diff options
Diffstat (limited to 'include/linux/netfilter_bridge')
-rw-r--r-- | include/linux/netfilter_bridge/ebt_802_3.h | 10 | ||||
-rw-r--r-- | include/linux/netfilter_bridge/ebt_among.h | 2 | ||||
-rw-r--r-- | include/linux/netfilter_bridge/ebt_arp.h | 14 | ||||
-rw-r--r-- | include/linux/netfilter_bridge/ebt_ip.h | 8 | ||||
-rw-r--r-- | include/linux/netfilter_bridge/ebt_nat.h | 1 | ||||
-rw-r--r-- | include/linux/netfilter_bridge/ebt_vlan.h | 2 | ||||
-rw-r--r-- | include/linux/netfilter_bridge/ebtables.h | 25 |
7 files changed, 42 insertions, 20 deletions
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h index b9f712c14a0..07f044ff1a6 100644 --- a/include/linux/netfilter_bridge/ebt_802_3.h +++ b/include/linux/netfilter_bridge/ebt_802_3.h @@ -28,21 +28,21 @@ struct hdr_ui { uint8_t ssap; uint8_t ctrl; uint8_t orig[3]; - uint16_t type; + __be16 type; }; struct hdr_ni { uint8_t dsap; uint8_t ssap; - uint16_t ctrl; + __be16 ctrl; uint8_t orig[3]; - uint16_t type; + __be16 type; }; struct ebt_802_3_hdr { uint8_t daddr[6]; uint8_t saddr[6]; - uint16_t len; + __be16 len; union { struct hdr_ui ui; struct hdr_ni ni; @@ -61,7 +61,7 @@ static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb) struct ebt_802_3_info { uint8_t sap; - uint16_t type; + __be16 type; uint8_t bitmask; uint8_t invflags; }; diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h index 307c1fed851..7654069233c 100644 --- a/include/linux/netfilter_bridge/ebt_among.h +++ b/include/linux/netfilter_bridge/ebt_among.h @@ -32,7 +32,7 @@ struct ebt_mac_wormhash_tuple { uint32_t cmp[2]; - uint32_t ip; + __be32 ip; }; struct ebt_mac_wormhash diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h index 537ec6b487a..97e4dbde1f8 100644 --- a/include/linux/netfilter_bridge/ebt_arp.h +++ b/include/linux/netfilter_bridge/ebt_arp.h @@ -14,13 +14,13 @@ struct ebt_arp_info { - uint16_t htype; - uint16_t ptype; - uint16_t opcode; - uint32_t saddr; - uint32_t smsk; - uint32_t daddr; - uint32_t dmsk; + __be16 htype; + __be16 ptype; + __be16 opcode; + __be32 saddr; + __be32 smsk; + __be32 daddr; + __be32 dmsk; unsigned char smaddr[ETH_ALEN]; unsigned char smmsk[ETH_ALEN]; unsigned char dmaddr[ETH_ALEN]; diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h index 7247385cdcb..d6847475bf2 100644 --- a/include/linux/netfilter_bridge/ebt_ip.h +++ b/include/linux/netfilter_bridge/ebt_ip.h @@ -28,10 +28,10 @@ /* the same values are used for the invflags */ struct ebt_ip_info { - uint32_t saddr; - uint32_t daddr; - uint32_t smsk; - uint32_t dmsk; + __be32 saddr; + __be32 daddr; + __be32 smsk; + __be32 dmsk; uint8_t tos; uint8_t protocol; uint8_t bitmask; diff --git a/include/linux/netfilter_bridge/ebt_nat.h b/include/linux/netfilter_bridge/ebt_nat.h index 26fd90da4cd..435b886a51a 100644 --- a/include/linux/netfilter_bridge/ebt_nat.h +++ b/include/linux/netfilter_bridge/ebt_nat.h @@ -1,6 +1,7 @@ #ifndef __LINUX_BRIDGE_EBT_NAT_H #define __LINUX_BRIDGE_EBT_NAT_H +#define NAT_ARP_BIT (0x00000010) struct ebt_nat_info { unsigned char mac[ETH_ALEN]; diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h index cb1fcc41565..1d98be4031e 100644 --- a/include/linux/netfilter_bridge/ebt_vlan.h +++ b/include/linux/netfilter_bridge/ebt_vlan.h @@ -10,7 +10,7 @@ struct ebt_vlan_info { uint16_t id; /* VLAN ID {1-4095} */ uint8_t prio; /* VLAN User Priority {0-7} */ - uint16_t encap; /* VLAN Encapsulated frame code {0-65535} */ + __be16 encap; /* VLAN Encapsulated frame code {0-65535} */ uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg, bit 2=1 User-Priority arg, bit 3=1 encap*/ uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg, diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index b1a7cc90877..94e0a7dc0cb 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h @@ -26,6 +26,10 @@ #define EBT_CONTINUE -3 #define EBT_RETURN -4 #define NUM_STANDARD_TARGETS 4 +/* ebtables target modules store the verdict inside an int. We can + * reclaim a part of this int for backwards compatible extensions. + * The 4 lsb are more than enough to store the verdict. */ +#define EBT_VERDICT_BITS 0x0000000F struct ebt_counter { @@ -42,6 +46,23 @@ struct ebt_replace /* total size of the entries */ unsigned int entries_size; /* start of the chains */ + struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS]; + /* nr of counters userspace expects back */ + unsigned int num_counters; + /* where the kernel will put the old counters */ + struct ebt_counter __user *counters; + char __user *entries; +}; + +struct ebt_replace_kernel +{ + char name[EBT_TABLE_MAXNAMELEN]; + unsigned int valid_hooks; + /* nr of rules in the table */ + unsigned int nentries; + /* total size of the entries */ + unsigned int entries_size; + /* start of the chains */ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; /* nr of counters userspace expects back */ unsigned int num_counters; @@ -141,7 +162,7 @@ struct ebt_entry { /* this needs to be the first field */ unsigned int bitmask; unsigned int invflags; - uint16_t ethproto; + __be16 ethproto; /* the physical in-dev */ char in[IFNAMSIZ]; /* the logical in-dev */ @@ -251,7 +272,7 @@ struct ebt_table { struct list_head list; char name[EBT_TABLE_MAXNAMELEN]; - struct ebt_replace *table; + struct ebt_replace_kernel *table; unsigned int valid_hooks; rwlock_t lock; /* e.g. could be the table explicitly only allows certain |