summaryrefslogtreecommitdiffstats
path: root/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h')
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h55
1 files changed, 24 insertions, 31 deletions
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
index f98f5fb..307c1fe 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_among.h
@@ -4,9 +4,11 @@
#define EBT_AMONG_DST 0x01
#define EBT_AMONG_SRC 0x02
-/* Write-once-read-many hash table, used for checking if a given
- * MAC address belongs to a set or not. It remembers up to 256
- * addresses.
+/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
+ *
+ * Write-once-read-many hash table, used for checking if a given
+ * MAC address belongs to a set or not and possibly for checking
+ * if it is related with a given IPv4 address.
*
* The hash value of an address is its last byte.
*
@@ -25,48 +27,39 @@
* if they are the same we compare 2 first.
*
* Yes, it is a memory overhead, but in 2003 AD, who cares?
- *
- * `next_ofs' contains a "serialized" pointer to the next tuple in
- * the synonym list. It is a difference between address of the next
- * tuple and address of the entire wormhash structure, in bytes
- * or 0 if there is no next tuple.
- *
- * `table' contains begins of the synonym lists for
- *
- * This was introduced to make wormhash structure movable. As you may
- * guess, once structure is passed to the kernel, the real pointers
- * would become invalid. Also comparison would not work if they were
- * built of absolute pointers.
- *
- * From the other side, using indices of the `pool' array would be
- * slower. CPU would have to multiply index * size of tuple at each
- * access to a tuple and add this to the address of the beginning
- * of the `pool' array.
- *
- * Summary:
- *
- * The code is damn unreadable and unclear, but - and that's the
- * point - effective.
*/
struct ebt_mac_wormhash_tuple
{
- int next_ofs;
uint32_t cmp[2];
+ uint32_t ip;
};
struct ebt_mac_wormhash
{
- int table[256];
- struct ebt_mac_wormhash_tuple pool[256];
+ int table[257];
+ int poolsize;
+ struct ebt_mac_wormhash_tuple pool[0];
};
+#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
+ + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
+
struct ebt_among_info
{
- uint32_t bitmask;
- struct ebt_mac_wormhash wh_dst;
- struct ebt_mac_wormhash wh_src;
+ int wh_dst_ofs;
+ int wh_src_ofs;
+ int bitmask;
};
+
+#define EBT_AMONG_DST_NEG 0x1
+#define EBT_AMONG_SRC_NEG 0x2
+
+#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
+ (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
+#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
+ (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
+
#define EBT_AMONG_MATCH "among"
#endif