root/include/uapi/linux/netfilter_bridge/ebtables.h

INCLUDED FROM

DEFINITIONS

1. ebt_get_target

   1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
   2 /*
   3  *  ebtables
   4  *
   5  *      Authors:
   6  *      Bart De Schuymer                <bdschuym@pandora.be>
   7  *
   8  *  ebtables.c,v 2.0, April, 2002
   9  *
  10  *  This code is strongly inspired by the iptables code which is
  11  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
  12  */
  13 
  14 #ifndef _UAPI__LINUX_BRIDGE_EFF_H
  15 #define _UAPI__LINUX_BRIDGE_EFF_H
  16 #include <linux/types.h>
  17 #include <linux/if.h>
  18 #include <linux/netfilter_bridge.h>
  19 
  20 #define EBT_TABLE_MAXNAMELEN 32
  21 #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
  22 #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
  23 #define EBT_EXTENSION_MAXNAMELEN 31
  24 
  25 /* verdicts >0 are "branches" */
  26 #define EBT_ACCEPT   -1
  27 #define EBT_DROP     -2
  28 #define EBT_CONTINUE -3
  29 #define EBT_RETURN   -4
  30 #define NUM_STANDARD_TARGETS   4
  31 /* ebtables target modules store the verdict inside an int. We can
  32  * reclaim a part of this int for backwards compatible extensions.
  33  * The 4 lsb are more than enough to store the verdict. */
  34 #define EBT_VERDICT_BITS 0x0000000F
  35 
  36 struct xt_match;
  37 struct xt_target;
  38 
  39 struct ebt_counter {
  40         __u64 pcnt;
  41         __u64 bcnt;
  42 };
  43 
  44 struct ebt_replace {
  45         char name[EBT_TABLE_MAXNAMELEN];
  46         unsigned int valid_hooks;
  47         /* nr of rules in the table */
  48         unsigned int nentries;
  49         /* total size of the entries */
  50         unsigned int entries_size;
  51         /* start of the chains */
  52         struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
  53         /* nr of counters userspace expects back */
  54         unsigned int num_counters;
  55         /* where the kernel will put the old counters */
  56         struct ebt_counter __user *counters;
  57         char __user *entries;
  58 };
  59 
  60 struct ebt_replace_kernel {
  61         char name[EBT_TABLE_MAXNAMELEN];
  62         unsigned int valid_hooks;
  63         /* nr of rules in the table */
  64         unsigned int nentries;
  65         /* total size of the entries */
  66         unsigned int entries_size;
  67         /* start of the chains */
  68         struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
  69         /* nr of counters userspace expects back */
  70         unsigned int num_counters;
  71         /* where the kernel will put the old counters */
  72         struct ebt_counter *counters;
  73         char *entries;
  74 };
  75 
  76 struct ebt_entries {
  77         /* this field is always set to zero
  78          * See EBT_ENTRY_OR_ENTRIES.
  79          * Must be same size as ebt_entry.bitmask */
  80         unsigned int distinguisher;
  81         /* the chain name */
  82         char name[EBT_CHAIN_MAXNAMELEN];
  83         /* counter offset for this chain */
  84         unsigned int counter_offset;
  85         /* one standard (accept, drop, return) per hook */
  86         int policy;
  87         /* nr. of entries */
  88         unsigned int nentries;
  89         /* entry list */
  90         char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
  91 };
  92 
  93 /* used for the bitmask of struct ebt_entry */
  94 
  95 /* This is a hack to make a difference between an ebt_entry struct and an
  96  * ebt_entries struct when traversing the entries from start to end.
  97  * Using this simplifies the code a lot, while still being able to use
  98  * ebt_entries.
  99  * Contrary, iptables doesn't use something like ebt_entries and therefore uses
 100  * different techniques for naming the policy and such. So, iptables doesn't
 101  * need a hack like this.
 102  */
 103 #define EBT_ENTRY_OR_ENTRIES 0x01
 104 /* these are the normal masks */
 105 #define EBT_NOPROTO 0x02
 106 #define EBT_802_3 0x04
 107 #define EBT_SOURCEMAC 0x08
 108 #define EBT_DESTMAC 0x10
 109 #define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
 110    | EBT_ENTRY_OR_ENTRIES)
 111 
 112 #define EBT_IPROTO 0x01
 113 #define EBT_IIN 0x02
 114 #define EBT_IOUT 0x04
 115 #define EBT_ISOURCE 0x8
 116 #define EBT_IDEST 0x10
 117 #define EBT_ILOGICALIN 0x20
 118 #define EBT_ILOGICALOUT 0x40
 119 #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
 120    | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
 121 
 122 struct ebt_entry_match {
 123         union {
 124                 struct {
 125                         char name[EBT_EXTENSION_MAXNAMELEN];
 126                         __u8 revision;
 127                 };
 128                 struct xt_match *match;
 129         } u;
 130         /* size of data */
 131         unsigned int match_size;
 132         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 133 };
 134 
 135 struct ebt_entry_watcher {
 136         union {
 137                 struct {
 138                         char name[EBT_EXTENSION_MAXNAMELEN];
 139                         __u8 revision;
 140                 };
 141                 struct xt_target *watcher;
 142         } u;
 143         /* size of data */
 144         unsigned int watcher_size;
 145         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 146 };
 147 
 148 struct ebt_entry_target {
 149         union {
 150                 struct {
 151                         char name[EBT_EXTENSION_MAXNAMELEN];
 152                         __u8 revision;
 153                 };
 154                 struct xt_target *target;
 155         } u;
 156         /* size of data */
 157         unsigned int target_size;
 158         unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 159 };
 160 
 161 #define EBT_STANDARD_TARGET "standard"
 162 struct ebt_standard_target {
 163         struct ebt_entry_target target;
 164         int verdict;
 165 };
 166 
 167 /* one entry */
 168 struct ebt_entry {
 169         /* this needs to be the first field */
 170         unsigned int bitmask;
 171         unsigned int invflags;
 172         __be16 ethproto;
 173         /* the physical in-dev */
 174         char in[IFNAMSIZ];
 175         /* the logical in-dev */
 176         char logical_in[IFNAMSIZ];
 177         /* the physical out-dev */
 178         char out[IFNAMSIZ];
 179         /* the logical out-dev */
 180         char logical_out[IFNAMSIZ];
 181         unsigned char sourcemac[ETH_ALEN];
 182         unsigned char sourcemsk[ETH_ALEN];
 183         unsigned char destmac[ETH_ALEN];
 184         unsigned char destmsk[ETH_ALEN];
 185         /* sizeof ebt_entry + matches */
 186         unsigned int watchers_offset;
 187         /* sizeof ebt_entry + matches + watchers */
 188         unsigned int target_offset;
 189         /* sizeof ebt_entry + matches + watchers + target */
 190         unsigned int next_offset;
 191         unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 192 };
 193 
 194 static __inline__ struct ebt_entry_target *
 195 ebt_get_target(struct ebt_entry *e)
 196 {
 197         return (void *)e + e->target_offset;
 198 }
 199 
 200 /* {g,s}etsockopt numbers */
 201 #define EBT_BASE_CTL            128
 202 
 203 #define EBT_SO_SET_ENTRIES      (EBT_BASE_CTL)
 204 #define EBT_SO_SET_COUNTERS     (EBT_SO_SET_ENTRIES+1)
 205 #define EBT_SO_SET_MAX          (EBT_SO_SET_COUNTERS+1)
 206 
 207 #define EBT_SO_GET_INFO         (EBT_BASE_CTL)
 208 #define EBT_SO_GET_ENTRIES      (EBT_SO_GET_INFO+1)
 209 #define EBT_SO_GET_INIT_INFO    (EBT_SO_GET_ENTRIES+1)
 210 #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
 211 #define EBT_SO_GET_MAX          (EBT_SO_GET_INIT_ENTRIES+1)
 212 
 213 
 214 /* blatently stolen from ip_tables.h
 215  * fn returns 0 to continue iteration */
 216 #define EBT_MATCH_ITERATE(e, fn, args...)                   \
 217 ({                                                          \
 218         unsigned int __i;                                   \
 219         int __ret = 0;                                      \
 220         struct ebt_entry_match *__match;                    \
 221                                                             \
 222         for (__i = sizeof(struct ebt_entry);                \
 223              __i < (e)->watchers_offset;                    \
 224              __i += __match->match_size +                   \
 225              sizeof(struct ebt_entry_match)) {              \
 226                 __match = (void *)(e) + __i;                \
 227                                                             \
 228                 __ret = fn(__match , ## args);              \
 229                 if (__ret != 0)                             \
 230                         break;                              \
 231         }                                                   \
 232         if (__ret == 0) {                                   \
 233                 if (__i != (e)->watchers_offset)            \
 234                         __ret = -EINVAL;                    \
 235         }                                                   \
 236         __ret;                                              \
 237 })
 238 
 239 #define EBT_WATCHER_ITERATE(e, fn, args...)                 \
 240 ({                                                          \
 241         unsigned int __i;                                   \
 242         int __ret = 0;                                      \
 243         struct ebt_entry_watcher *__watcher;                \
 244                                                             \
 245         for (__i = e->watchers_offset;                      \
 246              __i < (e)->target_offset;                      \
 247              __i += __watcher->watcher_size +               \
 248              sizeof(struct ebt_entry_watcher)) {            \
 249                 __watcher = (void *)(e) + __i;              \
 250                                                             \
 251                 __ret = fn(__watcher , ## args);            \
 252                 if (__ret != 0)                             \
 253                         break;                              \
 254         }                                                   \
 255         if (__ret == 0) {                                   \
 256                 if (__i != (e)->target_offset)              \
 257                         __ret = -EINVAL;                    \
 258         }                                                   \
 259         __ret;                                              \
 260 })
 261 
 262 #define EBT_ENTRY_ITERATE(entries, size, fn, args...)       \
 263 ({                                                          \
 264         unsigned int __i;                                   \
 265         int __ret = 0;                                      \
 266         struct ebt_entry *__entry;                          \
 267                                                             \
 268         for (__i = 0; __i < (size);) {                      \
 269                 __entry = (void *)(entries) + __i;          \
 270                 __ret = fn(__entry , ## args);              \
 271                 if (__ret != 0)                             \
 272                         break;                              \
 273                 if (__entry->bitmask != 0)                  \
 274                         __i += __entry->next_offset;        \
 275                 else                                        \
 276                         __i += sizeof(struct ebt_entries);  \
 277         }                                                   \
 278         if (__ret == 0) {                                   \
 279                 if (__i != (size))                          \
 280                         __ret = -EINVAL;                    \
 281         }                                                   \
 282         __ret;                                              \
 283 })
 284 
 285 #endif /* _UAPI__LINUX_BRIDGE_EFF_H */