diff options
Diffstat (limited to 'kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre3.002.diff')
| -rw-r--r-- | kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre3.002.diff | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre3.002.diff b/kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre3.002.diff new file mode 100644 index 0000000..7fb0399 --- /dev/null +++ b/kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre3.002.diff @@ -0,0 +1,66 @@ +* Add logical bridge in/out device filtering support +* Be more paranoid about the given userspace device names + +--- linux/net/bridge/netfilter/ebtables.c Fri Apr 19 21:48:59 2002 ++++ ebt2.0pre3.002/net/bridge/netfilter/ebtables.c Fri Apr 19 23:21:22 2002 +@@ -30,6 +30,8 @@ + #include <asm/uaccess.h> + #include <linux/smp.h> + #include <net/sock.h> ++// needed for logical [in,out]-dev filtering ++#include "../br_private.h" + + // list_named_find + #define ASSERT_READ_LOCK(x) +@@ -115,6 +117,11 @@ + (point->bitmask & EBT_802_3), EBT_IPROTO) ) + && FWINV(!ebt_dev_check((char *)(point->in), in), EBT_IIN) + && FWINV(!ebt_dev_check((char *)(point->out), out), EBT_IOUT) ++ && ((!in || !in->br_port) ? 1 : FWINV(!ebt_dev_check((char *) ++ (point->logical_in), &in->br_port->br->dev), EBT_ILOGICALIN)) ++ && ((!out || !out->br_port) ? 1 : ++ FWINV(!ebt_dev_check((char *) ++ (point->logical_out), &out->br_port->br->dev), EBT_ILOGICALOUT)) + ) { + if ( (point->bitmask & EBT_SOURCEMAC) && + FWINV(!!memcmp(point->sourcemac, +@@ -363,6 +370,10 @@ + BUGPRINT("NOPROTO & 802_3 not allowed\n"); + return -EINVAL; + } ++ e->in[IFNAMSIZ - 1] = '\0'; ++ e->out[IFNAMSIZ - 1] = '\0'; ++ e->logical_in[IFNAMSIZ - 1] = '\0'; ++ e->logical_out[IFNAMSIZ - 1] = '\0'; + // what hook do we belong to? + for (i = 0; i < NF_BR_NUMHOOKS; i++) { + if ((valid_hooks & (1 << i)) == 0) +--- linux/include/linux/netfilter_bridge/ebtables.h Fri Apr 19 21:48:59 2002 ++++ ebt2.0pre3.002/include/linux/netfilter_bridge/ebtables.h Fri Apr 19 21:06:25 2002 +@@ -71,7 +71,10 @@ + #define EBT_IOUT 0x04 + #define EBT_ISOURCE 0x8 + #define EBT_IDEST 0x10 +-#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ISOURCE | EBT_IDEST) ++#define EBT_ILOGICALIN 0x20 ++#define EBT_ILOGICALOUT 0x40 ++#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \ ++ | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST) + + struct ebt_counter + { +@@ -124,8 +127,14 @@ + __u32 bitmask; + __u32 invflags; + __u16 ethproto; ++ // the physical in-dev + __u8 in[IFNAMSIZ]; ++ // the logical in-dev ++ __u8 logical_in[IFNAMSIZ]; ++ // the physical out-dev + __u8 out[IFNAMSIZ]; ++ // the logical out-dev ++ __u8 logical_out[IFNAMSIZ]; + __u8 sourcemac[ETH_ALEN]; + __u8 destmac[ETH_ALEN]; + // sizeof ebt_entry + matches |