linux/include/linux/netfilter_bridge.h
<<
>>
Prefs
   1#ifndef __LINUX_BRIDGE_NETFILTER_H
   2#define __LINUX_BRIDGE_NETFILTER_H
   3
   4/* bridge-specific defines for netfilter. 
   5 */
   6
   7#include <linux/netfilter.h>
   8#include <linux/if_ether.h>
   9#include <linux/if_vlan.h>
  10#include <linux/if_pppox.h>
  11
  12/* Bridge Hooks */
  13/* After promisc drops, checksum checks. */
  14#define NF_BR_PRE_ROUTING       0
  15/* If the packet is destined for this box. */
  16#define NF_BR_LOCAL_IN          1
  17/* If the packet is destined for another interface. */
  18#define NF_BR_FORWARD           2
  19/* Packets coming from a local process. */
  20#define NF_BR_LOCAL_OUT         3
  21/* Packets about to hit the wire. */
  22#define NF_BR_POST_ROUTING      4
  23/* Not really a hook, but used for the ebtables broute table */
  24#define NF_BR_BROUTING          5
  25#define NF_BR_NUMHOOKS          6
  26
  27#ifdef __KERNEL__
  28
  29enum nf_br_hook_priorities {
  30        NF_BR_PRI_FIRST = INT_MIN,
  31        NF_BR_PRI_NAT_DST_BRIDGED = -300,
  32        NF_BR_PRI_FILTER_BRIDGED = -200,
  33        NF_BR_PRI_BRNF = 0,
  34        NF_BR_PRI_NAT_DST_OTHER = 100,
  35        NF_BR_PRI_FILTER_OTHER = 200,
  36        NF_BR_PRI_NAT_SRC = 300,
  37        NF_BR_PRI_LAST = INT_MAX,
  38};
  39
  40#ifdef CONFIG_BRIDGE_NETFILTER
  41
  42#define BRNF_PKT_TYPE                   0x01
  43#define BRNF_BRIDGED_DNAT               0x02
  44#define BRNF_BRIDGED                    0x04
  45#define BRNF_NF_BRIDGE_PREROUTING       0x08
  46#define BRNF_8021Q                      0x10
  47#define BRNF_PPPoE                      0x20
  48
  49/* Only used in br_forward.c */
  50extern int nf_bridge_copy_header(struct sk_buff *skb);
  51static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
  52{
  53        if (skb->nf_bridge &&
  54            skb->nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT))
  55                return nf_bridge_copy_header(skb);
  56        return 0;
  57}
  58
  59static inline unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb)
  60{
  61        switch (skb->protocol) {
  62        case __cpu_to_be16(ETH_P_8021Q):
  63                return VLAN_HLEN;
  64        case __cpu_to_be16(ETH_P_PPP_SES):
  65                return PPPOE_SES_HLEN;
  66        default:
  67                return 0;
  68        }
  69}
  70
  71static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
  72{
  73        if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE))
  74                return PPPOE_SES_HLEN;
  75        return 0;
  76}
  77
  78extern int br_handle_frame_finish(struct sk_buff *skb);
  79/* Only used in br_device.c */
  80static inline int br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)
  81{
  82        struct nf_bridge_info *nf_bridge = skb->nf_bridge;
  83
  84        skb_pull(skb, ETH_HLEN);
  85        nf_bridge->mask ^= BRNF_BRIDGED_DNAT;
  86        skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN),
  87                                       skb->nf_bridge->data, ETH_HLEN-ETH_ALEN);
  88        skb->dev = nf_bridge->physindev;
  89        return br_handle_frame_finish(skb);
  90}
  91
  92/* This is called by the IP fragmenting code and it ensures there is
  93 * enough room for the encapsulating header (if there is one). */
  94static inline unsigned int nf_bridge_pad(const struct sk_buff *skb)
  95{
  96        if (skb->nf_bridge)
  97                return nf_bridge_encap_header_len(skb);
  98        return 0;
  99}
 100
 101struct bridge_skb_cb {
 102        union {
 103                __be32 ipv4;
 104        } daddr;
 105};
 106
 107static inline void br_drop_fake_rtable(struct sk_buff *skb)
 108{
 109        struct dst_entry *dst = skb_dst(skb);
 110
 111        if (dst && (dst->flags & DST_FAKE_RTABLE))
 112                skb_dst_drop(skb);
 113}
 114
 115#else
 116#define nf_bridge_maybe_copy_header(skb)        (0)
 117#define nf_bridge_pad(skb)                      (0)
 118#define br_drop_fake_rtable(skb)                do { } while (0)
 119#endif /* CONFIG_BRIDGE_NETFILTER */
 120
 121#endif /* __KERNEL__ */
 122#endif
 123
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.