From 1abc55d3114378b4e73ec315eac6b122e55148c4 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sat, 1 Jun 2002 19:23:47 +0000 Subject: Initial revision --- include/ebtables_u.h | 206 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 206 insertions(+) create mode 100644 include/ebtables_u.h (limited to 'include') diff --git a/include/ebtables_u.h b/include/ebtables_u.h new file mode 100644 index 0000000..d31186c --- /dev/null +++ b/include/ebtables_u.h @@ -0,0 +1,206 @@ +/* + * $Id: ebtables.c,v 1.03 2002/01/19 + * + * Copyright (C) 2001-2002 Bart De Schuymer + * + * This code is stongly inspired on the iptables code which is + * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef EBTABLES_U_H +#define EBTABLES_U_H +#include +#include + +struct ebt_u_entries +{ + __u8 policy; + __u32 nentries; + struct ebt_u_entry *entries; +}; + + +struct ebt_u_replace +{ + char name[EBT_TABLE_MAXNAMELEN]; + unsigned int valid_hooks; + // nr of rules in the table + unsigned int nentries; + struct ebt_u_entries *hook_entry[NF_BR_NUMHOOKS]; + // how many counters in front of it? + unsigned int counter_entry[NF_BR_NUMHOOKS]; + // nr of counters userspace expects back + unsigned int num_counters; + // where the kernel will put the old counters + struct ebt_counter *counters; + // can be used e.g. to know if a standard option + // has been specified twice + unsigned int flags; + // we stick the specified command (e.g. -A) in here + char command; + // here we stick the hook to do our thing on (can be -1 if unspecified) + int selected_hook; +}; + +struct ebt_u_table +{ + char name[EBT_TABLE_MAXNAMELEN]; + int (*check)(struct ebt_u_replace *repl); + void (*help)(char **); + struct ebt_u_table *next; +}; + +struct ebt_u_match_list +{ + struct ebt_u_match_list *next; + struct ebt_entry_match *m; +}; + +struct ebt_u_watcher_list +{ + struct ebt_u_watcher_list *next; + struct ebt_entry_watcher *w; +}; + +struct ebt_u_entry +{ + __u32 bitmask; + __u32 invflags; + __u16 ethproto; + __u8 in[IFNAMSIZ]; + __u8 logical_in[IFNAMSIZ]; + __u8 out[IFNAMSIZ]; + __u8 logical_out[IFNAMSIZ]; + __u8 sourcemac[ETH_ALEN]; + __u8 sourcemsk[ETH_ALEN]; + __u8 destmac[ETH_ALEN]; + __u8 destmsk[ETH_ALEN]; + struct ebt_u_match_list *m_list; + struct ebt_u_watcher_list *w_list; + struct ebt_entry_target *t; + struct ebt_u_entry *next; +}; + +struct ebt_u_match +{ + char name[EBT_FUNCTION_MAXNAMELEN]; + // size of the real match data + sizeof struct ebt_match + unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_match *m); + int (*parse)(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_match **match); + void (*final_check)(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match, + const char *name, unsigned int hook); + void (*print)(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match); + int (*compare)(const struct ebt_entry_match *m1, + const struct ebt_entry_match *m2); + const struct option *extra_ops; + // can be used e.g. to check for multiple occurance of the same option + unsigned int flags; + unsigned int option_offset; + struct ebt_entry_match *m; + // if used == 1 we no longer have to add it to + // the match chain of the new entry + unsigned int used; + struct ebt_u_match *next; +}; + +struct ebt_u_watcher +{ + char name[EBT_FUNCTION_MAXNAMELEN]; + unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_watcher *w); + int (*parse)(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_watcher **watcher); + void (*final_check)(const struct ebt_u_entry *entry, + const struct ebt_entry_watcher *watch, const char *name, + unsigned int hook); + void (*print)(const struct ebt_u_entry *entry, + const struct ebt_entry_watcher *watcher); + int (*compare)(const struct ebt_entry_watcher *w1, + const struct ebt_entry_watcher *w2); + const struct option *extra_ops; + unsigned int flags; + unsigned int option_offset; + struct ebt_entry_watcher *w; + unsigned int used; + struct ebt_u_watcher *next; +}; + +struct ebt_u_target +{ + char name[EBT_FUNCTION_MAXNAMELEN]; + unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_target *t); + int (*parse)(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target); + void (*final_check)(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, + unsigned int hook); + void (*print)(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target); + int (*compare)(const struct ebt_entry_target *t1, + const struct ebt_entry_target *t2); + const struct option *extra_ops; + unsigned int option_offset; + unsigned int flags; + struct ebt_entry_target *t; + unsigned int used; + struct ebt_u_target *next; +}; + +void register_table(struct ebt_u_table *); +void register_match(struct ebt_u_match *); +void register_watcher(struct ebt_u_watcher *); +void register_target(struct ebt_u_target *t); +void get_table(struct ebt_u_replace *repl); +struct ebt_u_target *find_target(const char *name); +struct ebt_u_match *find_match(const char *name); +struct ebt_u_watcher *find_watcher(const char *name); +void deliver_counters(struct ebt_u_replace *repl, + unsigned short * counterchanges); +void deliver_table(struct ebt_u_replace *repl); +void get_dbinfo(struct brdb_dbinfo *nr); +void get_db(int len, struct brdb_dbentry *db); +void deliver_allowdb(__u16 *decision); +int getmac(char *from, char *to); +void check_option(unsigned int *flags, unsigned int mask); +int check_inverse(const char option[]); +#define print_bug(format, args...) \ + {printf("BUG: "format".\n", ##args); exit(-1);} +#define print_error(format, args...) {printf(format".\n", ##args); exit(-1);} +#define print_memory() {printf("Ebtables: " __FILE__ " " __FUNCTION__ \ + " %d :Out of memory.\n", __LINE__); exit(-1);} + + + +// used for keeping the rule counters right during rule adds or deletes +#define CNT_NORM 0 +#define CNT_DEL 1 +#define CNT_ADD 2 +#define CNT_END 3 +#define CNT_ZERO 4 + +#endif /* EBTABLES_U_H */ -- cgit v1.2.3