ebtables.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
ebtables.h (4358B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2/*
      3 *  ebtables
      4 *
      5 *	Authors:
      6 *	Bart De Schuymer		<bdschuym@pandora.be>
      7 *
      8 *  ebtables.c,v 2.0, April, 2002
      9 *
     10 *  This code is strongly inspired by the iptables code which is
     11 *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
     12 */
     13#ifndef __LINUX_BRIDGE_EFF_H
     14#define __LINUX_BRIDGE_EFF_H
     15
     16#include <linux/if.h>
     17#include <linux/if_ether.h>
     18#include <uapi/linux/netfilter_bridge/ebtables.h>
     19
     20struct ebt_match {
     21	struct list_head list;
     22	const char name[EBT_FUNCTION_MAXNAMELEN];
     23	bool (*match)(const struct sk_buff *skb, const struct net_device *in,
     24		const struct net_device *out, const struct xt_match *match,
     25		const void *matchinfo, int offset, unsigned int protoff,
     26		bool *hotdrop);
     27	bool (*checkentry)(const char *table, const void *entry,
     28		const struct xt_match *match, void *matchinfo,
     29		unsigned int hook_mask);
     30	void (*destroy)(const struct xt_match *match, void *matchinfo);
     31	unsigned int matchsize;
     32	u_int8_t revision;
     33	u_int8_t family;
     34	struct module *me;
     35};
     36
     37struct ebt_watcher {
     38	struct list_head list;
     39	const char name[EBT_FUNCTION_MAXNAMELEN];
     40	unsigned int (*target)(struct sk_buff *skb,
     41		const struct net_device *in, const struct net_device *out,
     42		unsigned int hook_num, const struct xt_target *target,
     43		const void *targinfo);
     44	bool (*checkentry)(const char *table, const void *entry,
     45		const struct xt_target *target, void *targinfo,
     46		unsigned int hook_mask);
     47	void (*destroy)(const struct xt_target *target, void *targinfo);
     48	unsigned int targetsize;
     49	u_int8_t revision;
     50	u_int8_t family;
     51	struct module *me;
     52};
     53
     54struct ebt_target {
     55	struct list_head list;
     56	const char name[EBT_FUNCTION_MAXNAMELEN];
     57	/* returns one of the standard EBT_* verdicts */
     58	unsigned int (*target)(struct sk_buff *skb,
     59		const struct net_device *in, const struct net_device *out,
     60		unsigned int hook_num, const struct xt_target *target,
     61		const void *targinfo);
     62	bool (*checkentry)(const char *table, const void *entry,
     63		const struct xt_target *target, void *targinfo,
     64		unsigned int hook_mask);
     65	void (*destroy)(const struct xt_target *target, void *targinfo);
     66	unsigned int targetsize;
     67	u_int8_t revision;
     68	u_int8_t family;
     69	struct module *me;
     70};
     71
     72/* used for jumping from and into user defined chains (udc) */
     73struct ebt_chainstack {
     74	struct ebt_entries *chaininfo; /* pointer to chain data */
     75	struct ebt_entry *e; /* pointer to entry data */
     76	unsigned int n; /* n'th entry */
     77};
     78
     79struct ebt_table_info {
     80	/* total size of the entries */
     81	unsigned int entries_size;
     82	unsigned int nentries;
     83	/* pointers to the start of the chains */
     84	struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
     85	/* room to maintain the stack used for jumping from and into udc */
     86	struct ebt_chainstack **chainstack;
     87	char *entries;
     88	struct ebt_counter counters[] ____cacheline_aligned;
     89};
     90
     91struct ebt_table {
     92	struct list_head list;
     93	char name[EBT_TABLE_MAXNAMELEN];
     94	struct ebt_replace_kernel *table;
     95	unsigned int valid_hooks;
     96	rwlock_t lock;
     97	/* e.g. could be the table explicitly only allows certain
     98	 * matches, targets, ... 0 == let it in */
     99	int (*check)(const struct ebt_table_info *info,
    100	   unsigned int valid_hooks);
    101	/* the data used by the kernel */
    102	struct ebt_table_info *private;
    103	struct nf_hook_ops *ops;
    104	struct module *me;
    105};
    106
    107#define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \
    108		     ~(__alignof__(struct _xt_align)-1))
    109
    110extern int ebt_register_table(struct net *net,
    111			      const struct ebt_table *table,
    112			      const struct nf_hook_ops *ops);
    113extern void ebt_unregister_table(struct net *net, const char *tablename);
    114void ebt_unregister_table_pre_exit(struct net *net, const char *tablename);
    115extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb,
    116				 const struct nf_hook_state *state);
    117
    118/* True if the hook mask denotes that the rule is in a base chain,
    119 * used in the check() functions */
    120#define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))
    121/* Clear the bit in the hook mask that tells if the rule is on a base chain */
    122#define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS))
    123
    124static inline bool ebt_invalid_target(int target)
    125{
    126	return (target < -NUM_STANDARD_TARGETS || target >= 0);
    127}
    128
    129int ebt_register_template(const struct ebt_table *t, int(*table_init)(struct net *net));
    130void ebt_unregister_template(const struct ebt_table *t);
    131#endif