Dr Andrew Scott G7VAV

My photo
 
June 2025
Mo Tu We Th Fr Sa Su
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6


ebtables.h
001: /*
002:  *  ebtables
003:  *
004:  *      Authors:
005:  *      Bart De Schuymer                <bdschuym@pandora.be>
006:  *
007:  *  ebtables.c,v 2.0, April, 2002
008:  *
009:  *  This code is stongly inspired on the iptables code which is
010:  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
011:  */
012: 
013: #ifndef __LINUX_BRIDGE_EFF_H
014: #define __LINUX_BRIDGE_EFF_H
015: #include <linux/if.h>
016: #include <linux/netfilter_bridge.h>
017: #include <linux/if_ether.h>
018: 
019: #define EBT_TABLE_MAXNAMELEN 32
020: #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
021: #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
022: 
023: /* verdicts >0 are "branches" */
024: #define EBT_ACCEPT   -1
025: #define EBT_DROP     -2
026: #define EBT_CONTINUE -3
027: #define EBT_RETURN   -4
028: #define NUM_STANDARD_TARGETS   4
029: /* ebtables target modules store the verdict inside an int. We can
030:  * reclaim a part of this int for backwards compatible extensions.
031:  * The 4 lsb are more than enough to store the verdict. */
032: #define EBT_VERDICT_BITS 0x0000000F
033: 
034: struct xt_match;
035: struct xt_target;
036: 
037: struct ebt_counter {
038:         uint64_t pcnt;
039:         uint64_t bcnt;
040: };
041: 
042: struct ebt_replace {
043:         char name[EBT_TABLE_MAXNAMELEN];
044:         unsigned int valid_hooks;
045:         /* nr of rules in the table */
046:         unsigned int nentries;
047:         /* total size of the entries */
048:         unsigned int entries_size;
049:         /* start of the chains */
050:         struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
051:         /* nr of counters userspace expects back */
052:         unsigned int num_counters;
053:         /* where the kernel will put the old counters */
054:         struct ebt_counter *counters;
055:         char *entries;
056: };
057: 
058: struct ebt_replace_kernel {
059:         char name[EBT_TABLE_MAXNAMELEN];
060:         unsigned int valid_hooks;
061:         /* nr of rules in the table */
062:         unsigned int nentries;
063:         /* total size of the entries */
064:         unsigned int entries_size;
065:         /* start of the chains */
066:         struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
067:         /* nr of counters userspace expects back */
068:         unsigned int num_counters;
069:         /* where the kernel will put the old counters */
070:         struct ebt_counter *counters;
071:         char *entries;
072: };
073: 
074: struct ebt_entries {
075:         /* this field is always set to zero
076:          * See EBT_ENTRY_OR_ENTRIES.
077:          * Must be same size as ebt_entry.bitmask */
078:         unsigned int distinguisher;
079:         /* the chain name */
080:         char name[EBT_CHAIN_MAXNAMELEN];
081:         /* counter offset for this chain */
082:         unsigned int counter_offset;
083:         /* one standard (accept, drop, return) per hook */
084:         int policy;
085:         /* nr. of entries */
086:         unsigned int nentries;
087:         /* entry list */
088:         char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
089: };
090: 
091: /* used for the bitmask of struct ebt_entry */
092: 
093: /* This is a hack to make a difference between an ebt_entry struct and an
094:  * ebt_entries struct when traversing the entries from start to end.
095:  * Using this simplifies the code a lot, while still being able to use
096:  * ebt_entries.
097:  * Contrary, iptables doesn't use something like ebt_entries and therefore uses
098:  * different techniques for naming the policy and such. So, iptables doesn't
099:  * need a hack like this.
100:  */
101: #define EBT_ENTRY_OR_ENTRIES 0x01
102: /* these are the normal masks */
103: #define EBT_NOPROTO 0x02
104: #define EBT_802_3 0x04
105: #define EBT_SOURCEMAC 0x08
106: #define EBT_DESTMAC 0x10
107: #define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
108:    | EBT_ENTRY_OR_ENTRIES)
109: 
110: #define EBT_IPROTO 0x01
111: #define EBT_IIN 0x02
112: #define EBT_IOUT 0x04
113: #define EBT_ISOURCE 0x8
114: #define EBT_IDEST 0x10
115: #define EBT_ILOGICALIN 0x20
116: #define EBT_ILOGICALOUT 0x40
117: #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
118:    | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
119: 
120: struct ebt_entry_match {
121:         union {
122:                 char name[EBT_FUNCTION_MAXNAMELEN];
123:                 struct xt_match *match;
124:         } u;
125:         /* size of data */
126:         unsigned int match_size;
127:         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
128: };
129: 
130: struct ebt_entry_watcher {
131:         union {
132:                 char name[EBT_FUNCTION_MAXNAMELEN];
133:                 struct xt_target *watcher;
134:         } u;
135:         /* size of data */
136:         unsigned int watcher_size;
137:         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
138: };
139: 
140: struct ebt_entry_target {
141:         union {
142:                 char name[EBT_FUNCTION_MAXNAMELEN];
143:                 struct xt_target *target;
144:         } u;
145:         /* size of data */
146:         unsigned int target_size;
147:         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
148: };
149: 
150: #define EBT_STANDARD_TARGET "standard"
151: struct ebt_standard_target {
152:         struct ebt_entry_target target;
153:         int verdict;
154: };
155: 
156: /* one entry */
157: struct ebt_entry {
158:         /* this needs to be the first field */
159:         unsigned int bitmask;
160:         unsigned int invflags;
161:         __be16 ethproto;
162:         /* the physical in-dev */
163:         char in[IFNAMSIZ];
164:         /* the logical in-dev */
165:         char logical_in[IFNAMSIZ];
166:         /* the physical out-dev */
167:         char out[IFNAMSIZ];
168:         /* the logical out-dev */
169:         char logical_out[IFNAMSIZ];
170:         unsigned char sourcemac[ETH_ALEN];
171:         unsigned char sourcemsk[ETH_ALEN];
172:         unsigned char destmac[ETH_ALEN];
173:         unsigned char destmsk[ETH_ALEN];
174:         /* sizeof ebt_entry + matches */
175:         unsigned int watchers_offset;
176:         /* sizeof ebt_entry + matches + watchers */
177:         unsigned int target_offset;
178:         /* sizeof ebt_entry + matches + watchers + target */
179:         unsigned int next_offset;
180:         unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
181: };
182: 
183: /* {g,s}etsockopt numbers */
184: #define EBT_BASE_CTL            128
185: 
186: #define EBT_SO_SET_ENTRIES      (EBT_BASE_CTL)
187: #define EBT_SO_SET_COUNTERS     (EBT_SO_SET_ENTRIES+1)
188: #define EBT_SO_SET_MAX          (EBT_SO_SET_COUNTERS+1)
189: 
190: #define EBT_SO_GET_INFO         (EBT_BASE_CTL)
191: #define EBT_SO_GET_ENTRIES      (EBT_SO_GET_INFO+1)
192: #define EBT_SO_GET_INIT_INFO    (EBT_SO_GET_ENTRIES+1)
193: #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
194: #define EBT_SO_GET_MAX          (EBT_SO_GET_INIT_ENTRIES+1)
195: 
196: 
197: /* blatently stolen from ip_tables.h
198:  * fn returns 0 to continue iteration */
199: #define EBT_MATCH_ITERATE(e, fn, args...)                   \
200: ({                                                          \
201:         unsigned int __i;                                   \
202:         int __ret = 0;                                      \
203:         struct ebt_entry_match *__match;                    \
204:                                                             \
205:         for (__i = sizeof(struct ebt_entry);                \
206:              __i < (e)->watchers_offset;                    \
207:              __i += __match->match_size +                   \
208:              sizeof(struct ebt_entry_match)) {              \
209:                 __match = (void *)(e) + __i;                \
210:                                                             \
211:                 __ret = fn(__match , ## args);              \
212:                 if (__ret != 0)                             \
213:                         break;                              \
214:         }                                                   \
215:         if (__ret == 0) {                                   \
216:                 if (__i != (e)->watchers_offset)            \
217:                         __ret = -EINVAL;                    \
218:         }                                                   \
219:         __ret;                                              \
220: })
221: 
222: #define EBT_WATCHER_ITERATE(e, fn, args...)                 \
223: ({                                                          \
224:         unsigned int __i;                                   \
225:         int __ret = 0;                                      \
226:         struct ebt_entry_watcher *__watcher;                \
227:                                                             \
228:         for (__i = e->watchers_offset;                      \
229:              __i < (e)->target_offset;                      \
230:              __i += __watcher->watcher_size +               \
231:              sizeof(struct ebt_entry_watcher)) {            \
232:                 __watcher = (void *)(e) + __i;              \
233:                                                             \
234:                 __ret = fn(__watcher , ## args);            \
235:                 if (__ret != 0)                             \
236:                         break;                              \
237:         }                                                   \
238:         if (__ret == 0) {                                   \
239:                 if (__i != (e)->target_offset)              \
240:                         __ret = -EINVAL;                    \
241:         }                                                   \
242:         __ret;                                              \
243: })
244: 
245: #define EBT_ENTRY_ITERATE(entries, size, fn, args...)       \
246: ({                                                          \
247:         unsigned int __i;                                   \
248:         int __ret = 0;                                      \
249:         struct ebt_entry *__entry;                          \
250:                                                             \
251:         for (__i = 0; __i < (size);) {                      \
252:                 __entry = (void *)(entries) + __i;          \
253:                 __ret = fn(__entry , ## args);              \
254:                 if (__ret != 0)                             \
255:                         break;                              \
256:                 if (__entry->bitmask != 0)                  \
257:                         __i += __entry->next_offset;        \
258:                 else                                        \
259:                         __i += sizeof(struct ebt_entries);  \
260:         }                                                   \
261:         if (__ret == 0) {                                   \
262:                 if (__i != (size))                          \
263:                         __ret = -EINVAL;                    \
264:         }                                                   \
265:         __ret;                                              \
266: })
267: 
268: #endif
269: 


for client (none)
© Andrew Scott 2006 - 2025,
All Rights Reserved
http://www.andrew-scott.uk/
Andrew Scott
http://www.andrew-scott.co.uk/