xref: /linux/include/uapi/linux/netfilter_bridge/ebt_among.h (revision 4f2c0a4acffbec01079c28f839422e64ddeff004)
1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 #ifndef __LINUX_BRIDGE_EBT_AMONG_H
3 #define __LINUX_BRIDGE_EBT_AMONG_H
4 
5 #include <linux/types.h>
6 
7 #define EBT_AMONG_DST 0x01
8 #define EBT_AMONG_SRC 0x02
9 
10 /* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
11  *
12  * Write-once-read-many hash table, used for checking if a given
13  * MAC address belongs to a set or not and possibly for checking
14  * if it is related with a given IPv4 address.
15  *
16  * The hash value of an address is its last byte.
17  *
18  * In real-world ethernet addresses, values of the last byte are
19  * evenly distributed and there is no need to consider other bytes.
20  * It would only slow the routines down.
21  *
22  * For MAC address comparison speedup reasons, we introduce a trick.
23  * MAC address is mapped onto an array of two 32-bit integers.
24  * This pair of integers is compared with MAC addresses in the
25  * hash table, which are stored also in form of pairs of integers
26  * (in `cmp' array). This is quick as it requires only two elementary
27  * number comparisons in worst case. Further, we take advantage of
28  * fact that entropy of 3 last bytes of address is larger than entropy
29  * of 3 first bytes. So first we compare 4 last bytes of addresses and
30  * if they are the same we compare 2 first.
31  *
32  * Yes, it is a memory overhead, but in 2003 AD, who cares?
33  */
34 
35 struct ebt_mac_wormhash_tuple {
36 	__u32 cmp[2];
37 	__be32 ip;
38 };
39 
40 struct ebt_mac_wormhash {
41 	int table[257];
42 	int poolsize;
43 	struct ebt_mac_wormhash_tuple pool[];
44 };
45 
46 #define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
47 		+ (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
48 
49 struct ebt_among_info {
50 	int wh_dst_ofs;
51 	int wh_src_ofs;
52 	int bitmask;
53 };
54 
55 #define EBT_AMONG_DST_NEG 0x1
56 #define EBT_AMONG_SRC_NEG 0x2
57 
58 #define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
59 	(struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
60 #define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
61 	(struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
62 
63 #define EBT_AMONG_MATCH "among"
64 
65 #endif
66