linux/netfilter_bridge/ebtables.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  *  ebtables
0004  *
0005  *  Authors:
0006  *  Bart De Schuymer        <bdschuym@pandora.be>
0007  *
0008  *  ebtables.c,v 2.0, April, 2002
0009  *
0010  *  This code is strongly inspired by the iptables code which is
0011  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
0012  */
0013 #ifndef __LINUX_BRIDGE_EFF_H
0014 #define __LINUX_BRIDGE_EFF_H
0015
0016 #include <linux/if.h>
0017 #include <linux/if_ether.h>
0018 #include <uapi/linux/netfilter_bridge/ebtables.h>
0019
0020 struct ebt_match {
0021     struct list_head list;
0022     const char name[EBT_FUNCTION_MAXNAMELEN];
0023     bool (*match)(const struct sk_buff *skb, const struct net_device *in,
0024         const struct net_device *out, const struct xt_match *match,
0025         const void *matchinfo, int offset, unsigned int protoff,
0026         bool *hotdrop);
0027     bool (*checkentry)(const char *table, const void *entry,
0028         const struct xt_match *match, void *matchinfo,
0029         unsigned int hook_mask);
0030     void (*destroy)(const struct xt_match *match, void *matchinfo);
0031     unsigned int matchsize;
0032     u_int8_t revision;
0033     u_int8_t family;
0034     struct module *me;
0035 };
0036
0037 struct ebt_watcher {
0038     struct list_head list;
0039     const char name[EBT_FUNCTION_MAXNAMELEN];
0040     unsigned int (*target)(struct sk_buff *skb,
0041         const struct net_device *in, const struct net_device *out,
0042         unsigned int hook_num, const struct xt_target *target,
0043         const void *targinfo);
0044     bool (*checkentry)(const char *table, const void *entry,
0045         const struct xt_target *target, void *targinfo,
0046         unsigned int hook_mask);
0047     void (*destroy)(const struct xt_target *target, void *targinfo);
0048     unsigned int targetsize;
0049     u_int8_t revision;
0050     u_int8_t family;
0051     struct module *me;
0052 };
0053
0054 struct ebt_target {
0055     struct list_head list;
0056     const char name[EBT_FUNCTION_MAXNAMELEN];
0057     /* returns one of the standard EBT_* verdicts */
0058     unsigned int (*target)(struct sk_buff *skb,
0059         const struct net_device *in, const struct net_device *out,
0060         unsigned int hook_num, const struct xt_target *target,
0061         const void *targinfo);
0062     bool (*checkentry)(const char *table, const void *entry,
0063         const struct xt_target *target, void *targinfo,
0064         unsigned int hook_mask);
0065     void (*destroy)(const struct xt_target *target, void *targinfo);
0066     unsigned int targetsize;
0067     u_int8_t revision;
0068     u_int8_t family;
0069     struct module *me;
0070 };
0071
0072 /* used for jumping from and into user defined chains (udc) */
0073 struct ebt_chainstack {
0074     struct ebt_entries *chaininfo; /* pointer to chain data */
0075     struct ebt_entry *e; /* pointer to entry data */
0076     unsigned int n; /* n'th entry */
0077 };
0078
0079 struct ebt_table_info {
0080     /* total size of the entries */
0081     unsigned int entries_size;
0082     unsigned int nentries;
0083     /* pointers to the start of the chains */
0084     struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
0085     /* room to maintain the stack used for jumping from and into udc */
0086     struct ebt_chainstack **chainstack;
0087     char *entries;
0088     struct ebt_counter counters[] ____cacheline_aligned;
0089 };
0090
0091 struct ebt_table {
0092     struct list_head list;
0093     char name[EBT_TABLE_MAXNAMELEN];
0094     struct ebt_replace_kernel *table;
0095     unsigned int valid_hooks;
0096     rwlock_t lock;
0097     /* the data used by the kernel */
0098     struct ebt_table_info *private;
0099     struct nf_hook_ops *ops;
0100     struct module *me;
0101 };
0102
0103 #define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \
0104              ~(__alignof__(struct _xt_align)-1))
0105
0106 extern int ebt_register_table(struct net *net,
0107                   const struct ebt_table *table,
0108                   const struct nf_hook_ops *ops);
0109 extern void ebt_unregister_table(struct net *net, const char *tablename);
0110 void ebt_unregister_table_pre_exit(struct net *net, const char *tablename);
0111 extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb,
0112                  const struct nf_hook_state *state);
0113
0114 /* True if the hook mask denotes that the rule is in a base chain,
0115  * used in the check() functions */
0116 #define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))
0117 /* Clear the bit in the hook mask that tells if the rule is on a base chain */
0118 #define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS))
0119
0120 static inline bool ebt_invalid_target(int target)
0121 {
0122     return (target < -NUM_STANDARD_TARGETS || target >= 0);
0123 }
0124
0125 int ebt_register_template(const struct ebt_table *t, int(*table_init)(struct net *net));
0126 void ebt_unregister_template(const struct ebt_table *t);
0127 #endif