doxygen/html/net__pkt__filter_8h_source.html

/*

 * Copyright (c) 2021 BayLibre SAS

 *

 * SPDX-License-Identifier: Apache-2.0

 */


#ifndef ZEPHYR_INCLUDE_NET_PKT_FILTER_H_

#define ZEPHYR_INCLUDE_NET_PKT_FILTER_H_


#include <limits.h>

#include <stdbool.h>

#include <sys/slist.h>

#include <net/net_core.h>

#include <net/ethernet.h>


#ifdef __cplusplus

extern "C" {

#endif


struct npf_test;


typedef bool (npf_test_fn_t)(struct npf_test *test, struct net_pkt *pkt);


struct npf_test {

        npf_test_fn_t *fn;

};


struct npf_rule {

        sys_snode_t node;

        enum net_verdict result;

        uint32_t nb_tests;

        struct npf_test *tests[];

};


extern struct npf_rule npf_default_ok;

extern struct npf_rule npf_default_drop;


struct npf_rule_list {

        sys_slist_t rule_head;

        struct k_spinlock lock;

};


extern struct npf_rule_list npf_send_rules;

extern struct npf_rule_list npf_recv_rules;


void npf_insert_rule(struct npf_rule_list *rules, struct npf_rule *rule);


void npf_append_rule(struct npf_rule_list *rules, struct npf_rule *rule);


bool npf_remove_rule(struct npf_rule_list *rules, struct npf_rule *rule);


bool npf_remove_all_rules(struct npf_rule_list *rules);


/* convenience shortcuts */

#define npf_insert_send_rule(rule) npf_insert_rule(&npf_send_rules, rule)

#define npf_insert_recv_rule(rule) npf_insert_rule(&npf_recv_rules, rule)

#define npf_append_send_rule(rule) npf_append_rule(&npf_send_rules, rule)

#define npf_append_recv_rule(rule) npf_append_rule(&npf_recv_rules, rule)

#define npf_remove_send_rule(rule) npf_remove_rule(&npf_send_rules, rule)

#define npf_remove_recv_rule(rule) npf_remove_rule(&npf_recv_rules, rule)

#define npf_remove_all_send_rules() npf_remove_all_rules(&npf_send_rules)

#define npf_remove_all_recv_rules() npf_remove_all_rules(&npf_recv_rules)


#define NPF_RULE(_name, _result, ...) \

        struct npf_rule _name = { \

                .result = (_result), \

                .nb_tests = NUM_VA_ARGS_LESS_1(__VA_ARGS__) + 1, \

                .tests = { FOR_EACH(Z_NPF_TEST_ADDR, (,), __VA_ARGS__) }, \

        }


#define Z_NPF_TEST_ADDR(arg) &arg.test


struct npf_test_iface {

        struct npf_test test;

        struct net_if *iface;

};


extern npf_test_fn_t npf_iface_match;

extern npf_test_fn_t npf_iface_unmatch;

extern npf_test_fn_t npf_orig_iface_match;

extern npf_test_fn_t npf_orig_iface_unmatch;


#define NPF_IFACE_MATCH(_name, _iface) \

        struct npf_test_iface _name = { \

                .iface = (_iface), \

                .test.fn = npf_iface_match, \

        }


#define NPF_IFACE_UNMATCH(_name, _iface) \

        struct npf_test_iface _name = { \

                .iface = (_iface), \

                .test.fn = npf_iface_unmatch, \

        }


#define NPF_ORIG_IFACE_MATCH(_name, _iface) \

        struct npf_test_iface _name = { \

                .iface = (_iface), \

                .test.fn = npf_orig_iface_match, \

        }


#define NPF_ORIG_IFACE_UNMATCH(_name, _iface) \

        struct npf_test_iface _name = { \

                .iface = (_iface), \

                .test.fn = npf_orig_iface_unmatch, \

        }


struct npf_test_size_bounds {

        struct npf_test test;

        size_t min;

        size_t max;

};


extern npf_test_fn_t npf_size_inbounds;


#define NPF_SIZE_MIN(_name, _size) \

        struct npf_test_size_bounds _name = { \

                .min = (_size), \

                .max = SIZE_MAX, \

                .test.fn = npf_size_inbounds, \

        }


#define NPF_SIZE_MAX(_name, _size) \

        struct npf_test_size_bounds _name = { \

                .min = 0, \

                .max = (_size), \

                .test.fn = npf_size_inbounds, \

        }


#define NPF_SIZE_BOUNDS(_name, _min_size, _max_size) \

        struct npf_test_size_bounds _name = { \

                .min = (_min_size), \

                .max = (_max_size), \

                .test.fn = npf_size_inbounds, \

        }


struct npf_test_eth_addr {

        struct npf_test test;

        unsigned int nb_addresses;

        struct net_eth_addr *addresses;

        struct net_eth_addr mask;

};


extern npf_test_fn_t npf_eth_src_addr_match;

extern npf_test_fn_t npf_eth_src_addr_unmatch;

extern npf_test_fn_t npf_eth_dst_addr_match;

extern npf_test_fn_t npf_eth_dst_addr_unmatch;


#define NPF_ETH_SRC_ADDR_MATCH(_name, _addr_array) \

        struct npf_test_eth_addr _name = { \

                .addresses = (_addr_array), \

                .nb_addresses = ARRAY_SIZE(_addr_array), \

                .test.fn = npf_eth_src_addr_match, \

                .mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \

        }


#define NPF_ETH_SRC_ADDR_UNMATCH(_name, _addr_array) \

        struct npf_test_eth_addr _name = { \

                .addresses = (_addr_array), \

                .nb_addresses = ARRAY_SIZE(_addr_array), \

                .test.fn = npf_eth_src_addr_unmatch, \

                .mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \

        }


#define NPF_ETH_DST_ADDR_MATCH(_name, _addr_array) \

        struct npf_test_eth_addr _name = { \

                .addresses = (_addr_array), \

                .nb_addresses = ARRAY_SIZE(_addr_array), \

                .test.fn = npf_eth_dst_addr_match, \

                .mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \

        }


#define NPF_ETH_DST_ADDR_UNMATCH(_name, _addr_array) \

        struct npf_test_eth_addr _name = { \

                .addresses = (_addr_array), \

                .nb_addresses = ARRAY_SIZE(_addr_array), \

                .test.fn = npf_eth_dst_addr_unmatch, \

                .mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \

        }


#define NPF_ETH_SRC_ADDR_MASK_MATCH(_name, _addr_array, ...) \

        struct npf_test_eth_addr _name = { \

                .addresses = (_addr_array), \

                .nb_addresses = ARRAY_SIZE(_addr_array), \

                .mask.addr = { __VA_ARGS__ }, \

                .test.fn = npf_eth_src_addr_match, \

        }


#define NPF_ETH_DST_ADDR_MASK_MATCH(_name, _addr_array, ...) \

        struct npf_test_eth_addr _name = { \

                .addresses = (_addr_array), \

                .nb_addresses = ARRAY_SIZE(_addr_array), \

                .mask.addr = { __VA_ARGS__ }, \

                .test.fn = npf_eth_dst_addr_match, \

        }


struct npf_test_eth_type {

        struct npf_test test;

        uint16_t type;                  /* type in network order */

};


extern npf_test_fn_t npf_eth_type_match;

extern npf_test_fn_t npf_eth_type_unmatch;


#define NPF_ETH_TYPE_MATCH(_name, _type) \

        struct npf_test_eth_type _name = { \

                .type = htons(_type), \

                .test.fn = npf_eth_type_match, \

        }


#define NPF_ETH_TYPE_UNMATCH(_name, _type) \

        struct npf_test_eth_type _name = { \

                .type = htons(_type), \

                .test.fn = npf_eth_type_unmatch, \

        }


#ifdef __cplusplus

}

#endif


#endif /* ZEPHYR_INCLUDE_NET_PKT_FILTER_H_ */

ethernet.h
Ethernet.

net_verdict
net_verdict
Net Verdict.
Definition: net_core.h:97

npf_insert_rule
void npf_insert_rule(struct npf_rule_list *rules, struct npf_rule *rule)
Insert a rule at the front of given rule list.

npf_remove_rule
bool npf_remove_rule(struct npf_rule_list *rules, struct npf_rule *rule)
Remove a rule from the given rule list.

npf_remove_all_rules
bool npf_remove_all_rules(struct npf_rule_list *rules)
Remove all rules from the given rule list.

npf_send_rules
struct npf_rule_list npf_send_rules
rule list applied to outgoing packets

npf_default_drop
struct npf_rule npf_default_drop
Default rule list termination for rejecting a packet.

npf_recv_rules
struct npf_rule_list npf_recv_rules
rule list applied to incoming packets

npf_default_ok
struct npf_rule npf_default_ok
Default rule list termination for accepting a packet.

npf_append_rule
void npf_append_rule(struct npf_rule_list *rules, struct npf_rule *rule)
Append a rule at the end of given rule list.

limits.h

net_core.h
Network core definitions.

slist.h
Single-linked list implementation.

sys_slist_t
struct _slist sys_slist_t
Definition: slist.h:40

sys_snode_t
struct _snode sys_snode_t
Definition: slist.h:33

stdbool.h

bool
#define bool
Definition: stdbool.h:13

uint32_t
__UINT32_TYPE__ uint32_t
Definition: stdint.h:60

uint16_t
__UINT16_TYPE__ uint16_t
Definition: stdint.h:59

k_spinlock
Kernel Spin Lock.
Definition: spinlock.h:42

net_if
Network Interface structure.
Definition: net_if.h:468

net_pkt
Network packet.
Definition: net_pkt.h:62

npf_rule_list
rule set for a given test location
Definition: net_pkt_filter.h:61

npf_rule_list::rule_head
sys_slist_t rule_head
Definition: net_pkt_filter.h:62

npf_rule_list::lock
struct k_spinlock lock
Definition: net_pkt_filter.h:63

npf_rule
filter rule structure
Definition: net_pkt_filter.h:48

npf_rule::nb_tests
uint32_t nb_tests
Definition: net_pkt_filter.h:51

npf_rule::tests
struct npf_test * tests[]
Definition: net_pkt_filter.h:52

npf_rule::result
enum net_verdict result
Definition: net_pkt_filter.h:50

npf_rule::node
sys_snode_t node
Definition: net_pkt_filter.h:49

npf_test
common filter test structure to be embedded into larger structures
Definition: net_pkt_filter.h:43

npf_test::fn
npf_test_fn_t * fn
Definition: net_pkt_filter.h:44
	Zephyr API Documentation 3.0.0 A Scalable Open Source RTOS
3.0.0