *ops,
struct ebt_table **res);
extern void ebt_unregister_table(struct net *net, struct ebt_table *table,
const struct nf_hook_ops *);
extern unsigned int ebt_do_table(struct sk_buff *skb,
const struct nf_hook_state *state,
struct ebt_table *table);
/* True if the hook mask denotes that the rule is in a base chain,
* used in the check() functions */
#define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))
/* Clear the bit in the hook mask that tells if the rule is on a base chain */
#define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS))
static inline bool ebt_invalid_target(int target)
{
return (target < -NUM_STANDARD_TARGETS || target >= 0);
}
#endif