Where Online Learning is simpler!

The C and C++ Include Header Files

/usr/include/linux/netfilter_arp/arp_tables.h


$ cat -n /usr/include/linux/netfilter_arp/arp_tables.h

     1	/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
     2	/*
     3	 * 	Format of an ARP firewall descriptor
     4	 *
     5	 * 	src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in
     6	 *	network byte order.
     7	 * 	flags are stored in host byte order (of course).
     8	 */
     9	
    10	#ifndef _ARPTABLES_H
    11	#define _ARPTABLES_H
    12	
    13	#include <linux/types.h>
    14	
    15	#include <linux/if.h>
    16	#include <linux/netfilter_arp.h>
    17	
    18	#include <linux/netfilter/x_tables.h>
    19	
    20	#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
    21	#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
    22	#define arpt_entry_target xt_entry_target
    23	#define arpt_standard_target xt_standard_target
    24	#define arpt_error_target xt_error_target
    25	#define ARPT_CONTINUE XT_CONTINUE
    26	#define ARPT_RETURN XT_RETURN
    27	#define arpt_counters_info xt_counters_info
    28	#define arpt_counters xt_counters
    29	#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
    30	#define ARPT_ERROR_TARGET XT_ERROR_TARGET
    31	#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
    32		XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
    33	
    34	#define ARPT_DEV_ADDR_LEN_MAX 16
    35	
    36	struct arpt_devaddr_info {
    37		char addr[ARPT_DEV_ADDR_LEN_MAX];
    38		char mask[ARPT_DEV_ADDR_LEN_MAX];
    39	};
    40	
    41	/* Yes, Virginia, you have to zero the padding. */
    42	struct arpt_arp {
    43		/* Source and target IP addr */
    44		struct in_addr src, tgt;
    45		/* Mask for src and target IP addr */
    46		struct in_addr smsk, tmsk;
    47	
    48		/* Device hw address length, src+target device addresses */
    49		__u8 arhln, arhln_mask;
    50		struct arpt_devaddr_info src_devaddr;
    51		struct arpt_devaddr_info tgt_devaddr;
    52	
    53		/* ARP operation code. */
    54		__be16 arpop, arpop_mask;
    55	
    56		/* ARP hardware address and protocol address format. */
    57		__be16 arhrd, arhrd_mask;
    58		__be16 arpro, arpro_mask;
    59	
    60		/* The protocol address length is only accepted if it is 4
    61		 * so there is no use in offering a way to do filtering on it.
    62		 */
    63	
    64		char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
    65		unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
    66	
    67		/* Flags word */
    68		__u8 flags;
    69		/* Inverse flags */
    70		__u16 invflags;
    71	};
    72	
    73	/* Values for "flag" field in struct arpt_ip (general arp structure).
    74	 * No flags defined yet.
    75	 */
    76	#define ARPT_F_MASK		0x00	/* All possible flag bits mask. */
    77	
    78	/* Values for "inv" field in struct arpt_arp. */
    79	#define ARPT_INV_VIA_IN		0x0001	/* Invert the sense of IN IFACE. */
    80	#define ARPT_INV_VIA_OUT	0x0002	/* Invert the sense of OUT IFACE */
    81	#define ARPT_INV_SRCIP		0x0004	/* Invert the sense of SRC IP. */
    82	#define ARPT_INV_TGTIP		0x0008	/* Invert the sense of TGT IP. */
    83	#define ARPT_INV_SRCDEVADDR	0x0010	/* Invert the sense of SRC DEV ADDR. */
    84	#define ARPT_INV_TGTDEVADDR	0x0020	/* Invert the sense of TGT DEV ADDR. */
    85	#define ARPT_INV_ARPOP		0x0040	/* Invert the sense of ARP OP. */
    86	#define ARPT_INV_ARPHRD		0x0080	/* Invert the sense of ARP HRD. */
    87	#define ARPT_INV_ARPPRO		0x0100	/* Invert the sense of ARP PRO. */
    88	#define ARPT_INV_ARPHLN		0x0200	/* Invert the sense of ARP HLN. */
    89	#define ARPT_INV_MASK		0x03FF	/* All possible flag bits mask. */
    90	
    91	/* This structure defines each of the firewall rules.  Consists of 3
    92	   parts which are 1) general ARP header stuff 2) match specific
    93	   stuff 3) the target to perform if the rule matches */
    94	struct arpt_entry
    95	{
    96		struct arpt_arp arp;
    97	
    98		/* Size of arpt_entry + matches */
    99		__u16 target_offset;
   100		/* Size of arpt_entry + matches + target */
   101		__u16 next_offset;
   102	
   103		/* Back pointer */
   104		unsigned int comefrom;
   105	
   106		/* Packet and byte counters. */
   107		struct xt_counters counters;
   108	
   109		/* The matches (if any), then the target. */
   110		unsigned char elems[];
   111	};
   112	
   113	/*
   114	 * New IP firewall options for [gs]etsockopt at the RAW IP level.
   115	 * Unlike BSD Linux inherits IP options so you don't have to use a raw
   116	 * socket for this. Instead we check rights in the calls.
   117	 *
   118	 * ATTENTION: check linux/in.h before adding new number here.
   119	 */
   120	#define ARPT_BASE_CTL		96
   121	
   122	#define ARPT_SO_SET_REPLACE		(ARPT_BASE_CTL)
   123	#define ARPT_SO_SET_ADD_COUNTERS	(ARPT_BASE_CTL + 1)
   124	#define ARPT_SO_SET_MAX			ARPT_SO_SET_ADD_COUNTERS
   125	
   126	#define ARPT_SO_GET_INFO		(ARPT_BASE_CTL)
   127	#define ARPT_SO_GET_ENTRIES		(ARPT_BASE_CTL + 1)
   128	/* #define ARPT_SO_GET_REVISION_MATCH	(APRT_BASE_CTL + 2) */
   129	#define ARPT_SO_GET_REVISION_TARGET	(ARPT_BASE_CTL + 3)
   130	#define ARPT_SO_GET_MAX			(ARPT_SO_GET_REVISION_TARGET)
   131	
   132	/* The argument to ARPT_SO_GET_INFO */
   133	struct arpt_getinfo {
   134		/* Which table: caller fills this in. */
   135		char name[XT_TABLE_MAXNAMELEN];
   136	
   137		/* Kernel fills these in. */
   138		/* Which hook entry points are valid: bitmask */
   139		unsigned int valid_hooks;
   140	
   141		/* Hook entry points: one per netfilter hook. */
   142		unsigned int hook_entry[NF_ARP_NUMHOOKS];
   143	
   144		/* Underflow points. */
   145		unsigned int underflow[NF_ARP_NUMHOOKS];
   146	
   147		/* Number of entries */
   148		unsigned int num_entries;
   149	
   150		/* Size of entries. */
   151		unsigned int size;
   152	};
   153	
   154	/* The argument to ARPT_SO_SET_REPLACE. */
   155	struct arpt_replace {
   156		/* Which table. */
   157		char name[XT_TABLE_MAXNAMELEN];
   158	
   159		/* Which hook entry points are valid: bitmask.  You can't
   160	           change this. */
   161		unsigned int valid_hooks;
   162	
   163		/* Number of entries */
   164		unsigned int num_entries;
   165	
   166		/* Total size of new entries */
   167		unsigned int size;
   168	
   169		/* Hook entry points. */
   170		unsigned int hook_entry[NF_ARP_NUMHOOKS];
   171	
   172		/* Underflow points. */
   173		unsigned int underflow[NF_ARP_NUMHOOKS];
   174	
   175		/* Information about old entries: */
   176		/* Number of counters (must be equal to current number of entries). */
   177		unsigned int num_counters;
   178		/* The old entries' counters. */
   179		struct xt_counters *counters;
   180	
   181		/* The entries (hang off end: not really an array). */
   182		struct arpt_entry entries[];
   183	};
   184	
   185	/* The argument to ARPT_SO_GET_ENTRIES. */
   186	struct arpt_get_entries {
   187		/* Which table: user fills this in. */
   188		char name[XT_TABLE_MAXNAMELEN];
   189	
   190		/* User fills this in: total entry size. */
   191		unsigned int size;
   192	
   193		/* The entries. */
   194		struct arpt_entry entrytable[];
   195	};
   196	
   197	/* Helper functions */
   198	static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
   199	{
   200		return (struct xt_entry_target *)((char *)e + e->target_offset);
   201	}
   202	
   203	/*
   204	 *	Main firewall chains definitions and global var's definitions.
   205	 */
   206	#endif /* _ARPTABLES_H */