Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | #ifndef __LINUX_BRIDGE_NETFILTER_H |
| 2 | #define __LINUX_BRIDGE_NETFILTER_H |
| 3 | |
| 4 | /* bridge-specific defines for netfilter. |
| 5 | */ |
| 6 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 7 | #include <linux/netfilter.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 8 | #include <linux/if_ether.h> |
Stephen Hemminger | 9bcfcaf | 2006-08-29 17:48:57 -0700 | [diff] [blame^] | 9 | #include <linux/if_vlan.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 10 | |
| 11 | /* Bridge Hooks */ |
| 12 | /* After promisc drops, checksum checks. */ |
| 13 | #define NF_BR_PRE_ROUTING 0 |
| 14 | /* If the packet is destined for this box. */ |
| 15 | #define NF_BR_LOCAL_IN 1 |
| 16 | /* If the packet is destined for another interface. */ |
| 17 | #define NF_BR_FORWARD 2 |
| 18 | /* Packets coming from a local process. */ |
| 19 | #define NF_BR_LOCAL_OUT 3 |
| 20 | /* Packets about to hit the wire. */ |
| 21 | #define NF_BR_POST_ROUTING 4 |
| 22 | /* Not really a hook, but used for the ebtables broute table */ |
| 23 | #define NF_BR_BROUTING 5 |
| 24 | #define NF_BR_NUMHOOKS 6 |
| 25 | |
| 26 | #ifdef __KERNEL__ |
| 27 | |
| 28 | enum nf_br_hook_priorities { |
| 29 | NF_BR_PRI_FIRST = INT_MIN, |
| 30 | NF_BR_PRI_NAT_DST_BRIDGED = -300, |
| 31 | NF_BR_PRI_FILTER_BRIDGED = -200, |
| 32 | NF_BR_PRI_BRNF = 0, |
| 33 | NF_BR_PRI_NAT_DST_OTHER = 100, |
| 34 | NF_BR_PRI_FILTER_OTHER = 200, |
| 35 | NF_BR_PRI_NAT_SRC = 300, |
| 36 | NF_BR_PRI_LAST = INT_MAX, |
| 37 | }; |
| 38 | |
| 39 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 40 | |
| 41 | #define BRNF_PKT_TYPE 0x01 |
| 42 | #define BRNF_BRIDGED_DNAT 0x02 |
| 43 | #define BRNF_DONT_TAKE_PARENT 0x04 |
| 44 | #define BRNF_BRIDGED 0x08 |
| 45 | #define BRNF_NF_BRIDGE_PREROUTING 0x10 |
| 46 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 47 | |
| 48 | /* Only used in br_forward.c */ |
Stephen Hemminger | 07317621 | 2006-08-29 17:48:17 -0700 | [diff] [blame] | 49 | extern int nf_bridge_copy_header(struct sk_buff *skb); |
| 50 | static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 51 | { |
Stephen Hemminger | 07317621 | 2006-08-29 17:48:17 -0700 | [diff] [blame] | 52 | if (skb->nf_bridge) |
| 53 | return nf_bridge_copy_header(skb); |
| 54 | return 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 55 | } |
| 56 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 57 | /* This is called by the IP fragmenting code and it ensures there is |
| 58 | * enough room for the encapsulating header (if there is one). */ |
Stephen Hemminger | 9bcfcaf | 2006-08-29 17:48:57 -0700 | [diff] [blame^] | 59 | static inline int nf_bridge_pad(const struct sk_buff *skb) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 60 | { |
Stephen Hemminger | 9bcfcaf | 2006-08-29 17:48:57 -0700 | [diff] [blame^] | 61 | return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q)) |
| 62 | ? VLAN_HLEN : 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | } |
| 64 | |
| 65 | struct bridge_skb_cb { |
| 66 | union { |
| 67 | __u32 ipv4; |
| 68 | } daddr; |
| 69 | }; |
Patrick McHardy | 10ea6ac | 2006-07-24 22:54:55 -0700 | [diff] [blame] | 70 | |
| 71 | extern int brnf_deferred_hooks; |
Stephen Hemminger | 07317621 | 2006-08-29 17:48:17 -0700 | [diff] [blame] | 72 | #else |
| 73 | #define nf_bridge_maybe_copy_header(skb) (0) |
Stephen Hemminger | 9bcfcaf | 2006-08-29 17:48:57 -0700 | [diff] [blame^] | 74 | #define nf_bridge_pad(skb) (0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 75 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
| 76 | |
| 77 | #endif /* __KERNEL__ */ |
| 78 | #endif |