userapps/opensource/ebtables/include/ebtables.h

   1 /*
   2  *  ebtables
   3  *
   4  *      Authors:
   5  *      Bart De Schuymer                <bdschuym@pandora.be>
   6  *
   7  *  ebtables.c,v 2.0, April, 2002
   8  *
   9  *  This code is stongly inspired on the iptables code which is
  10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
  11  */
  12
  13 /* Local copy of the kernel file, needed for Sparc64 support */
  14 #ifndef __LINUX_BRIDGE_EFF_H
  15 #define __LINUX_BRIDGE_EFF_H
  16 #include <linux/if.h>
  17 #include <linux/netfilter_bridge.h>
  18 #include <linux/if_ether.h>
  19
  20 #define EBT_TABLE_MAXNAMELEN 32
  21 #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
  22 #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
  23
  24 /* verdicts >0 are "branches" */
  25 #define EBT_ACCEPT   -1
  26 #define EBT_DROP     -2
  27 #define EBT_CONTINUE -3
  28 #define EBT_RETURN   -4
  29 #define NUM_STANDARD_TARGETS   4
  30
  31 struct ebt_counter
  32 {
  33         uint64_t pcnt;
  34         uint64_t bcnt;
  35 };
  36
  37 struct ebt_replace
  38 {
  39         char name[EBT_TABLE_MAXNAMELEN];
  40         unsigned int valid_hooks;
  41         /* nr of rules in the table */
  42         unsigned int nentries;
  43         /* total size of the entries */
  44         unsigned int entries_size;
  45         /* start of the chains */
  46 #ifdef KERNEL_64_USERSPACE_32
  47         uint64_t hook_entry[NF_BR_NUMHOOKS];
  48 #else
  49         struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
  50 #endif
  51         /* nr of counters userspace expects back */
  52         unsigned int num_counters;
  53         /* where the kernel will put the old counters */
  54 #ifdef KERNEL_64_USERSPACE_32
  55         uint64_t counters;
  56         uint64_t entries;
  57 #else
  58         struct ebt_counter *counters;
  59         char *entries;
  60 #endif
  61 };
  62
  63 struct ebt_entries {
  64         /* this field is always set to zero
  65          * See EBT_ENTRY_OR_ENTRIES.
  66          * Must be same size as ebt_entry.bitmask */
  67         unsigned int distinguisher;
  68         /* the chain name */
  69         char name[EBT_CHAIN_MAXNAMELEN];
  70         /* counter offset for this chain */
  71         unsigned int counter_offset;
  72         /* one standard (accept, drop, return) per hook */
  73         int policy;
  74         /* nr. of entries */
  75         unsigned int nentries;
  76         /* entry list */
  77         char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  78 };
  79
  80 /* used for the bitmask of struct ebt_entry */
  81
  82 /* This is a hack to make a difference between an ebt_entry struct and an
  83  * ebt_entries struct when traversing the entries from start to end.
  84  * Using this simplifies the code alot, while still being able to use
  85  * ebt_entries.
  86  * Contrary, iptables doesn't use something like ebt_entries and therefore uses
  87  * different techniques for naming the policy and such. So, iptables doesn't
  88  * need a hack like this.
  89  */
  90 #define EBT_ENTRY_OR_ENTRIES 0x01
  91 /* these are the normal masks */
  92 #define EBT_NOPROTO 0x02
  93 #define EBT_802_3 0x04
  94 #define EBT_SOURCEMAC 0x08
  95 #define EBT_DESTMAC 0x10
  96 #define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
  97    | EBT_ENTRY_OR_ENTRIES)
  98
  99 #define EBT_IPROTO 0x01
 100 #define EBT_IIN 0x02
 101 #define EBT_IOUT 0x04
 102 #define EBT_ISOURCE 0x8
 103 #define EBT_IDEST 0x10
 104 #define EBT_ILOGICALIN 0x20
 105 #define EBT_ILOGICALOUT 0x40
 106 #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
 107    | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
 108
 109 struct ebt_entry_match
 110 {
 111         union {
 112                 char name[EBT_FUNCTION_MAXNAMELEN];
 113                 struct ebt_match *match;
 114         } u;
 115         /* size of data */
 116         unsigned int match_size;
 117 #ifdef KERNEL_64_USERSPACE_32
 118         unsigned int pad;
 119 #endif
 120         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 121 };
 122
 123 struct ebt_entry_watcher
 124 {
 125         union {
 126                 char name[EBT_FUNCTION_MAXNAMELEN];
 127                 struct ebt_watcher *watcher;
 128         } u;
 129         /* size of data */
 130         unsigned int watcher_size;
 131 #ifdef KERNEL_64_USERSPACE_32
 132         unsigned int pad;
 133 #endif
 134         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 135 };
 136
 137 struct ebt_entry_target
 138 {
 139         union {
 140                 char name[EBT_FUNCTION_MAXNAMELEN];
 141                 struct ebt_target *target;
 142         } u;
 143         /* size of data */
 144         unsigned int target_size;
 145 #ifdef KERNEL_64_USERSPACE_32
 146         unsigned int pad;
 147 #endif
 148         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 149 };
 150
 151 #define EBT_STANDARD_TARGET "standard"
 152 struct ebt_standard_target
 153 {
 154         struct ebt_entry_target target;
 155         int verdict;
 156 #ifdef KERNEL_64_USERSPACE_32
 157         unsigned int pad;
 158 #endif
 159 };
 160
 161 /* one entry */
 162 struct ebt_entry {
 163         /* this needs to be the first field */
 164         unsigned int bitmask;
 165         unsigned int invflags;
 166         uint16_t ethproto;
 167         /* the physical in-dev */
 168         char in[IFNAMSIZ];
 169         /* the logical in-dev */
 170         char logical_in[IFNAMSIZ];
 171         /* the physical out-dev */
 172         char out[IFNAMSIZ];
 173         /* the logical out-dev */
 174         char logical_out[IFNAMSIZ];
 175         unsigned char sourcemac[ETH_ALEN];
 176         unsigned char sourcemsk[ETH_ALEN];
 177         unsigned char destmac[ETH_ALEN];
 178         unsigned char destmsk[ETH_ALEN];
 179         /* sizeof ebt_entry + matches */
 180         unsigned int watchers_offset;
 181         /* sizeof ebt_entry + matches + watchers */
 182         unsigned int target_offset;
 183         /* sizeof ebt_entry + matches + watchers + target */
 184         unsigned int next_offset;
 185         unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 186 };
 187
 188 /* {g,s}etsockopt numbers */
 189 #define EBT_BASE_CTL            128
 190
 191 #define EBT_SO_SET_ENTRIES      (EBT_BASE_CTL)
 192 #define EBT_SO_SET_COUNTERS     (EBT_SO_SET_ENTRIES+1)
 193 #define EBT_SO_SET_MAX          (EBT_SO_SET_COUNTERS+1)
 194
 195 #define EBT_SO_GET_INFO         (EBT_BASE_CTL)
 196 #define EBT_SO_GET_ENTRIES      (EBT_SO_GET_INFO+1)
 197 #define EBT_SO_GET_INIT_INFO    (EBT_SO_GET_ENTRIES+1)
 198 #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
 199 #define EBT_SO_GET_MAX          (EBT_SO_GET_INIT_ENTRIES+1)
 200
 201 /* blatently stolen from ip_tables.h
 202  * fn returns 0 to continue iteration */
 203 #define EBT_MATCH_ITERATE(e, fn, args...)                   \
 204 ({                                                          \
 205         unsigned int __i;                                   \
 206         int __ret = 0;                                      \
 207         struct ebt_entry_match *__match;                    \
 208                                                             \
 209         for (__i = sizeof(struct ebt_entry);                \
 210              __i < (e)->watchers_offset;                    \
 211              __i += __match->match_size +                   \
 212              sizeof(struct ebt_entry_match)) {              \
 213                 __match = (void *)(e) + __i;                \
 214                                                             \
 215                 __ret = fn(__match , ## args);              \
 216                 if (__ret != 0)                             \
 217                         break;                              \
 218         }                                                   \
 219         if (__ret == 0) {                                   \
 220                 if (__i != (e)->watchers_offset)            \
 221                         __ret = -EINVAL;                    \
 222         }                                                   \
 223         __ret;                                              \
 224 })
 225
 226 #define EBT_WATCHER_ITERATE(e, fn, args...)                 \
 227 ({                                                          \
 228         unsigned int __i;                                   \
 229         int __ret = 0;                                      \
 230         struct ebt_entry_watcher *__watcher;                \
 231                                                             \
 232         for (__i = e->watchers_offset;                      \
 233              __i < (e)->target_offset;                      \
 234              __i += __watcher->watcher_size +               \
 235              sizeof(struct ebt_entry_watcher)) {            \
 236                 __watcher = (void *)(e) + __i;              \
 237                                                             \
 238                 __ret = fn(__watcher , ## args);            \
 239                 if (__ret != 0)                             \
 240                         break;                              \
 241         }                                                   \
 242         if (__ret == 0) {                                   \
 243                 if (__i != (e)->target_offset)              \
 244                         __ret = -EINVAL;                    \
 245         }                                                   \
 246         __ret;                                              \
 247 })
 248
 249 #define EBT_ENTRY_ITERATE(entries, size, fn, args...)       \
 250 ({                                                          \
 251         unsigned int __i;                                   \
 252         int __ret = 0;                                      \
 253         struct ebt_entry *__entry;                          \
 254                                                             \
 255         for (__i = 0; __i < (size);) {                      \
 256                 __entry = (void *)(entries) + __i;          \
 257                 __ret = fn(__entry , ## args);              \
 258                 if (__ret != 0)                             \
 259                         break;                              \
 260                 if (__entry->bitmask != 0)                  \
 261                         __i += __entry->next_offset;        \
 262                 else                                        \
 263                         __i += sizeof(struct ebt_entries);  \
 264         }                                                   \
 265         if (__ret == 0) {                                   \
 266                 if (__i != (size))                          \
 267                         __ret = -EINVAL;                    \
 268         }                                                   \
 269         __ret;                                              \
 270 })
 271
 272 #endif