/* * $Id: ebtables.c,v 1.03 2002/01/19 * * Copyright (C) 2001-2002 Bart De Schuymer * * This code is stongly inspired on the iptables code which is * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifndef EBTABLES_U_H #define EBTABLES_U_H #include #include struct ebt_u_entries { int policy; unsigned int nentries; // counter offset for this chain unsigned int counter_offset; // used for udc unsigned int hook_mask; char name[EBT_CHAIN_MAXNAMELEN]; struct ebt_u_entry *entries; }; struct ebt_u_chain_list { struct ebt_u_entries *udc; struct ebt_u_chain_list *next; // this is only used internally, in communication.c char *kernel_start; }; struct ebt_u_replace { char name[EBT_TABLE_MAXNAMELEN]; unsigned int valid_hooks; // nr of rules in the table unsigned int nentries; struct ebt_u_entries *hook_entry[NF_BR_NUMHOOKS]; // user defined chains (udc) list struct ebt_u_chain_list *udc; // nr of counters userspace expects back unsigned int num_counters; // where the kernel will put the old counters struct ebt_counter *counters; // can be used e.g. to know if a standard option // has been specified twice unsigned int flags; // we stick the specified command (e.g. -A) in here char command; // here we stick the hook to do our thing on (can be -1 if unspecified) int selected_hook; // used for the atomic option char *filename; // tells what happened to the old rules unsigned short *counterchanges; }; struct ebt_u_table { char name[EBT_TABLE_MAXNAMELEN]; int (*check)(struct ebt_u_replace *repl); void (*help)(char **); struct ebt_u_table *next; }; struct ebt_u_match_list { struct ebt_u_match_list *next; struct ebt_entry_match *m; }; struct ebt_u_watcher_list { struct ebt_u_watcher_list *next; struct ebt_entry_watcher *w; }; struct ebt_u_entry { unsigned int bitmask; unsigned int invflags; uint16_t ethproto; char in[IFNAMSIZ]; char logical_in[IFNAMSIZ]; char out[IFNAMSIZ]; char logical_out[IFNAMSIZ]; unsigned char sourcemac[ETH_ALEN]; unsigned char sourcemsk[ETH_ALEN]; unsigned char destmac[ETH_ALEN]; unsigned char destmsk[ETH_ALEN]; struct ebt_u_match_list *m_list; struct ebt_u_watcher_list *w_list; struct ebt_entry_target *t; struct ebt_u_entry *next; }; struct ebt_u_match { char name[EBT_FUNCTION_MAXNAMELEN]; // size of the real match data + sizeof struct ebt_match unsigned int size; void (*help)(void); void (*init)(struct ebt_entry_match *m); int (*parse)(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_match **match); void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, unsigned int hook_mask, unsigned int time); void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_match *match); int (*compare)(const struct ebt_entry_match *m1, const struct ebt_entry_match *m2); const struct option *extra_ops; // can be used e.g. to check for multiple occurance of the same option unsigned int flags; unsigned int option_offset; struct ebt_entry_match *m; // if used == 1 we no longer have to add it to // the match chain of the new entry unsigned int used; struct ebt_u_match *next; }; struct ebt_u_watcher { char name[EBT_FUNCTION_MAXNAMELEN]; unsigned int size; void (*help)(void); void (*init)(struct ebt_entry_watcher *w); int (*parse)(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_watcher **watcher); void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watch, const char *name, unsigned int hook_mask, unsigned int time); void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watcher); int (*compare)(const struct ebt_entry_watcher *w1, const struct ebt_entry_watcher *w2); const struct option *extra_ops; unsigned int flags; unsigned int option_offset; struct ebt_entry_watcher *w; unsigned int used; struct ebt_u_watcher *next; }; struct ebt_u_target { char name[EBT_FUNCTION_MAXNAMELEN]; unsigned int size; void (*help)(void); void (*init)(struct ebt_entry_target *t); int (*parse)(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target); void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, unsigned int hook_mask, unsigned int time); void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_target *target); int (*compare)(const struct ebt_entry_target *t1, const struct ebt_entry_target *t2); const struct option *extra_ops; unsigned int option_offset; unsigned int flags; struct ebt_entry_target *t; unsigned int used; struct ebt_u_target *next; }; void register_table(struct ebt_u_table *); void register_match(struct ebt_u_match *); void register_watcher(struct ebt_u_watcher *); void register_target(struct ebt_u_target *t); int get_table(struct ebt_u_replace *repl); struct ebt_u_target *find_target(const char *name); struct ebt_u_match *find_match(const char *name); struct ebt_u_watcher *find_watcher(const char *name); struct ebt_u_table *find_table(char *name); void deliver_counters(struct ebt_u_replace *repl); void deliver_table(struct ebt_u_replace *repl); int name_to_number(char *name, uint16_t *proto); int number_to_name(unsigned short proto, char *name); void check_option(unsigned int *flags, unsigned int mask); int check_inverse(const char option[]); void __print_bug(char *file, int line, char *format, ...); #define print_bug(format, args...) \ __print_bug(__FILE__, __LINE__, format, ##args) #define print_error(format, args...) {printf(format".\n", ##args); exit(-1);} #define print_memory() {printf("Ebtables: " __FILE__ " " __FUNCTION__ \ " %d :Out of memory.\n", __LINE__); exit(-1);} // used for keeping the rule counters right during rule adds or deletes #define CNT_NORM 0 #define CNT_DEL 1 #define CNT_ADD 2 #define CNT_END 3 #define CNT_ZERO 4 extern char *standard_targets[NUM_STANDARD_TARGETS]; // Transforms a target string into the right integer, // returns 0 on success. #define FILL_TARGET(_str, _pos) ({ \ int _i, _ret = 0; \ for (_i = 0; _i < NUM_STANDARD_TARGETS; _i++) \ if (!strcmp(_str, standard_targets[_i])) {\ _pos = -_i - 1; \ break; \ } \ if (_i == NUM_STANDARD_TARGETS) \ _ret = 1; \ _ret; \ }) // Transforms the target value to an index into standard_targets[] #define TARGET_INDEX(_value) (-_value - 1) // Returns a target string corresponding to the value #define TARGET_NAME(_value) (standard_targets[TARGET_INDEX(_value)]) // True if the hook mask denotes that the rule is in a base chain #define BASE_CHAIN (hook_mask & (1 << NF_BR_NUMHOOKS)) // Clear the bit in the hook_mask that tells if the rule is on a base chain #define CLEAR_BASE_CHAIN_BIT (hook_mask &= ~(1 << NF_BR_NUMHOOKS)) #endif /* EBTABLES_U_H */