1c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* 2c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * Format of an ARP firewall descriptor 3c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * 4c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in 5c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * network byte order. 6c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * flags are stored in host byte order (of course). 7c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 8c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 9c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifndef _ARPTABLES_H 10c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define _ARPTABLES_H 11c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 12c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifdef __KERNEL__ 13c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/if.h> 14c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/types.h> 15c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/in.h> 16c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/if_arp.h> 17c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/skbuff.h> 18c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif 19c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/compiler.h> 20c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/netfilter_arp.h> 21c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 22c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/netfilter/x_tables.h> 23c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 24c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 25c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 26c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_target xt_target 27c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_table xt_table 28c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 29c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_DEV_ADDR_LEN_MAX 16 30c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 31c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct arpt_devaddr_info { 32c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru char addr[ARPT_DEV_ADDR_LEN_MAX]; 33c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru char mask[ARPT_DEV_ADDR_LEN_MAX]; 34c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 35c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 36c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Yes, Virginia, you have to zero the padding. */ 37c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct arpt_arp { 38c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Source and target IP addr */ 39c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct in_addr src, tgt; 40c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Mask for src and target IP addr */ 41c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct in_addr smsk, tmsk; 42c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 43c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Device hw address length, src+target device addresses */ 44c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int8_t arhln, arhln_mask; 45c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_devaddr_info src_devaddr; 46c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_devaddr_info tgt_devaddr; 47c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 48c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* ARP operation code. */ 49c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t arpop, arpop_mask; 50c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 51c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* ARP hardware address and protocol address format. */ 52c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t arhrd, arhrd_mask; 53c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t arpro, arpro_mask; 54c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 55c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* The protocol address length is only accepted if it is 4 56c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * so there is no use in offering a way to do filtering on it. 57c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 58c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 59c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 60c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 61c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 62c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Flags word */ 63c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int8_t flags; 64c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Inverse flags */ 65c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t invflags; 66c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 67c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 68c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_entry_target xt_entry_target 69c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_standard_target xt_standard_target 70c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 71c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Values for "flag" field in struct arpt_ip (general arp structure). 72c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * No flags defined yet. 73c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 74c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */ 75c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 76c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Values for "inv" field in struct arpt_arp. */ 77c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */ 78c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */ 79c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */ 80c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */ 81c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */ 82c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */ 83c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */ 84c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */ 85c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */ 86c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */ 87c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */ 88c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 89c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* This structure defines each of the firewall rules. Consists of 3 90c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru parts which are 1) general ARP header stuff 2) match specific 91c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru stuff 3) the target to perform if the rule matches */ 92c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct arpt_entry 93c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 94c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_arp arp; 95c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 96c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Size of arpt_entry + matches */ 97c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t target_offset; 98c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Size of arpt_entry + matches + target */ 99c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t next_offset; 100c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 101c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Back pointer */ 102c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int comefrom; 103c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 104c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Packet and byte counters. */ 105c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct xt_counters counters; 106c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 107c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* The matches (if any), then the target. */ 108c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned char elems[0]; 109c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 110c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 111c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* 112c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * New IP firewall options for [gs]etsockopt at the RAW IP level. 113c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * Unlike BSD Linux inherits IP options so you don't have to use a raw 114c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * socket for this. Instead we check rights in the calls. 115c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 116c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_CTL_OFFSET 32 117c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET) 118c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 119c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET) 120c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET) 121c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET) 122c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 123c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET) 124c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET) 125c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */ 126c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) 127c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) 128c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 129c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* CONTINUE verdict for targets */ 130c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_CONTINUE XT_CONTINUE 131c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 132c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* For standard target */ 133c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_RETURN XT_RETURN 134c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 135c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* The argument to ARPT_SO_GET_INFO */ 136c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct arpt_getinfo 137c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 138c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Which table: caller fills this in. */ 139c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru char name[ARPT_TABLE_MAXNAMELEN]; 140c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 141c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Kernel fills these in. */ 142c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Which hook entry points are valid: bitmask */ 143c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int valid_hooks; 144c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 145c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Hook entry points: one per netfilter hook. */ 146c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int hook_entry[NF_ARP_NUMHOOKS]; 147c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 148c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Underflow points. */ 149c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int underflow[NF_ARP_NUMHOOKS]; 150c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 151c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Number of entries */ 152c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int num_entries; 153c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 154c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Size of entries. */ 155c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int size; 156c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 157c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 158c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* The argument to ARPT_SO_SET_REPLACE. */ 159c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct arpt_replace 160c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 161c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Which table. */ 162c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru char name[ARPT_TABLE_MAXNAMELEN]; 163c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 164c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Which hook entry points are valid: bitmask. You can't 165c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru change this. */ 166c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int valid_hooks; 167c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 168c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Number of entries */ 169c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int num_entries; 170c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 171c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Total size of new entries */ 172c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int size; 173c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 174c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Hook entry points. */ 175c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int hook_entry[NF_ARP_NUMHOOKS]; 176c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 177c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Underflow points. */ 178c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int underflow[NF_ARP_NUMHOOKS]; 179c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 180c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Information about old entries: */ 181c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Number of counters (must be equal to current number of entries). */ 182c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int num_counters; 183c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* The old entries' counters. */ 184c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct xt_counters __user *counters; 185c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 186c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* The entries (hang off end: not really an array). */ 187c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_entry entries[0]; 188c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 189c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 190c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* The argument to ARPT_SO_ADD_COUNTERS. */ 191c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_counters_info xt_counters_info 192c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 193c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* The argument to ARPT_SO_GET_ENTRIES. */ 194c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct arpt_get_entries 195c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 196c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Which table: user fills this in. */ 197c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru char name[ARPT_TABLE_MAXNAMELEN]; 198c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 199c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* User fills this in: total entry size. */ 200c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int size; 201c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 202c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* The entries. */ 203c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_entry entrytable[0]; 204c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 205c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 206c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Standard return verdict, or do jump. */ 207c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET 208c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Error verdict. */ 209c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_ERROR_TARGET XT_ERROR_TARGET 210c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 211c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Helper functions */ 212c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustatic __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) 213c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 214c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return (void *)e + e->target_offset; 215c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 216c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 217c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* fn returns 0 to continue iteration */ 218c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ 219c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru({ \ 220c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int __i; \ 221c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru int __ret = 0; \ 222c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_entry *__entry; \ 223c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru \ 224c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru for (__i = 0; __i < (size); __i += __entry->next_offset) { \ 225c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __entry = (void *)(entries) + __i; \ 226c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru \ 227c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __ret = fn(__entry , ## args); \ 228c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (__ret != 0) \ 229c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru break; \ 230c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru } \ 231c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __ret; \ 232c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}) 233c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 234c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* 235c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * Main firewall chains definitions and global var's definitions. 236c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 237c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifdef __KERNEL__ 238c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 239c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_register_target(tgt) \ 240c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru({ (tgt)->family = NF_ARP; \ 241c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru xt_register_target(tgt); }) 242c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define arpt_unregister_target(tgt) xt_unregister_target(tgt) 243c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 244c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern int arpt_register_table(struct arpt_table *table, 245c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru const struct arpt_replace *repl); 246c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern void arpt_unregister_table(struct arpt_table *table); 247c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern unsigned int arpt_do_table(struct sk_buff **pskb, 248c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int hook, 249c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru const struct net_device *in, 250c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru const struct net_device *out, 251c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct arpt_table *table, 252c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru void *userdata); 253c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 254c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) 255c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /*__KERNEL__*/ 256c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /* _ARPTABLES_H */ 257