diff options
Diffstat (limited to 'iptables/nft-bridge.h')
-rw-r--r-- | iptables/nft-bridge.h | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h index 83575432..cd63c11a 100644 --- a/iptables/nft-bridge.h +++ b/iptables/nft-bridge.h @@ -4,7 +4,9 @@ #include <netinet/in.h> //#include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter/x_tables.h> +#include <linux/netfilter/nf_tables.h> #include <net/ethernet.h> +#include <libiptc/libxtc.h> /* We use replace->flags, so we can't use the following values: * 0x01 == OPT_COMMAND, 0x02 == OPT_TABLE, 0x100 == OPT_ZERO */ @@ -62,6 +64,12 @@ int ebt_get_mac_and_mask(const char *from, unsigned char *to, unsigned char *mas #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \ | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST) +/* ebtables target modules store the verdict inside an int. We can + * reclaim a part of this int for backwards compatible extensions. + * The 4 lsb are more than enough to store the verdict. + */ +#define EBT_VERDICT_BITS 0x0000000F + /* Fake ebt_entry */ struct ebt_entry { /* this needs to be the first field */ @@ -102,4 +110,49 @@ struct ebtables_command_state { void nft_rule_to_ebtables_command_state(struct nft_rule *r, struct ebtables_command_state *cs); +static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = { + "ACCEPT", + "DROP", + "CONTINUE", + "RETURN", +}; + +static inline const char *nft_ebt_standard_target(unsigned int num) +{ + if (num > NUM_STANDARD_TARGETS) + return NULL; + + return ebt_standard_targets[num]; +} + +static inline int ebt_fill_target(const char *str, unsigned int *verdict) +{ + int i, ret = 0; + + for (i = 0; i < NUM_STANDARD_TARGETS; i++) { + if (!strcmp(str, nft_ebt_standard_target(i))) { + *verdict = -i - 1; + break; + } + } + + if (i == NUM_STANDARD_TARGETS) + ret = 1; + + return ret; +} + +static inline const char *ebt_target_name(unsigned int verdict) +{ + return nft_ebt_standard_target(-verdict - 1); +} + +#define EBT_CHECK_OPTION(flags, mask) ({ \ + if (*flags & mask) \ + xtables_error(PARAMETER_PROBLEM, \ + "Multiple use of same " \ + "option not allowed"); \ + *flags |= mask; \ +}) \ + #endif |