1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * ebtables 4 * 5 * Authors: 6 * Bart De Schuymer <bdschuym@pandora.be> 7 * 8 * ebtables.c,v 2.0, April, 2002 9 * 10 * This code is strongly inspired by the iptables code which is 11 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 12 */ 13 #ifndef __LINUX_BRIDGE_EFF_H 14 #define __LINUX_BRIDGE_EFF_H 15 16 #include <linux/if.h> 17 #include <linux/if_ether.h> 18 #include <uapi/linux/netfilter_bridge/ebtables.h> 19 20 struct ebt_match { 21 struct list_head list; 22 const char name[EBT_FUNCTION_MAXNAMELEN]; 23 bool (*match)(const struct sk_buff *skb, const struct net_device *in, 24 const struct net_device *out, const struct xt_match *match, 25 const void *matchinfo, int offset, unsigned int protoff, 26 bool *hotdrop); 27 bool (*checkentry)(const char *table, const void *entry, 28 const struct xt_match *match, void *matchinfo, 29 unsigned int hook_mask); 30 void (*destroy)(const struct xt_match *match, void *matchinfo); 31 unsigned int matchsize; 32 u_int8_t revision; 33 u_int8_t family; 34 struct module *me; 35 }; 36 37 struct ebt_watcher { 38 struct list_head list; 39 const char name[EBT_FUNCTION_MAXNAMELEN]; 40 unsigned int (*target)(struct sk_buff *skb, 41 const struct net_device *in, const struct net_device *out, 42 unsigned int hook_num, const struct xt_target *target, 43 const void *targinfo); 44 bool (*checkentry)(const char *table, const void *entry, 45 const struct xt_target *target, void *targinfo, 46 unsigned int hook_mask); 47 void (*destroy)(const struct xt_target *target, void *targinfo); 48 unsigned int targetsize; 49 u_int8_t revision; 50 u_int8_t family; 51 struct module *me; 52 }; 53 54 struct ebt_target { 55 struct list_head list; 56 const char name[EBT_FUNCTION_MAXNAMELEN]; 57 /* returns one of the standard EBT_* verdicts */ 58 unsigned int (*target)(struct sk_buff *skb, 59 const struct net_device *in, const struct net_device *out, 60 unsigned int hook_num, const struct xt_target *target, 61 const void *targinfo); 62 bool (*checkentry)(const char *table, const void *entry, 63 const struct xt_target *target, void *targinfo, 64 unsigned int hook_mask); 65 void (*destroy)(const struct xt_target *target, void *targinfo); 66 unsigned int targetsize; 67 u_int8_t revision; 68 u_int8_t family; 69 struct module *me; 70 }; 71 72 /* used for jumping from and into user defined chains (udc) */ 73 struct ebt_chainstack { 74 struct ebt_entries *chaininfo; /* pointer to chain data */ 75 struct ebt_entry *e; /* pointer to entry data */ 76 unsigned int n; /* n'th entry */ 77 }; 78 79 struct ebt_table_info { 80 /* total size of the entries */ 81 unsigned int entries_size; 82 unsigned int nentries; 83 /* pointers to the start of the chains */ 84 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; 85 /* room to maintain the stack used for jumping from and into udc */ 86 struct ebt_chainstack **chainstack; 87 char *entries; 88 struct ebt_counter counters[] ____cacheline_aligned; 89 }; 90 91 struct ebt_table { 92 struct list_head list; 93 char name[EBT_TABLE_MAXNAMELEN]; 94 struct ebt_replace_kernel *table; 95 unsigned int valid_hooks; 96 rwlock_t lock; 97 /* the data used by the kernel */ 98 struct ebt_table_info *private; 99 struct nf_hook_ops *ops; 100 struct module *me; 101 }; 102 103 #define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \ 104 ~(__alignof__(struct _xt_align)-1)) 105 106 extern int ebt_register_table(struct net *net, 107 const struct ebt_table *table, 108 const struct nf_hook_ops *ops); 109 extern void ebt_unregister_table(struct net *net, const char *tablename); 110 void ebt_unregister_table_pre_exit(struct net *net, const char *tablename); 111 extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb, 112 const struct nf_hook_state *state); 113 114 /* True if the hook mask denotes that the rule is in a base chain, 115 * used in the check() functions */ 116 #define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS)) 117 /* Clear the bit in the hook mask that tells if the rule is on a base chain */ 118 #define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS)) 119 120 static inline bool ebt_invalid_target(int target) 121 { 122 return (target < -NUM_STANDARD_TARGETS || target >= 0); 123 } 124 125 int ebt_register_template(const struct ebt_table *t, int(*table_init)(struct net *net)); 126 void ebt_unregister_template(const struct ebt_table *t); 127 #endif 128