5 * Bart De Schuymer <bdschuym@pandora.be>
7 * ebtables.c,v 2.0, April, 2002
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
13 /* Local copy of the kernel file, needed for Sparc64 support */
14 #ifndef __LINUX_BRIDGE_EFF_H
15 #define __LINUX_BRIDGE_EFF_H
17 #include <linux/netfilter_bridge.h>
18 #include <linux/if_ether.h>
20 #define EBT_TABLE_MAXNAMELEN 32
21 #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
22 #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
24 /* verdicts >0 are "branches" */
27 #define EBT_CONTINUE -3
29 #define NUM_STANDARD_TARGETS 4
39 char name[EBT_TABLE_MAXNAMELEN];
40 unsigned int valid_hooks;
41 /* nr of rules in the table */
42 unsigned int nentries;
43 /* total size of the entries */
44 unsigned int entries_size;
45 /* start of the chains */
46 #ifdef KERNEL_64_USERSPACE_32
47 uint64_t hook_entry[NF_BR_NUMHOOKS];
49 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
51 /* nr of counters userspace expects back */
52 unsigned int num_counters;
53 /* where the kernel will put the old counters */
54 #ifdef KERNEL_64_USERSPACE_32
58 struct ebt_counter *counters;
64 /* this field is always set to zero
65 * See EBT_ENTRY_OR_ENTRIES.
66 * Must be same size as ebt_entry.bitmask */
67 unsigned int distinguisher;
69 char name[EBT_CHAIN_MAXNAMELEN];
70 /* counter offset for this chain */
71 unsigned int counter_offset;
72 /* one standard (accept, drop, return) per hook */
75 unsigned int nentries;
77 char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
80 /* used for the bitmask of struct ebt_entry */
82 /* This is a hack to make a difference between an ebt_entry struct and an
83 * ebt_entries struct when traversing the entries from start to end.
84 * Using this simplifies the code alot, while still being able to use
86 * Contrary, iptables doesn't use something like ebt_entries and therefore uses
87 * different techniques for naming the policy and such. So, iptables doesn't
88 * need a hack like this.
90 #define EBT_ENTRY_OR_ENTRIES 0x01
91 /* these are the normal masks */
92 #define EBT_NOPROTO 0x02
93 #define EBT_802_3 0x04
94 #define EBT_SOURCEMAC 0x08
95 #define EBT_DESTMAC 0x10
96 #define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
97 | EBT_ENTRY_OR_ENTRIES)
99 #define EBT_IPROTO 0x01
101 #define EBT_IOUT 0x04
102 #define EBT_ISOURCE 0x8
103 #define EBT_IDEST 0x10
104 #define EBT_ILOGICALIN 0x20
105 #define EBT_ILOGICALOUT 0x40
106 #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
107 | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
109 struct ebt_entry_match
112 char name[EBT_FUNCTION_MAXNAMELEN];
113 struct ebt_match *match;
116 unsigned int match_size;
117 #ifdef KERNEL_64_USERSPACE_32
120 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
123 struct ebt_entry_watcher
126 char name[EBT_FUNCTION_MAXNAMELEN];
127 struct ebt_watcher *watcher;
130 unsigned int watcher_size;
131 #ifdef KERNEL_64_USERSPACE_32
134 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
137 struct ebt_entry_target
140 char name[EBT_FUNCTION_MAXNAMELEN];
141 struct ebt_target *target;
144 unsigned int target_size;
145 #ifdef KERNEL_64_USERSPACE_32
148 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
151 #define EBT_STANDARD_TARGET "standard"
152 struct ebt_standard_target
154 struct ebt_entry_target target;
156 #ifdef KERNEL_64_USERSPACE_32
163 /* this needs to be the first field */
164 unsigned int bitmask;
165 unsigned int invflags;
167 /* the physical in-dev */
169 /* the logical in-dev */
170 char logical_in[IFNAMSIZ];
171 /* the physical out-dev */
173 /* the logical out-dev */
174 char logical_out[IFNAMSIZ];
175 unsigned char sourcemac[ETH_ALEN];
176 unsigned char sourcemsk[ETH_ALEN];
177 unsigned char destmac[ETH_ALEN];
178 unsigned char destmsk[ETH_ALEN];
179 /* sizeof ebt_entry + matches */
180 unsigned int watchers_offset;
181 /* sizeof ebt_entry + matches + watchers */
182 unsigned int target_offset;
183 /* sizeof ebt_entry + matches + watchers + target */
184 unsigned int next_offset;
185 unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
188 /* {g,s}etsockopt numbers */
189 #define EBT_BASE_CTL 128
191 #define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
192 #define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
193 #define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
195 #define EBT_SO_GET_INFO (EBT_BASE_CTL)
196 #define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
197 #define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
198 #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
199 #define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
201 /* blatently stolen from ip_tables.h
202 * fn returns 0 to continue iteration */
203 #define EBT_MATCH_ITERATE(e, fn, args...) \
207 struct ebt_entry_match *__match; \
209 for (__i = sizeof(struct ebt_entry); \
210 __i < (e)->watchers_offset; \
211 __i += __match->match_size + \
212 sizeof(struct ebt_entry_match)) { \
213 __match = (void *)(e) + __i; \
215 __ret = fn(__match , ## args); \
220 if (__i != (e)->watchers_offset) \
226 #define EBT_WATCHER_ITERATE(e, fn, args...) \
230 struct ebt_entry_watcher *__watcher; \
232 for (__i = e->watchers_offset; \
233 __i < (e)->target_offset; \
234 __i += __watcher->watcher_size + \
235 sizeof(struct ebt_entry_watcher)) { \
236 __watcher = (void *)(e) + __i; \
238 __ret = fn(__watcher , ## args); \
243 if (__i != (e)->target_offset) \
249 #define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
253 struct ebt_entry *__entry; \
255 for (__i = 0; __i < (size);) { \
256 __entry = (void *)(entries) + __i; \
257 __ret = fn(__entry , ## args); \
260 if (__entry->bitmask != 0) \
261 __i += __entry->next_offset; \
263 __i += sizeof(struct ebt_entries); \