release/src-rt-6.x.4708/toolchains/hndtools-arm-linux-2.6.36-uclibc-4.5.3/arm-brcm-linux-uclibcgnueabi/sysroot/usr/include/linux/netfilter_arp/arp_tables.h

   1 /*
   2  *      Format of an ARP firewall descriptor
   3  *
   4  *      src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in
   5  *      network byte order.
   6  *      flags are stored in host byte order (of course).
   7  */
   8
   9 #ifndef _ARPTABLES_H
  10 #define _ARPTABLES_H
  11
  12 #include <linux/types.h>
  13
  14 #include <linux/netfilter_arp.h>
  15
  16 #include <linux/netfilter/x_tables.h>
  17
  18 #define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
  19 #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
  20
  21 #define ARPT_DEV_ADDR_LEN_MAX 16
  22
  23 struct arpt_devaddr_info {
  24         char addr[ARPT_DEV_ADDR_LEN_MAX];
  25         char mask[ARPT_DEV_ADDR_LEN_MAX];
  26 };
  27
  28 /* Yes, Virginia, you have to zero the padding. */
  29 struct arpt_arp {
  30         /* Source and target IP addr */
  31         struct in_addr src, tgt;
  32         /* Mask for src and target IP addr */
  33         struct in_addr smsk, tmsk;
  34
  35         /* Device hw address length, src+target device addresses */
  36         u_int8_t arhln, arhln_mask;
  37         struct arpt_devaddr_info src_devaddr;
  38         struct arpt_devaddr_info tgt_devaddr;
  39
  40         /* ARP operation code. */
  41         __be16 arpop, arpop_mask;
  42
  43         /* ARP hardware address and protocol address format. */
  44         __be16 arhrd, arhrd_mask;
  45         __be16 arpro, arpro_mask;
  46
  47         /* The protocol address length is only accepted if it is 4
  48          * so there is no use in offering a way to do filtering on it.
  49          */
  50
  51         char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
  52         unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
  53
  54         /* Flags word */
  55         u_int8_t flags;
  56         /* Inverse flags */
  57         u_int16_t invflags;
  58 };
  59
  60 #define arpt_entry_target xt_entry_target
  61 #define arpt_standard_target xt_standard_target
  62
  63 /* Values for "flag" field in struct arpt_ip (general arp structure).
  64  * No flags defined yet.
  65  */
  66 #define ARPT_F_MASK             0x00    /* All possible flag bits mask. */
  67
  68 /* Values for "inv" field in struct arpt_arp. */
  69 #define ARPT_INV_VIA_IN         0x0001  /* Invert the sense of IN IFACE. */
  70 #define ARPT_INV_VIA_OUT        0x0002  /* Invert the sense of OUT IFACE */
  71 #define ARPT_INV_SRCIP          0x0004  /* Invert the sense of SRC IP. */
  72 #define ARPT_INV_TGTIP          0x0008  /* Invert the sense of TGT IP. */
  73 #define ARPT_INV_SRCDEVADDR     0x0010  /* Invert the sense of SRC DEV ADDR. */
  74 #define ARPT_INV_TGTDEVADDR     0x0020  /* Invert the sense of TGT DEV ADDR. */
  75 #define ARPT_INV_ARPOP          0x0040  /* Invert the sense of ARP OP. */
  76 #define ARPT_INV_ARPHRD         0x0080  /* Invert the sense of ARP HRD. */
  77 #define ARPT_INV_ARPPRO         0x0100  /* Invert the sense of ARP PRO. */
  78 #define ARPT_INV_ARPHLN         0x0200  /* Invert the sense of ARP HLN. */
  79 #define ARPT_INV_MASK           0x03FF  /* All possible flag bits mask. */
  80
  81 /* This structure defines each of the firewall rules.  Consists of 3
  82    parts which are 1) general ARP header stuff 2) match specific
  83    stuff 3) the target to perform if the rule matches */
  84 struct arpt_entry
  85 {
  86         struct arpt_arp arp;
  87
  88         /* Size of arpt_entry + matches */
  89         u_int16_t target_offset;
  90         /* Size of arpt_entry + matches + target */
  91         u_int16_t next_offset;
  92
  93         /* Back pointer */
  94         unsigned int comefrom;
  95
  96         /* Packet and byte counters. */
  97         struct xt_counters counters;
  98
  99         /* The matches (if any), then the target. */
 100         unsigned char elems[0];
 101 };
 102
 103 /*
 104  * New IP firewall options for [gs]etsockopt at the RAW IP level.
 105  * Unlike BSD Linux inherits IP options so you don't have to use a raw
 106  * socket for this. Instead we check rights in the calls.
 107  *
 108  * ATTENTION: check linux/in.h before adding new number here.
 109  */
 110 #define ARPT_BASE_CTL           96
 111
 112 #define ARPT_SO_SET_REPLACE             (ARPT_BASE_CTL)
 113 #define ARPT_SO_SET_ADD_COUNTERS        (ARPT_BASE_CTL + 1)
 114 #define ARPT_SO_SET_MAX                 ARPT_SO_SET_ADD_COUNTERS
 115
 116 #define ARPT_SO_GET_INFO                (ARPT_BASE_CTL)
 117 #define ARPT_SO_GET_ENTRIES             (ARPT_BASE_CTL + 1)
 118 /* #define ARPT_SO_GET_REVISION_MATCH   (APRT_BASE_CTL + 2) */
 119 #define ARPT_SO_GET_REVISION_TARGET     (ARPT_BASE_CTL + 3)
 120 #define ARPT_SO_GET_MAX                 (ARPT_SO_GET_REVISION_TARGET)
 121
 122 /* CONTINUE verdict for targets */
 123 #define ARPT_CONTINUE XT_CONTINUE
 124
 125 /* For standard target */
 126 #define ARPT_RETURN XT_RETURN
 127
 128 /* The argument to ARPT_SO_GET_INFO */
 129 struct arpt_getinfo {
 130         /* Which table: caller fills this in. */
 131         char name[ARPT_TABLE_MAXNAMELEN];
 132
 133         /* Kernel fills these in. */
 134         /* Which hook entry points are valid: bitmask */
 135         unsigned int valid_hooks;
 136
 137         /* Hook entry points: one per netfilter hook. */
 138         unsigned int hook_entry[NF_ARP_NUMHOOKS];
 139
 140         /* Underflow points. */
 141         unsigned int underflow[NF_ARP_NUMHOOKS];
 142
 143         /* Number of entries */
 144         unsigned int num_entries;
 145
 146         /* Size of entries. */
 147         unsigned int size;
 148 };
 149
 150 /* The argument to ARPT_SO_SET_REPLACE. */
 151 struct arpt_replace {
 152         /* Which table. */
 153         char name[ARPT_TABLE_MAXNAMELEN];
 154
 155         /* Which hook entry points are valid: bitmask.  You can't
 156            change this. */
 157         unsigned int valid_hooks;
 158
 159         /* Number of entries */
 160         unsigned int num_entries;
 161
 162         /* Total size of new entries */
 163         unsigned int size;
 164
 165         /* Hook entry points. */
 166         unsigned int hook_entry[NF_ARP_NUMHOOKS];
 167
 168         /* Underflow points. */
 169         unsigned int underflow[NF_ARP_NUMHOOKS];
 170
 171         /* Information about old entries: */
 172         /* Number of counters (must be equal to current number of entries). */
 173         unsigned int num_counters;
 174         /* The old entries' counters. */
 175         struct xt_counters *counters;
 176
 177         /* The entries (hang off end: not really an array). */
 178         struct arpt_entry entries[0];
 179 };
 180
 181 /* The argument to ARPT_SO_ADD_COUNTERS. */
 182 #define arpt_counters_info xt_counters_info
 183 #define arpt_counters xt_counters
 184
 185 /* The argument to ARPT_SO_GET_ENTRIES. */
 186 struct arpt_get_entries {
 187         /* Which table: user fills this in. */
 188         char name[ARPT_TABLE_MAXNAMELEN];
 189
 190         /* User fills this in: total entry size. */
 191         unsigned int size;
 192
 193         /* The entries. */
 194         struct arpt_entry entrytable[0];
 195 };
 196
 197 /* Standard return verdict, or do jump. */
 198 #define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
 199 /* Error verdict. */
 200 #define ARPT_ERROR_TARGET XT_ERROR_TARGET
 201
 202 /* Helper functions */
 203 static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e)
 204 {
 205         return (void *)e + e->target_offset;
 206 }
 207
 208 /* fn returns 0 to continue iteration */
 209 #define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
 210         XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
 211
 212 /*
 213  *      Main firewall chains definitions and global var's definitions.
 214  */
 215 #endif /* _ARPTABLES_H */