Home | History | Annotate | Download | only in linux 
      1 #ifndef __LINUX_BRIDGE_NETFILTER_H
      2 #define __LINUX_BRIDGE_NETFILTER_H
      3 
      4 /* bridge-specific defines for netfilter.
      5  */
      6 
      7 #include <linux/netfilter.h>
      8 #if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
      9 #include <linux/if_ether.h>
     10 #endif
     11 
     12 /* Bridge Hooks */
     13 /* After promisc drops, checksum checks. */
     14 #define NF_BR_PRE_ROUTING	0
     15 /* If the packet is destined for this box. */
     16 #define NF_BR_LOCAL_IN		1
     17 /* If the packet is destined for another interface. */
     18 #define NF_BR_FORWARD		2
     19 /* Packets coming from a local process. */
     20 #define NF_BR_LOCAL_OUT		3
     21 /* Packets about to hit the wire. */
     22 #define NF_BR_POST_ROUTING	4
     23 /* Not really a hook, but used for the ebtables broute table */
     24 #define NF_BR_BROUTING		5
     25 #define NF_BR_NUMHOOKS		6
     26 
     27 #ifdef __KERNEL__
     28 
     29 enum nf_br_hook_priorities {
     30 	NF_BR_PRI_FIRST = INT_MIN,
     31 	NF_BR_PRI_NAT_DST_BRIDGED = -300,
     32 	NF_BR_PRI_FILTER_BRIDGED = -200,
     33 	NF_BR_PRI_BRNF = 0,
     34 	NF_BR_PRI_NAT_DST_OTHER = 100,
     35 	NF_BR_PRI_FILTER_OTHER = 200,
     36 	NF_BR_PRI_NAT_SRC = 300,
     37 	NF_BR_PRI_LAST = INT_MAX,
     38 };
     39 
     40 #ifdef CONFIG_BRIDGE_NETFILTER
     41 
     42 #define BRNF_PKT_TYPE			0x01
     43 #define BRNF_BRIDGED_DNAT		0x02
     44 #define BRNF_DONT_TAKE_PARENT		0x04
     45 #define BRNF_BRIDGED			0x08
     46 #define BRNF_NF_BRIDGE_PREROUTING	0x10
     47 
     48 
     49 /* Only used in br_forward.c */
     50 static inline
     51 int nf_bridge_maybe_copy_header(struct sk_buff *skb)
     52 {
     53 	int err;
     54 
     55 	if (skb->nf_bridge) {
     56 		if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
     57 			err = skb_cow(skb, 18);
     58 			if (err)
     59 				return err;
     60 			memcpy(skb->data - 18, skb->nf_bridge->data, 18);
     61 			skb_push(skb, 4);
     62 		} else {
     63 			err = skb_cow(skb, 16);
     64 			if (err)
     65 				return err;
     66 			memcpy(skb->data - 16, skb->nf_bridge->data, 16);
     67 		}
     68 	}
     69 	return 0;
     70 }
     71 
     72 /* This is called by the IP fragmenting code and it ensures there is
     73  * enough room for the encapsulating header (if there is one). */
     74 static inline
     75 int nf_bridge_pad(struct sk_buff *skb)
     76 {
     77 	if (skb->protocol == __constant_htons(ETH_P_IP))
     78 		return 0;
     79 	if (skb->nf_bridge) {
     80 		if (skb->protocol == __constant_htons(ETH_P_8021Q))
     81 			return 4;
     82 	}
     83 	return 0;
     84 }
     85 
     86 struct bridge_skb_cb {
     87 	union {
     88 		__u32 ipv4;
     89 	} daddr;
     90 };
     91 
     92 extern int brnf_deferred_hooks;
     93 #endif /* CONFIG_BRIDGE_NETFILTER */
     94 
     95 #endif /* __KERNEL__ */
     96 #endif
     97