1c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifndef __LINUX_BRIDGE_NETFILTER_H 2c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define __LINUX_BRIDGE_NETFILTER_H 3c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 4c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* bridge-specific defines for netfilter. 5c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 6c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 7c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/netfilter.h> 8c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER) 9c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/if_ether.h> 10c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif 11c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 12c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Bridge Hooks */ 13c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* After promisc drops, checksum checks. */ 14c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_PRE_ROUTING 0 15c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* If the packet is destined for this box. */ 16c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_LOCAL_IN 1 17c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* If the packet is destined for another interface. */ 18c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_FORWARD 2 19c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Packets coming from a local process. */ 20c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_LOCAL_OUT 3 21c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Packets about to hit the wire. */ 22c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_POST_ROUTING 4 23c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Not really a hook, but used for the ebtables broute table */ 24c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_BROUTING 5 25c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define NF_BR_NUMHOOKS 6 26c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 27c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifdef __KERNEL__ 28c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 29c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruenum nf_br_hook_priorities { 30c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_FIRST = INT_MIN, 31c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_NAT_DST_BRIDGED = -300, 32c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_FILTER_BRIDGED = -200, 33c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_BRNF = 0, 34c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_NAT_DST_OTHER = 100, 35c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_FILTER_OTHER = 200, 36c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_NAT_SRC = 300, 37c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru NF_BR_PRI_LAST = INT_MAX, 38c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 39c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 40c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifdef CONFIG_BRIDGE_NETFILTER 41c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 42c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define BRNF_PKT_TYPE 0x01 43c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define BRNF_BRIDGED_DNAT 0x02 44c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define BRNF_DONT_TAKE_PARENT 0x04 45c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define BRNF_BRIDGED 0x08 46c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define BRNF_NF_BRIDGE_PREROUTING 0x10 47c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 48c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 49c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Only used in br_forward.c */ 50c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustatic inline 51c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruint nf_bridge_maybe_copy_header(struct sk_buff *skb) 52c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 53c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru int err; 54c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 55c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (skb->nf_bridge) { 56c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (skb->protocol == __constant_htons(ETH_P_8021Q)) { 57c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru err = skb_cow(skb, 18); 58c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (err) 59c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return err; 60c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru memcpy(skb->data - 18, skb->nf_bridge->data, 18); 61c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru skb_push(skb, 4); 62c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru } else { 63c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru err = skb_cow(skb, 16); 64c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (err) 65c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return err; 66c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru memcpy(skb->data - 16, skb->nf_bridge->data, 16); 67c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru } 68c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru } 69c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return 0; 70c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 71c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 72c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* This is called by the IP fragmenting code and it ensures there is 73c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * enough room for the encapsulating header (if there is one). */ 74c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustatic inline 75c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruint nf_bridge_pad(struct sk_buff *skb) 76c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 77c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (skb->protocol == __constant_htons(ETH_P_IP)) 78c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return 0; 79c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (skb->nf_bridge) { 80c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru if (skb->protocol == __constant_htons(ETH_P_8021Q)) 81c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return 4; 82c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru } 83c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru return 0; 84c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 85c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 86c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct bridge_skb_cb { 87c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru union { 88c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __u32 ipv4; 89c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru } daddr; 90c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 91c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 92c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern int brnf_deferred_hooks; 93c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /* CONFIG_BRIDGE_NETFILTER */ 94c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 95c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /* __KERNEL__ */ 96c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif 97