summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h9
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h55
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_arpreply.h11
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_stp.h46
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h52
5 files changed, 117 insertions, 56 deletions
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h
index b3d6c32..b9f712c 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h
@@ -49,6 +49,15 @@ struct ebt_802_3_hdr {
} llc;
};
+#ifdef __KERNEL__
+#include <linux/skbuff.h>
+
+static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb)
+{
+ return (struct ebt_802_3_hdr *)skb->mac.raw;
+}
+#endif
+
struct ebt_802_3_info
{
uint8_t sap;
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
index f98f5fb..307c1fe 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
@@ -4,9 +4,11 @@
#define EBT_AMONG_DST 0x01
#define EBT_AMONG_SRC 0x02
-/* Write-once-read-many hash table, used for checking if a given
- * MAC address belongs to a set or not. It remembers up to 256
- * addresses.
+/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
+ *
+ * Write-once-read-many hash table, used for checking if a given
+ * MAC address belongs to a set or not and possibly for checking
+ * if it is related with a given IPv4 address.
*
* The hash value of an address is its last byte.
*
@@ -25,48 +27,39 @@
* if they are the same we compare 2 first.
*
* Yes, it is a memory overhead, but in 2003 AD, who cares?
- *
- * `next_ofs' contains a "serialized" pointer to the next tuple in
- * the synonym list. It is a difference between address of the next
- * tuple and address of the entire wormhash structure, in bytes
- * or 0 if there is no next tuple.
- *
- * `table' contains begins of the synonym lists for
- *
- * This was introduced to make wormhash structure movable. As you may
- * guess, once structure is passed to the kernel, the real pointers
- * would become invalid. Also comparison would not work if they were
- * built of absolute pointers.
- *
- * From the other side, using indices of the `pool' array would be
- * slower. CPU would have to multiply index * size of tuple at each
- * access to a tuple and add this to the address of the beginning
- * of the `pool' array.
- *
- * Summary:
- *
- * The code is damn unreadable and unclear, but - and that's the
- * point - effective.
*/
struct ebt_mac_wormhash_tuple
{
- int next_ofs;
uint32_t cmp[2];
+ uint32_t ip;
};
struct ebt_mac_wormhash
{
- int table[256];
- struct ebt_mac_wormhash_tuple pool[256];
+ int table[257];
+ int poolsize;
+ struct ebt_mac_wormhash_tuple pool[0];
};
+#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
+ + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
+
struct ebt_among_info
{
- uint32_t bitmask;
- struct ebt_mac_wormhash wh_dst;
- struct ebt_mac_wormhash wh_src;
+ int wh_dst_ofs;
+ int wh_src_ofs;
+ int bitmask;
};
+
+#define EBT_AMONG_DST_NEG 0x1
+#define EBT_AMONG_SRC_NEG 0x2
+
+#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
+ (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
+#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
+ (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
+
#define EBT_AMONG_MATCH "among"
#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_arpreply.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_arpreply.h
new file mode 100644
index 0000000..96a8339
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_arpreply.h
@@ -0,0 +1,11 @@
+#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
+#define __LINUX_BRIDGE_EBT_ARPREPLY_H
+
+struct ebt_arpreply_info
+{
+ unsigned char mac[ETH_ALEN];
+ int target;
+};
+#define EBT_ARPREPLY_TARGET "arpreply"
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_stp.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_stp.h
new file mode 100644
index 0000000..e5fd678
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_stp.h
@@ -0,0 +1,46 @@
+#ifndef __LINUX_BRIDGE_EBT_STP_H
+#define __LINUX_BRIDGE_EBT_STP_H
+
+#define EBT_STP_TYPE 0x0001
+
+#define EBT_STP_FLAGS 0x0002
+#define EBT_STP_ROOTPRIO 0x0004
+#define EBT_STP_ROOTADDR 0x0008
+#define EBT_STP_ROOTCOST 0x0010
+#define EBT_STP_SENDERPRIO 0x0020
+#define EBT_STP_SENDERADDR 0x0040
+#define EBT_STP_PORT 0x0080
+#define EBT_STP_MSGAGE 0x0100
+#define EBT_STP_MAXAGE 0x0200
+#define EBT_STP_HELLOTIME 0x0400
+#define EBT_STP_FWDD 0x0800
+
+#define EBT_STP_MASK 0x0fff
+#define EBT_STP_CONFIG_MASK 0x0ffe
+
+#define EBT_STP_MATCH "stp"
+
+struct ebt_stp_config_info
+{
+ uint8_t flags;
+ uint16_t root_priol, root_priou;
+ char root_addr[6], root_addrmsk[6];
+ uint32_t root_costl, root_costu;
+ uint16_t sender_priol, sender_priou;
+ char sender_addr[6], sender_addrmsk[6];
+ uint16_t portl, portu;
+ uint16_t msg_agel, msg_ageu;
+ uint16_t max_agel, max_ageu;
+ uint16_t hello_timel, hello_timeu;
+ uint16_t forward_delayl, forward_delayu;
+};
+
+struct ebt_stp_info
+{
+ uint8_t type;
+ struct ebt_stp_config_info config;
+ uint16_t bitmask;
+ uint16_t invflags;
+};
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h
index 1056e45..b1a7cc9 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h
@@ -33,6 +33,23 @@ struct ebt_counter
uint64_t bcnt;
};
+struct ebt_replace
+{
+ char name[EBT_TABLE_MAXNAMELEN];
+ unsigned int valid_hooks;
+ /* nr of rules in the table */
+ unsigned int nentries;
+ /* total size of the entries */
+ unsigned int entries_size;
+ /* start of the chains */
+ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
+ /* nr of counters userspace expects back */
+ unsigned int num_counters;
+ /* where the kernel will put the old counters */
+ struct ebt_counter *counters;
+ char *entries;
+};
+
struct ebt_entries {
/* this field is always set to zero
* See EBT_ENTRY_OR_ENTRIES.
@@ -47,7 +64,7 @@ struct ebt_entries {
/* nr. of entries */
unsigned int nentries;
/* entry list */
- char data[0];
+ char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
/* used for the bitmask of struct ebt_entry */
@@ -87,7 +104,7 @@ struct ebt_entry_match
} u;
/* size of data */
unsigned int match_size;
- unsigned char data[0];
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
struct ebt_entry_watcher
@@ -98,7 +115,7 @@ struct ebt_entry_watcher
} u;
/* size of data */
unsigned int watcher_size;
- unsigned char data[0];
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
struct ebt_entry_target
@@ -109,7 +126,7 @@ struct ebt_entry_target
} u;
/* size of data */
unsigned int target_size;
- unsigned char data[0];
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
#define EBT_STANDARD_TARGET "standard"
@@ -143,24 +160,7 @@ struct ebt_entry {
unsigned int target_offset;
/* sizeof ebt_entry + matches + watchers + target */
unsigned int next_offset;
- unsigned char elems[0];
-};
-
-struct ebt_replace
-{
- char name[EBT_TABLE_MAXNAMELEN];
- unsigned int valid_hooks;
- /* nr of rules in the table */
- unsigned int nentries;
- /* total size of the entries */
- unsigned int entries_size;
- /* start of the chains */
- struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
- /* nr of counters userspace expects back */
- unsigned int num_counters;
- /* where the kernel will put the old counters */
- struct ebt_counter *counters;
- char *entries;
+ unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
/* {g,s}etsockopt numbers */
@@ -201,9 +201,9 @@ struct ebt_watcher
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
- void (*watcher)(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const void *watcherdata,
- unsigned int datalen);
+ void (*watcher)(const struct sk_buff *skb, unsigned int hooknr,
+ const struct net_device *in, const struct net_device *out,
+ const void *watcherdata, unsigned int datalen);
/* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
@@ -263,6 +263,8 @@ struct ebt_table
struct module *me;
};
+#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \
+ ~(__alignof__(struct ebt_replace)-1))
extern int ebt_register_table(struct ebt_table *table);
extern void ebt_unregister_table(struct ebt_table *table);
extern int ebt_register_match(struct ebt_match *match);