summaryrefslogtreecommitdiff
path: root/polux/application/ebtables/include
diff options
context:
space:
mode:
Diffstat (limited to 'polux/application/ebtables/include')
-rw-r--r--polux/application/ebtables/include/ebtables.h272
-rw-r--r--polux/application/ebtables/include/ebtables_u.h259
-rw-r--r--polux/application/ebtables/include/ethernetdb.h58
-rw-r--r--polux/application/ebtables/include/linux/if_ether.h104
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge.h104
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_802_3.h60
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_among.h65
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_arp.h32
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_arpreply.h11
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_ip.h43
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_limit.h23
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_log.h18
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_m.h15
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_t.h12
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_nat.h13
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_pkttype.h11
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_plc.h30
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_redirect.h11
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_stp.h46
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan.h24
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan_t.h18
-rw-r--r--polux/application/ebtables/include/linux/netfilter_bridge/ebtables.h272
22 files changed, 1501 insertions, 0 deletions
diff --git a/polux/application/ebtables/include/ebtables.h b/polux/application/ebtables/include/ebtables.h
new file mode 100644
index 0000000000..1eac563c12
--- /dev/null
+++ b/polux/application/ebtables/include/ebtables.h
@@ -0,0 +1,272 @@
+/*
+ * ebtables
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * ebtables.c,v 2.0, April, 2002
+ *
+ * This code is stongly inspired on the iptables code which is
+ * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
+ */
+
+/* Local copy of the kernel file, needed for Sparc64 support */
+#ifndef __LINUX_BRIDGE_EFF_H
+#define __LINUX_BRIDGE_EFF_H
+#include <linux/if.h>
+#include <linux/netfilter_bridge.h>
+#include <linux/if_ether.h>
+
+#define EBT_TABLE_MAXNAMELEN 32
+#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+
+/* verdicts >0 are "branches" */
+#define EBT_ACCEPT -1
+#define EBT_DROP -2
+#define EBT_CONTINUE -3
+#define EBT_RETURN -4
+#define NUM_STANDARD_TARGETS 4
+
+struct ebt_counter
+{
+ uint64_t pcnt;
+ uint64_t bcnt;
+};
+
+struct ebt_replace
+{
+ char name[EBT_TABLE_MAXNAMELEN];
+ unsigned int valid_hooks;
+ /* nr of rules in the table */
+ unsigned int nentries;
+ /* total size of the entries */
+ unsigned int entries_size;
+ /* start of the chains */
+#ifdef KERNEL_64_USERSPACE_32
+ uint64_t hook_entry[NF_BR_NUMHOOKS];
+#else
+ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
+#endif
+ /* nr of counters userspace expects back */
+ unsigned int num_counters;
+ /* where the kernel will put the old counters */
+#ifdef KERNEL_64_USERSPACE_32
+ uint64_t counters;
+ uint64_t entries;
+#else
+ struct ebt_counter *counters;
+ char *entries;
+#endif
+};
+
+struct ebt_entries {
+ /* this field is always set to zero
+ * See EBT_ENTRY_OR_ENTRIES.
+ * Must be same size as ebt_entry.bitmask */
+ unsigned int distinguisher;
+ /* the chain name */
+ char name[EBT_CHAIN_MAXNAMELEN];
+ /* counter offset for this chain */
+ unsigned int counter_offset;
+ /* one standard (accept, drop, return) per hook */
+ int policy;
+ /* nr. of entries */
+ unsigned int nentries;
+ /* entry list */
+ char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+/* used for the bitmask of struct ebt_entry */
+
+/* This is a hack to make a difference between an ebt_entry struct and an
+ * ebt_entries struct when traversing the entries from start to end.
+ * Using this simplifies the code alot, while still being able to use
+ * ebt_entries.
+ * Contrary, iptables doesn't use something like ebt_entries and therefore uses
+ * different techniques for naming the policy and such. So, iptables doesn't
+ * need a hack like this.
+ */
+#define EBT_ENTRY_OR_ENTRIES 0x01
+/* these are the normal masks */
+#define EBT_NOPROTO 0x02
+#define EBT_802_3 0x04
+#define EBT_SOURCEMAC 0x08
+#define EBT_DESTMAC 0x10
+#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
+ | EBT_ENTRY_OR_ENTRIES)
+
+#define EBT_IPROTO 0x01
+#define EBT_IIN 0x02
+#define EBT_IOUT 0x04
+#define EBT_ISOURCE 0x8
+#define EBT_IDEST 0x10
+#define EBT_ILOGICALIN 0x20
+#define EBT_ILOGICALOUT 0x40
+#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
+ | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
+
+struct ebt_entry_match
+{
+ union {
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ struct ebt_match *match;
+ } u;
+ /* size of data */
+ unsigned int match_size;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+struct ebt_entry_watcher
+{
+ union {
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ struct ebt_watcher *watcher;
+ } u;
+ /* size of data */
+ unsigned int watcher_size;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+struct ebt_entry_target
+{
+ union {
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ struct ebt_target *target;
+ } u;
+ /* size of data */
+ unsigned int target_size;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+#define EBT_STANDARD_TARGET "standard"
+struct ebt_standard_target
+{
+ struct ebt_entry_target target;
+ int verdict;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+};
+
+/* one entry */
+struct ebt_entry {
+ /* this needs to be the first field */
+ unsigned int bitmask;
+ unsigned int invflags;
+ uint16_t ethproto;
+ /* the physical in-dev */
+ char in[IFNAMSIZ];
+ /* the logical in-dev */
+ char logical_in[IFNAMSIZ];
+ /* the physical out-dev */
+ char out[IFNAMSIZ];
+ /* the logical out-dev */
+ char logical_out[IFNAMSIZ];
+ unsigned char sourcemac[ETH_ALEN];
+ unsigned char sourcemsk[ETH_ALEN];
+ unsigned char destmac[ETH_ALEN];
+ unsigned char destmsk[ETH_ALEN];
+ /* sizeof ebt_entry + matches */
+ unsigned int watchers_offset;
+ /* sizeof ebt_entry + matches + watchers */
+ unsigned int target_offset;
+ /* sizeof ebt_entry + matches + watchers + target */
+ unsigned int next_offset;
+ unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+/* {g,s}etsockopt numbers */
+#define EBT_BASE_CTL 128
+
+#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
+#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
+#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
+
+#define EBT_SO_GET_INFO (EBT_BASE_CTL)
+#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
+#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
+#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
+#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
+
+/* blatently stolen from ip_tables.h
+ * fn returns 0 to continue iteration */
+#define EBT_MATCH_ITERATE(e, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct ebt_entry_match *__match; \
+ \
+ for (__i = sizeof(struct ebt_entry); \
+ __i < (e)->watchers_offset; \
+ __i += __match->match_size + \
+ sizeof(struct ebt_entry_match)) { \
+ __match = (void *)(e) + __i; \
+ \
+ __ret = fn(__match , ## args); \
+ if (__ret != 0) \
+ break; \
+ } \
+ if (__ret == 0) { \
+ if (__i != (e)->watchers_offset) \
+ __ret = -EINVAL; \
+ } \
+ __ret; \
+})
+
+#define EBT_WATCHER_ITERATE(e, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct ebt_entry_watcher *__watcher; \
+ \
+ for (__i = e->watchers_offset; \
+ __i < (e)->target_offset; \
+ __i += __watcher->watcher_size + \
+ sizeof(struct ebt_entry_watcher)) { \
+ __watcher = (void *)(e) + __i; \
+ \
+ __ret = fn(__watcher , ## args); \
+ if (__ret != 0) \
+ break; \
+ } \
+ if (__ret == 0) { \
+ if (__i != (e)->target_offset) \
+ __ret = -EINVAL; \
+ } \
+ __ret; \
+})
+
+#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct ebt_entry *__entry; \
+ \
+ for (__i = 0; __i < (size);) { \
+ __entry = (void *)(entries) + __i; \
+ __ret = fn(__entry , ## args); \
+ if (__ret != 0) \
+ break; \
+ if (__entry->bitmask != 0) \
+ __i += __entry->next_offset; \
+ else \
+ __i += sizeof(struct ebt_entries); \
+ } \
+ if (__ret == 0) { \
+ if (__i != (size)) \
+ __ret = -EINVAL; \
+ } \
+ __ret; \
+})
+
+#endif
diff --git a/polux/application/ebtables/include/ebtables_u.h b/polux/application/ebtables/include/ebtables_u.h
new file mode 100644
index 0000000000..914a0f9f82
--- /dev/null
+++ b/polux/application/ebtables/include/ebtables_u.h
@@ -0,0 +1,259 @@
+/*
+ * $Id: ebtables.c,v 1.03 2002/01/19
+ *
+ * Copyright (C) 2001-2002 Bart De Schuymer
+ *
+ * This code is stongly inspired on the iptables code which is
+ * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef EBTABLES_U_H
+#define EBTABLES_U_H
+#include <netinet/in.h>
+#include <linux/netfilter_bridge/ebtables.h>
+
+#ifndef EBT_MIN_ALIGN
+#define EBT_MIN_ALIGN (__alignof__(struct ebt_entry_target))
+#endif
+#define EBT_ALIGN(s) (((s) + (EBT_MIN_ALIGN-1)) & ~(EBT_MIN_ALIGN-1))
+
+struct ebt_u_entries
+{
+ int policy;
+ unsigned int nentries;
+ /* counter offset for this chain */
+ unsigned int counter_offset;
+ /* used for udc */
+ unsigned int hook_mask;
+ char name[EBT_CHAIN_MAXNAMELEN];
+ struct ebt_u_entry *entries;
+};
+
+struct ebt_u_chain_list
+{
+ struct ebt_u_entries *udc;
+ struct ebt_u_chain_list *next;
+ /* this is only used internally, in communication.c */
+ char *kernel_start;
+};
+
+struct ebt_u_replace
+{
+ char name[EBT_TABLE_MAXNAMELEN];
+ unsigned int valid_hooks;
+ /* nr of rules in the table */
+ unsigned int nentries;
+ struct ebt_u_entries *hook_entry[NF_BR_NUMHOOKS];
+ /* user defined chains (udc) list */
+ struct ebt_u_chain_list *udc;
+ /* nr of counters userspace expects back */
+ unsigned int num_counters;
+ /* where the kernel will put the old counters */
+ struct ebt_counter *counters;
+ /*
+ * can be used e.g. to know if a standard option
+ * has been specified twice
+ */
+ unsigned int flags;
+ /* we stick the specified command (e.g. -A) in here */
+ char command;
+ /*
+ * here we stick the hook to do our thing on (can be -1 if unspecified)
+ */
+ int selected_hook;
+ /* used for the atomic option */
+ char *filename;
+ /* tells what happened to the old rules */
+ unsigned short *counterchanges;
+};
+
+struct ebt_u_table
+{
+ char name[EBT_TABLE_MAXNAMELEN];
+ void (*check)(struct ebt_u_replace *repl);
+ void (*help)(char **);
+ struct ebt_u_table *next;
+};
+
+struct ebt_u_match_list
+{
+ struct ebt_u_match_list *next;
+ struct ebt_entry_match *m;
+};
+
+struct ebt_u_watcher_list
+{
+ struct ebt_u_watcher_list *next;
+ struct ebt_entry_watcher *w;
+};
+
+struct ebt_u_entry
+{
+ unsigned int bitmask;
+ unsigned int invflags;
+ uint16_t ethproto;
+ char in[IFNAMSIZ];
+ char logical_in[IFNAMSIZ];
+ char out[IFNAMSIZ];
+ char logical_out[IFNAMSIZ];
+ unsigned char sourcemac[ETH_ALEN];
+ unsigned char sourcemsk[ETH_ALEN];
+ unsigned char destmac[ETH_ALEN];
+ unsigned char destmsk[ETH_ALEN];
+ struct ebt_u_match_list *m_list;
+ struct ebt_u_watcher_list *w_list;
+ struct ebt_entry_target *t;
+ struct ebt_u_entry *next;
+};
+
+struct ebt_u_match
+{
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ /* size of the real match data */
+ unsigned int size;
+ void (*help)(void);
+ void (*init)(struct ebt_entry_match *m);
+ int (*parse)(int c, char **argv, int argc,
+ const struct ebt_u_entry *entry, unsigned int *flags,
+ struct ebt_entry_match **match);
+ void (*final_check)(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match,
+ const char *name, unsigned int hookmask, unsigned int time);
+ void (*print)(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match);
+ int (*compare)(const struct ebt_entry_match *m1,
+ const struct ebt_entry_match *m2);
+ const struct option *extra_ops;
+ /*
+ * can be used e.g. to check for multiple occurance of the same option
+ */
+ unsigned int flags;
+ unsigned int option_offset;
+ struct ebt_entry_match *m;
+ /*
+ * if used == 1 we no longer have to add it to
+ * the match chain of the new entry
+ */
+ unsigned int used;
+ struct ebt_u_match *next;
+};
+
+struct ebt_u_watcher
+{
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ unsigned int size;
+ void (*help)(void);
+ void (*init)(struct ebt_entry_watcher *w);
+ int (*parse)(int c, char **argv, int argc,
+ const struct ebt_u_entry *entry, unsigned int *flags,
+ struct ebt_entry_watcher **watcher);
+ void (*final_check)(const struct ebt_u_entry *entry,
+ const struct ebt_entry_watcher *watch, const char *name,
+ unsigned int hookmask, unsigned int time);
+ void (*print)(const struct ebt_u_entry *entry,
+ const struct ebt_entry_watcher *watcher);
+ int (*compare)(const struct ebt_entry_watcher *w1,
+ const struct ebt_entry_watcher *w2);
+ const struct option *extra_ops;
+ unsigned int flags;
+ unsigned int option_offset;
+ struct ebt_entry_watcher *w;
+ unsigned int used;
+ struct ebt_u_watcher *next;
+};
+
+struct ebt_u_target
+{
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ unsigned int size;
+ void (*help)(void);
+ void (*init)(struct ebt_entry_target *t);
+ int (*parse)(int c, char **argv, int argc,
+ const struct ebt_u_entry *entry, unsigned int *flags,
+ struct ebt_entry_target **target);
+ void (*final_check)(const struct ebt_u_entry *entry,
+ const struct ebt_entry_target *target, const char *name,
+ unsigned int hookmask, unsigned int time);
+ void (*print)(const struct ebt_u_entry *entry,
+ const struct ebt_entry_target *target);
+ int (*compare)(const struct ebt_entry_target *t1,
+ const struct ebt_entry_target *t2);
+ const struct option *extra_ops;
+ unsigned int option_offset;
+ unsigned int flags;
+ struct ebt_entry_target *t;
+ unsigned int used;
+ struct ebt_u_target *next;
+};
+
+void register_table(struct ebt_u_table *);
+void register_match(struct ebt_u_match *);
+void register_watcher(struct ebt_u_watcher *);
+void register_target(struct ebt_u_target *t);
+int get_table(struct ebt_u_replace *repl);
+struct ebt_u_target *find_target(const char *name);
+struct ebt_u_match *find_match(const char *name);
+struct ebt_u_watcher *find_watcher(const char *name);
+struct ebt_u_table *find_table(char *name);
+void deliver_counters(struct ebt_u_replace *repl);
+void deliver_table(struct ebt_u_replace *repl);
+void check_option(unsigned int *flags, unsigned int mask);
+int check_inverse(const char option[]);
+void print_mac(const char *mac);
+void print_mac_and_mask(const char *mac, const char *mask);
+int ebtables_insmod(const char *modname);
+void __print_bug(char *file, int line, char *format, ...);
+#define print_bug(format, args...) \
+ __print_bug(__FILE__, __LINE__, format, ##args)
+#define print_error(format,args...) {printf(format,##args);\
+ printf(".\n");exit(-1);}
+#define print_memory() {printf("Ebtables: " __FILE__ \
+ " %s %d :Out of memory.\n", __FUNCTION__, __LINE__); exit(-1);}
+
+/* used for keeping the rule counters right during rule adds or deletes */
+#define CNT_NORM 0
+#define CNT_DEL 1
+#define CNT_ADD 2
+#define CNT_END 3
+#define CNT_ZERO 4
+
+extern char *standard_targets[NUM_STANDARD_TARGETS];
+/*
+ * Transforms a target string into the right integer,
+ * returns 0 on success.
+ */
+#define FILL_TARGET(_str, _pos) ({ \
+ int _i, _ret = 0; \
+ for (_i = 0; _i < NUM_STANDARD_TARGETS; _i++) \
+ if (!strcmp(_str, standard_targets[_i])) {\
+ _pos = -_i - 1; \
+ break; \
+ } \
+ if (_i == NUM_STANDARD_TARGETS) \
+ _ret = 1; \
+ _ret; \
+})
+
+/* Transforms the target value to an index into standard_targets[] */
+#define TARGET_INDEX(_value) (-_value - 1)
+/* Returns a target string corresponding to the value */
+#define TARGET_NAME(_value) (standard_targets[TARGET_INDEX(_value)])
+/* True if the hook mask denotes that the rule is in a base chain */
+#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS))
+/* Clear the bit in the hook_mask that tells if the rule is on a base chain */
+#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS))
+#endif /* EBTABLES_U_H */
diff --git a/polux/application/ebtables/include/ethernetdb.h b/polux/application/ebtables/include/ethernetdb.h
new file mode 100644
index 0000000000..46d8bfd1b7
--- /dev/null
+++ b/polux/application/ebtables/include/ethernetdb.h
@@ -0,0 +1,58 @@
+/*
+* This program is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/* All data returned by the network data base library are supplied in
+ host order and returned in network order (suitable for use in
+ system calls). */
+
+#ifndef _ETHERNETDB_H
+#define _ETHERNETDB_H 1
+
+#include <features.h>
+#include <netinet/in.h>
+#include <stdint.h>
+
+/* Absolute file name for network data base files. */
+#ifndef _PATH_ETHERTYPES
+#define _PATH_ETHERTYPES "/etc/ethertypes"
+#endif /* _PATH_ETHERTYPES */
+
+struct ethertypeent {
+ char *e_name; /* Official ethernet type name. */
+ char **e_aliases; /* Alias list. */
+ int e_ethertype; /* Ethernet type number. */
+};
+
+/* Open ethertype data base files and mark them as staying open even
+ after a later search if STAY_OPEN is non-zero. */
+extern void setethertypeent(int __stay_open) __THROW;
+
+/* Close ethertype data base files and clear `stay open' flag. */
+extern void endethertypeent(void) __THROW;
+
+/* Get next entry from ethertype data base file. Open data base if
+ necessary. */
+extern struct ethertypeent *getethertypeent(void) __THROW;
+
+/* Return entry from ethertype data base for network with NAME. */
+extern struct ethertypeent *getethertypebyname(__const char *__name)
+ __THROW;
+
+/* Return entry from ethertype data base which number is PROTO. */
+extern struct ethertypeent *getethertypebynumber(int __ethertype) __THROW;
+
+
+#endif /* ethernetdb.h */
diff --git a/polux/application/ebtables/include/linux/if_ether.h b/polux/application/ebtables/include/linux/if_ether.h
new file mode 100644
index 0000000000..11f31f6d26
--- /dev/null
+++ b/polux/application/ebtables/include/linux/if_ether.h
@@ -0,0 +1,104 @@
+/*
+ * INET An implementation of the TCP/IP protocol suite for the LINUX
+ * operating system. INET is implemented using the BSD Socket
+ * interface as the means of communication with the user level.
+ *
+ * Global definitions for the Ethernet IEEE 802.3 interface.
+ *
+ * Version: @(#)if_ether.h 1.0.1a 02/08/94
+ *
+ * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
+ * Donald Becker, <becker@super.org>
+ * Alan Cox, <alan@redhat.com>
+ * Steve Whitehouse, <gw7rrm@eeshack3.swan.ac.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_IF_ETHER_H
+#define _LINUX_IF_ETHER_H
+
+/*
+ * IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble
+ * and FCS/CRC (frame check sequence).
+ */
+
+#define ETH_ALEN 6 /* Octets in one ethernet addr */
+#define ETH_HLEN 14 /* Total octets in header. */
+#define ETH_ZLEN 60 /* Min. octets in frame sans FCS */
+#define ETH_DATA_LEN 1500 /* Max. octets in payload */
+#define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */
+
+/*
+ * These are the defined Ethernet Protocol ID's.
+ */
+
+#define ETH_P_LOOP 0x0060 /* Ethernet Loopback packet */
+#define ETH_P_PUP 0x0200 /* Xerox PUP packet */
+#define ETH_P_PUPAT 0x0201 /* Xerox PUP Addr Trans packet */
+#define ETH_P_IP 0x0800 /* Internet Protocol packet */
+#define ETH_P_X25 0x0805 /* CCITT X.25 */
+#define ETH_P_ARP 0x0806 /* Address Resolution packet */
+#define ETH_P_BPQ 0x08FF /* G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] */
+#define ETH_P_IEEEPUP 0x0a00 /* Xerox IEEE802.3 PUP packet */
+#define ETH_P_IEEEPUPAT 0x0a01 /* Xerox IEEE802.3 PUP Addr Trans packet */
+#define ETH_P_DEC 0x6000 /* DEC Assigned proto */
+#define ETH_P_DNA_DL 0x6001 /* DEC DNA Dump/Load */
+#define ETH_P_DNA_RC 0x6002 /* DEC DNA Remote Console */
+#define ETH_P_DNA_RT 0x6003 /* DEC DNA Routing */
+#define ETH_P_LAT 0x6004 /* DEC LAT */
+#define ETH_P_DIAG 0x6005 /* DEC Diagnostics */
+#define ETH_P_CUST 0x6006 /* DEC Customer use */
+#define ETH_P_SCA 0x6007 /* DEC Systems Comms Arch */
+#define ETH_P_RARP 0x8035 /* Reverse Addr Res packet */
+#define ETH_P_ATALK 0x809B /* Appletalk DDP */
+#define ETH_P_AARP 0x80F3 /* Appletalk AARP */
+#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */
+#define ETH_P_IPX 0x8137 /* IPX over DIX */
+#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */
+#define ETH_P_PPP_DISC 0x8863 /* PPPoE discovery messages */
+#define ETH_P_PPP_SES 0x8864 /* PPPoE session messages */
+#define ETH_P_MPLS_UC 0x8847 /* MPLS Unicast traffic */
+#define ETH_P_MPLS_MC 0x8848 /* MPLS Multicast traffic */
+#define ETH_P_ATMMPOA 0x884c /* MultiProtocol Over ATM */
+#define ETH_P_ATMFATE 0x8884 /* Frame-based ATM Transport
+ * over Ethernet
+ */
+#define ETH_P_EDP2 0x88A2 /* Coraid EDP2 */
+
+/*
+ * Non DIX types. Won't clash for 1500 types.
+ */
+
+#define ETH_P_802_3 0x0001 /* Dummy type for 802.3 frames */
+#define ETH_P_AX25 0x0002 /* Dummy protocol id for AX.25 */
+#define ETH_P_ALL 0x0003 /* Every packet (be careful!!!) */
+#define ETH_P_802_2 0x0004 /* 802.2 frames */
+#define ETH_P_SNAP 0x0005 /* Internal only */
+#define ETH_P_DDCMP 0x0006 /* DEC DDCMP: Internal only */
+#define ETH_P_WAN_PPP 0x0007 /* Dummy type for WAN PPP frames*/
+#define ETH_P_PPP_MP 0x0008 /* Dummy type for PPP MP frames */
+#define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */
+#define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/
+#define ETH_P_TR_802_2 0x0011 /* 802.2 frames */
+#define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */
+#define ETH_P_CONTROL 0x0016 /* Card specific control frames */
+#define ETH_P_IRDA 0x0017 /* Linux-IrDA */
+#define ETH_P_ECONET 0x0018 /* Acorn Econet */
+#define ETH_P_HDLC 0x0019 /* HDLC frames */
+
+/*
+ * This is an Ethernet frame header.
+ */
+
+struct ethhdr
+{
+ unsigned char h_dest[ETH_ALEN]; /* destination eth addr */
+ unsigned char h_source[ETH_ALEN]; /* source ether addr */
+ unsigned short h_proto; /* packet type ID field */
+} __attribute__((packed));
+
+#endif /* _LINUX_IF_ETHER_H */
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge.h b/polux/application/ebtables/include/linux/netfilter_bridge.h
new file mode 100644
index 0000000000..88cc98af2d
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge.h
@@ -0,0 +1,104 @@
+#ifndef __LINUX_BRIDGE_NETFILTER_H
+#define __LINUX_BRIDGE_NETFILTER_H
+
+/* bridge-specific defines for netfilter.
+ */
+
+#include <linux/config.h>
+#include <linux/netfilter.h>
+#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
+#include <asm/atomic.h>
+#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
+#include <linux/if_ether.h>
+#endif
+#endif
+
+/* Bridge Hooks */
+/* After promisc drops, checksum checks. */
+#define NF_BR_PRE_ROUTING 0
+/* If the packet is destined for this box. */
+#define NF_BR_LOCAL_IN 1
+/* If the packet is destined for another interface. */
+#define NF_BR_FORWARD 2
+/* Packets coming from a local process. */
+#define NF_BR_LOCAL_OUT 3
+/* Packets about to hit the wire. */
+#define NF_BR_POST_ROUTING 4
+/* Not really a hook, but used for the ebtables broute table */
+#define NF_BR_BROUTING 5
+#define NF_BR_NUMHOOKS 6
+
+#ifdef __KERNEL__
+
+enum nf_br_hook_priorities {
+ NF_BR_PRI_FIRST = INT_MIN,
+ NF_BR_PRI_NAT_DST_BRIDGED = -300,
+ NF_BR_PRI_FILTER_BRIDGED = -200,
+ NF_BR_PRI_BRNF = 0,
+ NF_BR_PRI_NAT_DST_OTHER = 100,
+ NF_BR_PRI_FILTER_OTHER = 200,
+ NF_BR_PRI_NAT_SRC = 300,
+ NF_BR_PRI_LAST = INT_MAX,
+};
+
+#ifdef CONFIG_BRIDGE_NETFILTER
+
+#define BRNF_PKT_TYPE 0x01
+#define BRNF_BRIDGED_DNAT 0x02
+#define BRNF_DONT_TAKE_PARENT 0x04
+#define BRNF_BRIDGED 0x08
+#define BRNF_NF_BRIDGE_PREROUTING 0x10
+
+static inline
+struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
+{
+ struct nf_bridge_info **nf_bridge = &(skb->nf_bridge);
+
+ if ((*nf_bridge = kmalloc(sizeof(**nf_bridge), GFP_ATOMIC)) != NULL) {
+ atomic_set(&(*nf_bridge)->use, 1);
+ (*nf_bridge)->mask = 0;
+ (*nf_bridge)->physindev = (*nf_bridge)->physoutdev = NULL;
+#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
+ (*nf_bridge)->netoutdev = NULL;
+#endif
+ }
+
+ return *nf_bridge;
+}
+
+/* Only used in br_forward.c */
+static inline
+void nf_bridge_maybe_copy_header(struct sk_buff *skb)
+{
+ if (skb->nf_bridge) {
+#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
+ if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
+ memcpy(skb->data - 18, skb->nf_bridge->hh, 18);
+ skb_push(skb, 4);
+ } else
+#endif
+ memcpy(skb->data - 16, skb->nf_bridge->hh, 16);
+ }
+}
+
+static inline
+void nf_bridge_save_header(struct sk_buff *skb)
+{
+ int header_size = 16;
+
+#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
+ if (skb->protocol == __constant_htons(ETH_P_8021Q))
+ header_size = 18;
+#endif
+ memcpy(skb->nf_bridge->hh, skb->data - header_size, header_size);
+}
+
+struct bridge_skb_cb {
+ union {
+ __u32 ipv4;
+ } daddr;
+};
+#endif /* CONFIG_BRIDGE_NETFILTER */
+
+#endif /* __KERNEL__ */
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_802_3.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_802_3.h
new file mode 100644
index 0000000000..b3d6c32190
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_802_3.h
@@ -0,0 +1,60 @@
+#ifndef __LINUX_BRIDGE_EBT_802_3_H
+#define __LINUX_BRIDGE_EBT_802_3_H
+
+#define EBT_802_3_SAP 0x01
+#define EBT_802_3_TYPE 0x02
+
+#define EBT_802_3_MATCH "802_3"
+
+/*
+ * If frame has DSAP/SSAP value 0xaa you must check the SNAP type
+ * to discover what kind of packet we're carrying.
+ */
+#define CHECK_TYPE 0xaa
+
+/*
+ * Control field may be one or two bytes. If the first byte has
+ * the value 0x03 then the entire length is one byte, otherwise it is two.
+ * One byte controls are used in Unnumbered Information frames.
+ * Two byte controls are used in Numbered Information frames.
+ */
+#define IS_UI 0x03
+
+#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
+
+/* ui has one byte ctrl, ni has two */
+struct hdr_ui {
+ uint8_t dsap;
+ uint8_t ssap;
+ uint8_t ctrl;
+ uint8_t orig[3];
+ uint16_t type;
+};
+
+struct hdr_ni {
+ uint8_t dsap;
+ uint8_t ssap;
+ uint16_t ctrl;
+ uint8_t orig[3];
+ uint16_t type;
+};
+
+struct ebt_802_3_hdr {
+ uint8_t daddr[6];
+ uint8_t saddr[6];
+ uint16_t len;
+ union {
+ struct hdr_ui ui;
+ struct hdr_ni ni;
+ } llc;
+};
+
+struct ebt_802_3_info
+{
+ uint8_t sap;
+ uint16_t type;
+ uint8_t bitmask;
+ uint8_t invflags;
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_among.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_among.h
new file mode 100644
index 0000000000..307c1fed85
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_among.h
@@ -0,0 +1,65 @@
+#ifndef __LINUX_BRIDGE_EBT_AMONG_H
+#define __LINUX_BRIDGE_EBT_AMONG_H
+
+#define EBT_AMONG_DST 0x01
+#define EBT_AMONG_SRC 0x02
+
+/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
+ *
+ * Write-once-read-many hash table, used for checking if a given
+ * MAC address belongs to a set or not and possibly for checking
+ * if it is related with a given IPv4 address.
+ *
+ * The hash value of an address is its last byte.
+ *
+ * In real-world ethernet addresses, values of the last byte are
+ * evenly distributed and there is no need to consider other bytes.
+ * It would only slow the routines down.
+ *
+ * For MAC address comparison speedup reasons, we introduce a trick.
+ * MAC address is mapped onto an array of two 32-bit integers.
+ * This pair of integers is compared with MAC addresses in the
+ * hash table, which are stored also in form of pairs of integers
+ * (in `cmp' array). This is quick as it requires only two elementary
+ * number comparisons in worst case. Further, we take advantage of
+ * fact that entropy of 3 last bytes of address is larger than entropy
+ * of 3 first bytes. So first we compare 4 last bytes of addresses and
+ * if they are the same we compare 2 first.
+ *
+ * Yes, it is a memory overhead, but in 2003 AD, who cares?
+ */
+
+struct ebt_mac_wormhash_tuple
+{
+ uint32_t cmp[2];
+ uint32_t ip;
+};
+
+struct ebt_mac_wormhash
+{
+ int table[257];
+ int poolsize;
+ struct ebt_mac_wormhash_tuple pool[0];
+};
+
+#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
+ + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
+
+struct ebt_among_info
+{
+ int wh_dst_ofs;
+ int wh_src_ofs;
+ int bitmask;
+};
+
+#define EBT_AMONG_DST_NEG 0x1
+#define EBT_AMONG_SRC_NEG 0x2
+
+#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
+ (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
+#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
+ (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
+
+#define EBT_AMONG_MATCH "among"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_arp.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_arp.h
new file mode 100644
index 0000000000..537ec6b487
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_arp.h
@@ -0,0 +1,32 @@
+#ifndef __LINUX_BRIDGE_EBT_ARP_H
+#define __LINUX_BRIDGE_EBT_ARP_H
+
+#define EBT_ARP_OPCODE 0x01
+#define EBT_ARP_HTYPE 0x02
+#define EBT_ARP_PTYPE 0x04
+#define EBT_ARP_SRC_IP 0x08
+#define EBT_ARP_DST_IP 0x10
+#define EBT_ARP_SRC_MAC 0x20
+#define EBT_ARP_DST_MAC 0x40
+#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
+ EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)
+#define EBT_ARP_MATCH "arp"
+
+struct ebt_arp_info
+{
+ uint16_t htype;
+ uint16_t ptype;
+ uint16_t opcode;
+ uint32_t saddr;
+ uint32_t smsk;
+ uint32_t daddr;
+ uint32_t dmsk;
+ unsigned char smaddr[ETH_ALEN];
+ unsigned char smmsk[ETH_ALEN];
+ unsigned char dmaddr[ETH_ALEN];
+ unsigned char dmmsk[ETH_ALEN];
+ uint8_t bitmask;
+ uint8_t invflags;
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_arpreply.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_arpreply.h
new file mode 100644
index 0000000000..96a8339960
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_arpreply.h
@@ -0,0 +1,11 @@
+#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
+#define __LINUX_BRIDGE_EBT_ARPREPLY_H
+
+struct ebt_arpreply_info
+{
+ unsigned char mac[ETH_ALEN];
+ int target;
+};
+#define EBT_ARPREPLY_TARGET "arpreply"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_ip.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_ip.h
new file mode 100644
index 0000000000..7247385cdc
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_ip.h
@@ -0,0 +1,43 @@
+/*
+ * ebt_ip
+ *
+ * Authors:
+ * Bart De Schuymer <bart.de.schuymer@pandora.be>
+ *
+ * April, 2002
+ *
+ * Changes:
+ * added ip-sport and ip-dport
+ * Innominate Security Technologies AG <mhopf@innominate.com>
+ * September, 2002
+ */
+
+#ifndef __LINUX_BRIDGE_EBT_IP_H
+#define __LINUX_BRIDGE_EBT_IP_H
+
+#define EBT_IP_SOURCE 0x01
+#define EBT_IP_DEST 0x02
+#define EBT_IP_TOS 0x04
+#define EBT_IP_PROTO 0x08
+#define EBT_IP_SPORT 0x10
+#define EBT_IP_DPORT 0x20
+#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
+ EBT_IP_SPORT | EBT_IP_DPORT )
+#define EBT_IP_MATCH "ip"
+
+/* the same values are used for the invflags */
+struct ebt_ip_info
+{
+ uint32_t saddr;
+ uint32_t daddr;
+ uint32_t smsk;
+ uint32_t dmsk;
+ uint8_t tos;
+ uint8_t protocol;
+ uint8_t bitmask;
+ uint8_t invflags;
+ uint16_t sport[2];
+ uint16_t dport[2];
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_limit.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_limit.h
new file mode 100644
index 0000000000..d8b65000af
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_limit.h
@@ -0,0 +1,23 @@
+#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
+#define __LINUX_BRIDGE_EBT_LIMIT_H
+
+#define EBT_LIMIT_MATCH "limit"
+
+/* timings are in milliseconds. */
+#define EBT_LIMIT_SCALE 10000
+
+/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
+ seconds, or one every 59 hours. */
+
+struct ebt_limit_info
+{
+ u_int32_t avg; /* Average secs between packets * scale */
+ u_int32_t burst; /* Period multiplier for upper limit. */
+
+ /* Used internally by the kernel */
+ unsigned long prev;
+ u_int32_t credit;
+ u_int32_t credit_cap, cost;
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_log.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_log.h
new file mode 100644
index 0000000000..df6cb18818
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_log.h
@@ -0,0 +1,18 @@
+#ifndef __LINUX_BRIDGE_EBT_LOG_H
+#define __LINUX_BRIDGE_EBT_LOG_H
+
+#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
+#define EBT_LOG_ARP 0x02
+#define EBT_LOG_FRAME 0x04
+#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_FRAME)
+#define EBT_LOG_PREFIX_SIZE 30
+#define EBT_LOG_WATCHER "log"
+
+struct ebt_log_info
+{
+ uint8_t loglevel;
+ uint8_t prefix[EBT_LOG_PREFIX_SIZE];
+ uint32_t bitmask;
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_m.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_m.h
new file mode 100644
index 0000000000..301524ff10
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_m.h
@@ -0,0 +1,15 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
+#define __LINUX_BRIDGE_EBT_MARK_M_H
+
+#define EBT_MARK_AND 0x01
+#define EBT_MARK_OR 0x02
+#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
+struct ebt_mark_m_info
+{
+ unsigned long mark, mask;
+ uint8_t invert;
+ uint8_t bitmask;
+};
+#define EBT_MARK_MATCH "mark_m"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_t.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_t.h
new file mode 100644
index 0000000000..110fec6a40
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_mark_t.h
@@ -0,0 +1,12 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
+#define __LINUX_BRIDGE_EBT_MARK_T_H
+
+struct ebt_mark_t_info
+{
+ unsigned long mark;
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+ int target;
+};
+#define EBT_MARK_TARGET "mark"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_nat.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_nat.h
new file mode 100644
index 0000000000..26fd90da4c
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_nat.h
@@ -0,0 +1,13 @@
+#ifndef __LINUX_BRIDGE_EBT_NAT_H
+#define __LINUX_BRIDGE_EBT_NAT_H
+
+struct ebt_nat_info
+{
+ unsigned char mac[ETH_ALEN];
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+ int target;
+};
+#define EBT_SNAT_TARGET "snat"
+#define EBT_DNAT_TARGET "dnat"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_pkttype.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_pkttype.h
new file mode 100644
index 0000000000..0d64bbb29c
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_pkttype.h
@@ -0,0 +1,11 @@
+#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
+#define __LINUX_BRIDGE_EBT_PKTTYPE_H
+
+struct ebt_pkttype_info
+{
+ uint8_t pkt_type;
+ uint8_t invert;
+};
+#define EBT_PKTTYPE_MATCH "pkttype"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_plc.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_plc.h
new file mode 100644
index 0000000000..f61c4598d2
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_plc.h
@@ -0,0 +1,30 @@
+#ifndef __LINUX_BRIDGE_EBT_PLC_H
+#define __LINUX_BRIDGE_EBT_PLC_H
+
+#define EBT_PLC_MATCH "plc"
+
+/* Flags representing options used in ebtables
+ * command. Stored in ebt_plc_info bitmask. */
+#define EBT_PLC_SRC 0x01
+#define EBT_PLC_DST 0x02
+#define EBT_PLC_SRC_UNKNOWN 0x04
+#define EBT_PLC_DST_UNKNOWN 0x08
+#define EBT_PLC_MASK (EBT_PLC_SRC | EBT_PLC_DST | EBT_PLC_SRC_UNKNOWN | EBT_PLC_DST_UNKNOWN)
+
+#define GET_PLC_SRC(bitmask) ((bitmask) & EBT_PLC_SRC)
+#define GET_PLC_DST(bitmask) ((bitmask) & EBT_PLC_DST)
+#define GET_PLC_SRC_UNKNOWN(bitmask) ((bitmask) & EBT_PLC_SRC_UNKNOWN)
+#define GET_PLC_DST_UNKNOWN(bitmask) ((bitmask) & EBT_PLC_DST_UNKNOWN)
+
+#define SET_PLC_SRC(bitmask) ((bitmask) |= EBT_PLC_SRC)
+#define SET_PLC_DST(bitmask) ((bitmask) |= EBT_PLC_DST)
+#define SET_PLC_SRC_UNKNOWN(bitmask) ((bitmask) |= EBT_PLC_SRC_UNKNOWN)
+#define SET_PLC_DST_UNKNOWN(bitmask) ((bitmask) |= EBT_PLC_DST_UNKNOWN)
+
+struct ebt_plc_info {
+ uint8_t src_addr[ETH_ALEN];
+ uint8_t dst_addr[ETH_ALEN];
+ uint8_t bitmask;
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_redirect.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_redirect.h
new file mode 100644
index 0000000000..5c67990fce
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_redirect.h
@@ -0,0 +1,11 @@
+#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
+#define __LINUX_BRIDGE_EBT_REDIRECT_H
+
+struct ebt_redirect_info
+{
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+ int target;
+};
+#define EBT_REDIRECT_TARGET "redirect"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_stp.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_stp.h
new file mode 100644
index 0000000000..e5fd67850f
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_stp.h
@@ -0,0 +1,46 @@
+#ifndef __LINUX_BRIDGE_EBT_STP_H
+#define __LINUX_BRIDGE_EBT_STP_H
+
+#define EBT_STP_TYPE 0x0001
+
+#define EBT_STP_FLAGS 0x0002
+#define EBT_STP_ROOTPRIO 0x0004
+#define EBT_STP_ROOTADDR 0x0008
+#define EBT_STP_ROOTCOST 0x0010
+#define EBT_STP_SENDERPRIO 0x0020
+#define EBT_STP_SENDERADDR 0x0040
+#define EBT_STP_PORT 0x0080
+#define EBT_STP_MSGAGE 0x0100
+#define EBT_STP_MAXAGE 0x0200
+#define EBT_STP_HELLOTIME 0x0400
+#define EBT_STP_FWDD 0x0800
+
+#define EBT_STP_MASK 0x0fff
+#define EBT_STP_CONFIG_MASK 0x0ffe
+
+#define EBT_STP_MATCH "stp"
+
+struct ebt_stp_config_info
+{
+ uint8_t flags;
+ uint16_t root_priol, root_priou;
+ char root_addr[6], root_addrmsk[6];
+ uint32_t root_costl, root_costu;
+ uint16_t sender_priol, sender_priou;
+ char sender_addr[6], sender_addrmsk[6];
+ uint16_t portl, portu;
+ uint16_t msg_agel, msg_ageu;
+ uint16_t max_agel, max_ageu;
+ uint16_t hello_timel, hello_timeu;
+ uint16_t forward_delayl, forward_delayu;
+};
+
+struct ebt_stp_info
+{
+ uint8_t type;
+ struct ebt_stp_config_info config;
+ uint16_t bitmask;
+ uint16_t invflags;
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan.h
new file mode 100644
index 0000000000..8964c8f5bc
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan.h
@@ -0,0 +1,24 @@
+#ifndef __LINUX_BRIDGE_EBT_VLAN_H
+#define __LINUX_BRIDGE_EBT_VLAN_H
+
+#define EBT_VLAN_ID 0x01
+#define EBT_VLAN_PRIO 0x02
+#define EBT_VLAN_ENCAP 0x04
+#define EBT_VLAN_TOS 0x08
+#define EBT_VLAN_IP_PROTO 0x10
+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP | EBT_VLAN_TOS | EBT_VLAN_IP_PROTO)
+#define EBT_VLAN_MATCH "vlan"
+
+struct ebt_vlan_info {
+ uint16_t id; /* VLAN ID {1-4095} */
+ uint8_t prio; /* VLAN User Priority {0-7} */
+ uint16_t encap; /* VLAN Encapsulated frame code {0-65535} */
+ uint8_t tos; /* VLAN IP tos {0-255} */
+ uint8_t ip_proto; /* VLAN IP protocol {0-255} */
+ uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg,
+ bit 2=1 User-Priority arg, bit 3=1 encap*/
+ uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
+ bit 2=1 - inversed Pirority arg */
+};
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan_t.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan_t.h
new file mode 100644
index 0000000000..bb5b74110e
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebt_vlan_t.h
@@ -0,0 +1,18 @@
+#ifndef __LINUX_BRIDGE_EBT_VLAN_T_H
+#define __LINUX_BRIDGE_EBT_VLAN_T_H
+
+#define EBT_VLAN_ACTION_DECAPS 0x01
+#define EBT_VLAN_ACTION_ENCAPS_PRIO 0x02
+#define EBT_VLAN_ACTION_ENCAPS_VID 0x04
+
+struct ebt_vlan_t_info
+{
+ unsigned long vid;
+ unsigned long prio;
+ unsigned int action;
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+ int target;
+};
+#define EBT_VLAN_TARGET "vlan"
+
+#endif
diff --git a/polux/application/ebtables/include/linux/netfilter_bridge/ebtables.h b/polux/application/ebtables/include/linux/netfilter_bridge/ebtables.h
new file mode 100644
index 0000000000..1eac563c12
--- /dev/null
+++ b/polux/application/ebtables/include/linux/netfilter_bridge/ebtables.h
@@ -0,0 +1,272 @@
+/*
+ * ebtables
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * ebtables.c,v 2.0, April, 2002
+ *
+ * This code is stongly inspired on the iptables code which is
+ * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
+ */
+
+/* Local copy of the kernel file, needed for Sparc64 support */
+#ifndef __LINUX_BRIDGE_EFF_H
+#define __LINUX_BRIDGE_EFF_H
+#include <linux/if.h>
+#include <linux/netfilter_bridge.h>
+#include <linux/if_ether.h>
+
+#define EBT_TABLE_MAXNAMELEN 32
+#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+
+/* verdicts >0 are "branches" */
+#define EBT_ACCEPT -1
+#define EBT_DROP -2
+#define EBT_CONTINUE -3
+#define EBT_RETURN -4
+#define NUM_STANDARD_TARGETS 4
+
+struct ebt_counter
+{
+ uint64_t pcnt;
+ uint64_t bcnt;
+};
+
+struct ebt_replace
+{
+ char name[EBT_TABLE_MAXNAMELEN];
+ unsigned int valid_hooks;
+ /* nr of rules in the table */
+ unsigned int nentries;
+ /* total size of the entries */
+ unsigned int entries_size;
+ /* start of the chains */
+#ifdef KERNEL_64_USERSPACE_32
+ uint64_t hook_entry[NF_BR_NUMHOOKS];
+#else
+ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
+#endif
+ /* nr of counters userspace expects back */
+ unsigned int num_counters;
+ /* where the kernel will put the old counters */
+#ifdef KERNEL_64_USERSPACE_32
+ uint64_t counters;
+ uint64_t entries;
+#else
+ struct ebt_counter *counters;
+ char *entries;
+#endif
+};
+
+struct ebt_entries {
+ /* this field is always set to zero
+ * See EBT_ENTRY_OR_ENTRIES.
+ * Must be same size as ebt_entry.bitmask */
+ unsigned int distinguisher;
+ /* the chain name */
+ char name[EBT_CHAIN_MAXNAMELEN];
+ /* counter offset for this chain */
+ unsigned int counter_offset;
+ /* one standard (accept, drop, return) per hook */
+ int policy;
+ /* nr. of entries */
+ unsigned int nentries;
+ /* entry list */
+ char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+/* used for the bitmask of struct ebt_entry */
+
+/* This is a hack to make a difference between an ebt_entry struct and an
+ * ebt_entries struct when traversing the entries from start to end.
+ * Using this simplifies the code alot, while still being able to use
+ * ebt_entries.
+ * Contrary, iptables doesn't use something like ebt_entries and therefore uses
+ * different techniques for naming the policy and such. So, iptables doesn't
+ * need a hack like this.
+ */
+#define EBT_ENTRY_OR_ENTRIES 0x01
+/* these are the normal masks */
+#define EBT_NOPROTO 0x02
+#define EBT_802_3 0x04
+#define EBT_SOURCEMAC 0x08
+#define EBT_DESTMAC 0x10
+#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
+ | EBT_ENTRY_OR_ENTRIES)
+
+#define EBT_IPROTO 0x01
+#define EBT_IIN 0x02
+#define EBT_IOUT 0x04
+#define EBT_ISOURCE 0x8
+#define EBT_IDEST 0x10
+#define EBT_ILOGICALIN 0x20
+#define EBT_ILOGICALOUT 0x40
+#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
+ | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
+
+struct ebt_entry_match
+{
+ union {
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ struct ebt_match *match;
+ } u;
+ /* size of data */
+ unsigned int match_size;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+struct ebt_entry_watcher
+{
+ union {
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ struct ebt_watcher *watcher;
+ } u;
+ /* size of data */
+ unsigned int watcher_size;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+struct ebt_entry_target
+{
+ union {
+ char name[EBT_FUNCTION_MAXNAMELEN];
+ struct ebt_target *target;
+ } u;
+ /* size of data */
+ unsigned int target_size;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+#define EBT_STANDARD_TARGET "standard"
+struct ebt_standard_target
+{
+ struct ebt_entry_target target;
+ int verdict;
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned int pad;
+#endif
+};
+
+/* one entry */
+struct ebt_entry {
+ /* this needs to be the first field */
+ unsigned int bitmask;
+ unsigned int invflags;
+ uint16_t ethproto;
+ /* the physical in-dev */
+ char in[IFNAMSIZ];
+ /* the logical in-dev */
+ char logical_in[IFNAMSIZ];
+ /* the physical out-dev */
+ char out[IFNAMSIZ];
+ /* the logical out-dev */
+ char logical_out[IFNAMSIZ];
+ unsigned char sourcemac[ETH_ALEN];
+ unsigned char sourcemsk[ETH_ALEN];
+ unsigned char destmac[ETH_ALEN];
+ unsigned char destmsk[ETH_ALEN];
+ /* sizeof ebt_entry + matches */
+ unsigned int watchers_offset;
+ /* sizeof ebt_entry + matches + watchers */
+ unsigned int target_offset;
+ /* sizeof ebt_entry + matches + watchers + target */
+ unsigned int next_offset;
+ unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+
+/* {g,s}etsockopt numbers */
+#define EBT_BASE_CTL 128
+
+#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
+#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
+#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
+
+#define EBT_SO_GET_INFO (EBT_BASE_CTL)
+#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
+#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
+#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
+#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
+
+/* blatently stolen from ip_tables.h
+ * fn returns 0 to continue iteration */
+#define EBT_MATCH_ITERATE(e, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct ebt_entry_match *__match; \
+ \
+ for (__i = sizeof(struct ebt_entry); \
+ __i < (e)->watchers_offset; \
+ __i += __match->match_size + \
+ sizeof(struct ebt_entry_match)) { \
+ __match = (void *)(e) + __i; \
+ \
+ __ret = fn(__match , ## args); \
+ if (__ret != 0) \
+ break; \
+ } \
+ if (__ret == 0) { \
+ if (__i != (e)->watchers_offset) \
+ __ret = -EINVAL; \
+ } \
+ __ret; \
+})
+
+#define EBT_WATCHER_ITERATE(e, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct ebt_entry_watcher *__watcher; \
+ \
+ for (__i = e->watchers_offset; \
+ __i < (e)->target_offset; \
+ __i += __watcher->watcher_size + \
+ sizeof(struct ebt_entry_watcher)) { \
+ __watcher = (void *)(e) + __i; \
+ \
+ __ret = fn(__watcher , ## args); \
+ if (__ret != 0) \
+ break; \
+ } \
+ if (__ret == 0) { \
+ if (__i != (e)->target_offset) \
+ __ret = -EINVAL; \
+ } \
+ __ret; \
+})
+
+#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct ebt_entry *__entry; \
+ \
+ for (__i = 0; __i < (size);) { \
+ __entry = (void *)(entries) + __i; \
+ __ret = fn(__entry , ## args); \
+ if (__ret != 0) \
+ break; \
+ if (__entry->bitmask != 0) \
+ __i += __entry->next_offset; \
+ else \
+ __i += sizeof(struct ebt_entries); \
+ } \
+ if (__ret == 0) { \
+ if (__i != (size)) \
+ __ret = -EINVAL; \
+ } \
+ __ret; \
+})
+
+#endif