logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

ebtables.h (9398B)


  1. /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
  2. /*
  3. * ebtables
  4. *
  5. * Authors:
  6. * Bart De Schuymer <bdschuym@pandora.be>
  7. *
  8. * ebtables.c,v 2.0, April, 2002
  9. *
  10. * This code is strongly inspired by the iptables code which is
  11. * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
  12. */
  13. #ifndef __LINUX_BRIDGE_EFF_H
  14. #define __LINUX_BRIDGE_EFF_H
  15. #include <linux/types.h>
  16. #include <linux/if.h>
  17. #include <linux/netfilter_bridge.h>
  18. #define EBT_TABLE_MAXNAMELEN 32
  19. #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
  20. #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
  21. #define EBT_EXTENSION_MAXNAMELEN 31
  22. /* verdicts >0 are "branches" */
  23. #define EBT_ACCEPT -1
  24. #define EBT_DROP -2
  25. #define EBT_CONTINUE -3
  26. #define EBT_RETURN -4
  27. #define NUM_STANDARD_TARGETS 4
  28. /* ebtables target modules store the verdict inside an int. We can
  29. * reclaim a part of this int for backwards compatible extensions.
  30. * The 4 lsb are more than enough to store the verdict. */
  31. #define EBT_VERDICT_BITS 0x0000000F
  32. struct xt_match;
  33. struct xt_target;
  34. struct ebt_counter {
  35. __u64 pcnt;
  36. __u64 bcnt;
  37. };
  38. struct ebt_replace {
  39. char name[EBT_TABLE_MAXNAMELEN];
  40. unsigned int valid_hooks;
  41. /* nr of rules in the table */
  42. unsigned int nentries;
  43. /* total size of the entries */
  44. unsigned int entries_size;
  45. /* start of the chains */
  46. struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
  47. /* nr of counters userspace expects back */
  48. unsigned int num_counters;
  49. /* where the kernel will put the old counters */
  50. struct ebt_counter *counters;
  51. char *entries;
  52. };
  53. struct ebt_replace_kernel {
  54. char name[EBT_TABLE_MAXNAMELEN];
  55. unsigned int valid_hooks;
  56. /* nr of rules in the table */
  57. unsigned int nentries;
  58. /* total size of the entries */
  59. unsigned int entries_size;
  60. /* start of the chains */
  61. struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
  62. /* nr of counters userspace expects back */
  63. unsigned int num_counters;
  64. /* where the kernel will put the old counters */
  65. struct ebt_counter *counters;
  66. char *entries;
  67. };
  68. struct ebt_entries {
  69. /* this field is always set to zero
  70. * See EBT_ENTRY_OR_ENTRIES.
  71. * Must be same size as ebt_entry.bitmask */
  72. unsigned int distinguisher;
  73. /* the chain name */
  74. char name[EBT_CHAIN_MAXNAMELEN];
  75. /* counter offset for this chain */
  76. unsigned int counter_offset;
  77. /* one standard (accept, drop, return) per hook */
  78. int policy;
  79. /* nr. of entries */
  80. unsigned int nentries;
  81. /* entry list */
  82. char data[] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  83. };
  84. /* used for the bitmask of struct ebt_entry */
  85. /* This is a hack to make a difference between an ebt_entry struct and an
  86. * ebt_entries struct when traversing the entries from start to end.
  87. * Using this simplifies the code a lot, while still being able to use
  88. * ebt_entries.
  89. * Contrary, iptables doesn't use something like ebt_entries and therefore uses
  90. * different techniques for naming the policy and such. So, iptables doesn't
  91. * need a hack like this.
  92. */
  93. #define EBT_ENTRY_OR_ENTRIES 0x01
  94. /* these are the normal masks */
  95. #define EBT_NOPROTO 0x02
  96. #define EBT_802_3 0x04
  97. #define EBT_SOURCEMAC 0x08
  98. #define EBT_DESTMAC 0x10
  99. #define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
  100. | EBT_ENTRY_OR_ENTRIES)
  101. #define EBT_IPROTO 0x01
  102. #define EBT_IIN 0x02
  103. #define EBT_IOUT 0x04
  104. #define EBT_ISOURCE 0x8
  105. #define EBT_IDEST 0x10
  106. #define EBT_ILOGICALIN 0x20
  107. #define EBT_ILOGICALOUT 0x40
  108. #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
  109. | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
  110. struct ebt_entry_match {
  111. union {
  112. struct {
  113. char name[EBT_EXTENSION_MAXNAMELEN];
  114. __u8 revision;
  115. };
  116. struct xt_match *match;
  117. } u;
  118. /* size of data */
  119. unsigned int match_size;
  120. unsigned char data[] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  121. };
  122. struct ebt_entry_watcher {
  123. union {
  124. struct {
  125. char name[EBT_EXTENSION_MAXNAMELEN];
  126. __u8 revision;
  127. };
  128. struct xt_target *watcher;
  129. } u;
  130. /* size of data */
  131. unsigned int watcher_size;
  132. unsigned char data[] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  133. };
  134. struct ebt_entry_target {
  135. union {
  136. struct {
  137. char name[EBT_EXTENSION_MAXNAMELEN];
  138. __u8 revision;
  139. };
  140. struct xt_target *target;
  141. } u;
  142. /* size of data */
  143. unsigned int target_size;
  144. unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  145. };
  146. #define EBT_STANDARD_TARGET "standard"
  147. struct ebt_standard_target {
  148. struct ebt_entry_target target;
  149. int verdict;
  150. };
  151. /* one entry */
  152. struct ebt_entry {
  153. /* this needs to be the first field */
  154. unsigned int bitmask;
  155. unsigned int invflags;
  156. __be16 ethproto;
  157. /* the physical in-dev */
  158. char in[IFNAMSIZ];
  159. /* the logical in-dev */
  160. char logical_in[IFNAMSIZ];
  161. /* the physical out-dev */
  162. char out[IFNAMSIZ];
  163. /* the logical out-dev */
  164. char logical_out[IFNAMSIZ];
  165. unsigned char sourcemac[ETH_ALEN];
  166. unsigned char sourcemsk[ETH_ALEN];
  167. unsigned char destmac[ETH_ALEN];
  168. unsigned char destmsk[ETH_ALEN];
  169. __struct_group(/* no tag */, offsets, /* no attrs */,
  170. /* sizeof ebt_entry + matches */
  171. unsigned int watchers_offset;
  172. /* sizeof ebt_entry + matches + watchers */
  173. unsigned int target_offset;
  174. /* sizeof ebt_entry + matches + watchers + target */
  175. unsigned int next_offset;
  176. );
  177. unsigned char elems[] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  178. };
  179. static __inline__ struct ebt_entry_target *
  180. ebt_get_target(struct ebt_entry *e)
  181. {
  182. return (struct ebt_entry_target *)((char *)e + e->target_offset);
  183. }
  184. /* {g,s}etsockopt numbers */
  185. #define EBT_BASE_CTL 128
  186. #define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
  187. #define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
  188. #define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
  189. #define EBT_SO_GET_INFO (EBT_BASE_CTL)
  190. #define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
  191. #define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
  192. #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
  193. #define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
  194. /* blatently stolen from ip_tables.h
  195. * fn returns 0 to continue iteration */
  196. #define EBT_MATCH_ITERATE(e, fn, args...) \
  197. ({ \
  198. unsigned int __i; \
  199. int __ret = 0; \
  200. struct ebt_entry_match *__match; \
  201. \
  202. for (__i = sizeof(struct ebt_entry); \
  203. __i < (e)->watchers_offset; \
  204. __i += __match->match_size + \
  205. sizeof(struct ebt_entry_match)) { \
  206. __match = (void *)(e) + __i; \
  207. \
  208. __ret = fn(__match , ## args); \
  209. if (__ret != 0) \
  210. break; \
  211. } \
  212. if (__ret == 0) { \
  213. if (__i != (e)->watchers_offset) \
  214. __ret = -EINVAL; \
  215. } \
  216. __ret; \
  217. })
  218. #define EBT_WATCHER_ITERATE(e, fn, args...) \
  219. ({ \
  220. unsigned int __i; \
  221. int __ret = 0; \
  222. struct ebt_entry_watcher *__watcher; \
  223. \
  224. for (__i = e->watchers_offset; \
  225. __i < (e)->target_offset; \
  226. __i += __watcher->watcher_size + \
  227. sizeof(struct ebt_entry_watcher)) { \
  228. __watcher = (void *)(e) + __i; \
  229. \
  230. __ret = fn(__watcher , ## args); \
  231. if (__ret != 0) \
  232. break; \
  233. } \
  234. if (__ret == 0) { \
  235. if (__i != (e)->target_offset) \
  236. __ret = -EINVAL; \
  237. } \
  238. __ret; \
  239. })
  240. #define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
  241. ({ \
  242. unsigned int __i; \
  243. int __ret = 0; \
  244. struct ebt_entry *__entry; \
  245. \
  246. for (__i = 0; __i < (size);) { \
  247. __entry = (void *)(entries) + __i; \
  248. __ret = fn(__entry , ## args); \
  249. if (__ret != 0) \
  250. break; \
  251. if (__entry->bitmask != 0) \
  252. __i += __entry->next_offset; \
  253. else \
  254. __i += sizeof(struct ebt_entries); \
  255. } \
  256. if (__ret == 0) { \
  257. if (__i != (size)) \
  258. __ret = -EINVAL; \
  259. } \
  260. __ret; \
  261. })
  262. #endif /* __LINUX_BRIDGE_EFF_H */