| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | #ifndef __LINUX_BRIDGE_NETFILTER_H |
| 2 | #define __LINUX_BRIDGE_NETFILTER_H |
| 3 | |
| 4 | /* bridge-specific defines for netfilter. |
| 5 | */ |
| 6 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 7 | #include <linux/netfilter.h> |
| 8 | #if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER) |
| 9 | #include <asm/atomic.h> |
| 10 | #include <linux/if_ether.h> |
| 11 | #endif |
| 12 | |
| 13 | /* Bridge Hooks */ |
| 14 | /* After promisc drops, checksum checks. */ |
| 15 | #define NF_BR_PRE_ROUTING 0 |
| 16 | /* If the packet is destined for this box. */ |
| 17 | #define NF_BR_LOCAL_IN 1 |
| 18 | /* If the packet is destined for another interface. */ |
| 19 | #define NF_BR_FORWARD 2 |
| 20 | /* Packets coming from a local process. */ |
| 21 | #define NF_BR_LOCAL_OUT 3 |
| 22 | /* Packets about to hit the wire. */ |
| 23 | #define NF_BR_POST_ROUTING 4 |
| 24 | /* Not really a hook, but used for the ebtables broute table */ |
| 25 | #define NF_BR_BROUTING 5 |
| 26 | #define NF_BR_NUMHOOKS 6 |
| 27 | |
| 28 | #ifdef __KERNEL__ |
| 29 | |
| 30 | enum nf_br_hook_priorities { |
| 31 | NF_BR_PRI_FIRST = INT_MIN, |
| 32 | NF_BR_PRI_NAT_DST_BRIDGED = -300, |
| 33 | NF_BR_PRI_FILTER_BRIDGED = -200, |
| 34 | NF_BR_PRI_BRNF = 0, |
| 35 | NF_BR_PRI_NAT_DST_OTHER = 100, |
| 36 | NF_BR_PRI_FILTER_OTHER = 200, |
| 37 | NF_BR_PRI_NAT_SRC = 300, |
| 38 | NF_BR_PRI_LAST = INT_MAX, |
| 39 | }; |
| 40 | |
| 41 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 42 | |
| 43 | #define BRNF_PKT_TYPE 0x01 |
| 44 | #define BRNF_BRIDGED_DNAT 0x02 |
| 45 | #define BRNF_DONT_TAKE_PARENT 0x04 |
| 46 | #define BRNF_BRIDGED 0x08 |
| 47 | #define BRNF_NF_BRIDGE_PREROUTING 0x10 |
| 48 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 49 | |
| 50 | /* Only used in br_forward.c */ |
| 51 | static inline |
| 52 | void nf_bridge_maybe_copy_header(struct sk_buff *skb) |
| 53 | { |
| 54 | if (skb->nf_bridge) { |
| 55 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { |
| 56 | memcpy(skb->data - 18, skb->nf_bridge->data, 18); |
| 57 | skb_push(skb, 4); |
| 58 | } else |
| 59 | memcpy(skb->data - 16, skb->nf_bridge->data, 16); |
| 60 | } |
| 61 | } |
| 62 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | /* This is called by the IP fragmenting code and it ensures there is |
| 64 | * enough room for the encapsulating header (if there is one). */ |
| 65 | static inline |
| 66 | int nf_bridge_pad(struct sk_buff *skb) |
| 67 | { |
| 68 | if (skb->protocol == __constant_htons(ETH_P_IP)) |
| 69 | return 0; |
| 70 | if (skb->nf_bridge) { |
| 71 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) |
| 72 | return 4; |
| 73 | } |
| 74 | return 0; |
| 75 | } |
| 76 | |
| 77 | struct bridge_skb_cb { |
| 78 | union { |
| 79 | __u32 ipv4; |
| 80 | } daddr; |
| 81 | }; |
| Patrick McHardy | 10ea6ac | 2006-07-24 22:54:55 -0700 | [diff] [blame^] | 82 | |
| 83 | extern int brnf_deferred_hooks; |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 84 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
| 85 | |
| 86 | #endif /* __KERNEL__ */ |
| 87 | #endif |