From 02337b53dbd41d7094d74696ce129fb9ffce50b1 Mon Sep 17 00:00:00 2001
From: Bart De Schuymer <bdschuym@pandora.be>
Date: Sun, 7 Jul 2002 10:23:46 +0000
Subject: *** empty log message ***

---
 .../ebtables-v2.0_vs_2.4.18.pre10.001.diff         | 418 +++++++++++++++++++++
 1 file changed, 418 insertions(+)
 create mode 100644 kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre10.001.diff

(limited to 'kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre10.001.diff')

diff --git a/kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre10.001.diff b/kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre10.001.diff
new file mode 100644
index 0000000..d84488e
--- /dev/null
+++ b/kernel/patches/incremental-patches/ebtables-v2.0_vs_2.4.18.pre10.001.diff
@@ -0,0 +1,418 @@
+--- ebt2.0pre9/net/bridge/netfilter/ebt_vlan.c	Thu Jun 27 19:11:50 2002
++++ ebt2.0pre10.001/net/bridge/netfilter/ebt_vlan.c	Sat Jul  6 10:52:44 2002
+@@ -1,120 +1,284 @@
+ /*
+- *  ebt_vlan kernelspace
+- *
+- *      Authors:
+- *      Bart De Schuymer <bart.de.schuymer@pandora.be>
+- *      Nick Fedchik <nick@fedchik.org.ua>
+- *
+- *      June, 2002
++ * Description: EBTables 802.1Q match extension kernelspace module.
++ * Authors: Nick Fedchik <nick@fedchik.org.ua>
++ *          Bart De Schuymer <bart.de.schuymer@pandora.be>
++ *    
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ * 
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *  
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+  */
+ 
+-#include <linux/netfilter_bridge/ebtables.h>
+-#include <linux/netfilter_bridge/ebt_vlan.h>
+-#include <linux/if_vlan.h>
+ #include <linux/if_ether.h>
++#include <linux/if_vlan.h>
+ #include <linux/module.h>
++#include <linux/netfilter_bridge/ebtables.h>
++#include <linux/netfilter_bridge/ebt_vlan.h>
+ 
+ static unsigned char debug;
++#define MODULE_VERSION "0.4 (" __DATE__ " " __TIME__ ")"
++
+ MODULE_PARM (debug, "0-1b");
+ MODULE_PARM_DESC (debug, "debug=1 is turn on debug messages");
++MODULE_AUTHOR ("Nick Fedchik <nick@fedchik.org.ua>");
++MODULE_DESCRIPTION ("802.1Q match module (ebtables extension), v"
++		    MODULE_VERSION);
++MODULE_LICENSE ("GPL");
++
+ 
+-#define MODULE_VERSION "0.2"
++#define DEBUG_MSG(...) if (debug) printk (KERN_DEBUG __FILE__ ":" __FUNCTION__ ": "  __VA_ARGS__)
++#define INV_FLAG(_inv_flag_) (infostuff->invflags & _inv_flag_) ? "!" : ""
++#define GET_BITMASK(_BIT_MASK_) infostuff->bitmask & _BIT_MASK_
++#define SET_BITMASK(_BIT_MASK_) infostuff->bitmask |= _BIT_MASK_
++#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) if (!((infostuff->_MATCH_ == _MATCH_)^!!(infostuff->invflags & _MASK_))) return 1;
+ 
+-static int ebt_filter_vlan (const struct sk_buff *skb,
+-			    const struct net_device *in,
+-			    const struct net_device *out,
+-			    const void *data,
+-			    unsigned int datalen,
+-			    const struct ebt_counter *c)
++/*
++ * Function description: ebt_filter_vlan() is main engine for 
++ * checking passed 802.1Q frame according to 
++ * the passed extension parameters (in the *data buffer)
++ * ebt_filter_vlan() is called after successfull check the rule params
++ * by ebt_check_vlan() function.
++ * Parameters:
++ * const struct sk_buff *skb - pointer to passed ethernet frame buffer
++ * const void *data - pointer to passed extension parameters
++ * unsigned int datalen - length of passed *data buffer
++ * const struct net_device *in  -
++ * const struct net_device *out -
++ * const struct ebt_counter *c -
++ * Returned values:
++ * 0 - ok (all rule params matched)
++ * 1 - miss (rule params not acceptable to the parsed frame)
++ */
++static int
++ebt_filter_vlan (const struct sk_buff *skb,
++		 const struct net_device *in,
++		 const struct net_device *out,
++		 const void *data,
++		 unsigned int datalen, const struct ebt_counter *c)
+ {
+-	struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data;
+-	struct vlan_ethhdr *vlanethhdr =
+-	    (struct vlan_ethhdr *) skb->mac.raw;
+-	unsigned short v_id;
+-	unsigned short v_prio;
+-	unsigned short v_TCI;
+-
+-	/*
+-	 * Calculate 802.1Q VLAN ID and user_priority from 
+-	 * Tag Control Information (TCI) field.
+-	 * Reserved one bit (13) for CFI (Canonical Format Indicator)
+-	 */
+-	v_TCI = ntohs (vlanethhdr->h_vlan_TCI);
+-	v_id = v_TCI & 0xFFF;
+-	v_prio = v_TCI >> 13;
+-
+-	/*
+-	 * Checking VLANs 
+-	 */
+-	if (infostuff->bitmask & EBT_VLAN_ID) {	/* Is VLAN ID parsed? */
+-		if (!((infostuff->id == v_id)
+-		      ^ !!(infostuff->invflags & EBT_VLAN_ID)))
+-			return 1;
+-		if (debug)
+-			printk (KERN_DEBUG
+-				"ebt_vlan: matched ID=%s%d (mask=%X)\n",
+-				(infostuff->
+-				 invflags & EBT_VLAN_ID) ? "!" : "",
+-				infostuff->id, infostuff->bitmask);
+-	}
+-	/*
+-	 * Checking User Priority 
+-	 */
+-	if (infostuff->bitmask & EBT_VLAN_PRIO) {	/* Is VLAN Prio parsed? */
+-		if (!((infostuff->prio == v_prio)
+-		      ^ !!(infostuff->invflags & EBT_VLAN_PRIO)))
+-			return 1;	/* missed */
+-		if (debug)
+-			printk (KERN_DEBUG
+-				"ebt_vlan: matched Prio=%s%d (mask=%X)\n",
+-				(infostuff->
+-				 invflags & EBT_VLAN_PRIO) ? "!" : "",
+-				infostuff->prio, infostuff->bitmask);
+-	}
+-	/*
+-	 * Checking for Encapsulated proto
+-	 */
+-	if (infostuff->bitmask & EBT_VLAN_ENCAP) {	/* Is VLAN Encap parsed? */
+-		if (!
+-		    ((infostuff->encap ==
+-		      vlanethhdr->h_vlan_encapsulated_proto)
+-		     ^ !!(infostuff->invflags & EBT_VLAN_ENCAP)))
+-			return 1;	/* missed */
+-		if (debug)
+-			printk (KERN_DEBUG
+-				"ebt_vlan: matched encap=%s%2.4X (mask=%X)\n",
+-				(infostuff->
+-				 invflags & EBT_VLAN_ENCAP) ? "!" : "",
+-				ntohs (infostuff->encap),
+-				infostuff->bitmask);
+-	}
++	struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data;	/* userspace data */
++	struct vlan_ethhdr *frame = (struct vlan_ethhdr *) skb->mac.raw;	/* Passed tagged frame */
++
++	unsigned short TCI;	/* Whole TCI, given from parsed frame */
++	unsigned short id;	/* VLAN ID, given from frame TCI */
++	unsigned char prio;	/* user_priority, given from frame TCI */
++	unsigned short encap;	/* VLAN encapsulated Type/Length field, given from orig frame */
+ 
+ 	/*
+-	 * rule matched 
++	 * Tag Control Information (TCI) consists of the following elements:
++	 * - User_priority. This field allows the tagged frame to carry user_priority
++	 * information across Bridged LANs in which individual LAN segments may be unable to signal
++	 * priority information (e.g., 802.3/Ethernet segments). 
++	 * The user_priority field is three bits in length, 
++	 * interpreted as a binary number. The user_priority is therefore
++	 * capable of representing eight priority levels, 0 through 7. 
++	 * The use and interpretation of this field is defined in ISO/IEC 15802-3.
++	 * - Canonical Format Indicator (CFI). This field is used,
++	 * in 802.3/Ethernet, to signal the presence or absence
++	 * of a RIF field, and, in combination with the Non-canonical Format Indicator (NCFI) carried
++	 * in the RIF, to signal the bit order of address information carried in the encapsulated
++	 * frame. The Canonical Format Indicator (CFI) is a single bit flag value.
++	 * - VLAN Identifier (VID). This field uniquely identifies the VLAN to
++	 * which the frame belongs. The twelve-bit VLAN Identifier (VID) field 
++	 * uniquely identify the VLAN to which the frame belongs. 
++	 * The VID is encoded as an unsigned binary number. 
++	 */
++	TCI = ntohs (frame->h_vlan_TCI);
++	id = TCI & 0xFFF;
++	prio = TCI >> 13;
++	encap = frame->h_vlan_encapsulated_proto;
++
++	/*
++	 * First step is to check is null VLAN ID present
++	 * in the parsed frame
++	 */
++	if (!(id)) {
++		/*
++		 * Checking VLAN Identifier (VID)
++		 */
++		if (GET_BITMASK (EBT_VLAN_ID)) {	/* Is VLAN ID parsed? */
++			EXIT_ON_MISMATCH (id, EBT_VLAN_ID);
++			DEBUG_MSG
++			    ("matched rule id=%s%d for frame id=%d\n",
++			     INV_FLAG (EBT_VLAN_ID), infostuff->id, id);
++		}
++	} else {
++		/*
++		 * Checking user_priority
++		 */
++		if (GET_BITMASK (EBT_VLAN_PRIO)) {	/* Is VLAN user_priority parsed? */
++			EXIT_ON_MISMATCH (prio, EBT_VLAN_PRIO);
++			DEBUG_MSG
++			    ("matched rule prio=%s%d for frame prio=%d\n",
++			     INV_FLAG (EBT_VLAN_PRIO), infostuff->prio,
++			     prio);
++		}
++	}
++	/*
++	 * Checking Encapsulated Proto (Length/Type) field
++	 */
++	if (GET_BITMASK (EBT_VLAN_ENCAP)) {	/* Is VLAN Encap parsed? */
++		EXIT_ON_MISMATCH (encap, EBT_VLAN_ENCAP);
++		DEBUG_MSG ("matched encap=%s%2.4X for frame encap=%2.4X\n",
++			   INV_FLAG (EBT_VLAN_ENCAP),
++			   ntohs (infostuff->encap), ntohs (encap));
++	}
++	/*
++	 * All possible extension parameters was parsed.
++	 * If rule never returned by missmatch, then all ok.
+ 	 */
+ 	return 0;
+ }
+ 
+ /*
+- * ebt_vlan_check() is called when userspace delivers the table to the kernel, 
+- * * it is called to check that userspace doesn't give a bad table.
++ * Function description: ebt_vlan_check() is called when userspace 
++ * delivers the table to the kernel, 
++ * and to check that userspace doesn't give a bad table.
++ * Parameters:
++ * const char *tablename - table name string
++ * unsigned int hooknr - hook number
++ * const struct ebt_entry *e - ebtables entry basic set
++ * const void *data - pointer to passed extension parameters
++ * unsigned int datalen - length of passed *data buffer
++ * Returned values:
++ * 0 - ok (all delivered rule params are correct)
++ * 1 - miss (rule params is out of range, invalid, incompatible, etc.)
+  */
+-static int ebt_vlan_check (const char *tablename, unsigned int hookmask,
+-			   const struct ebt_entry *e, void *data,
+-			   unsigned int datalen)
++static int
++ebt_check_vlan (const char *tablename,
++		unsigned int hooknr,
++		const struct ebt_entry *e, void *data,
++		unsigned int datalen)
+ {
+ 	struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data;
+ 
+-	if (datalen != sizeof (struct ebt_vlan_info))
++	/*
++	 * Parameters buffer overflow check 
++	 */
++	if (datalen != sizeof (struct ebt_vlan_info)) {
++		DEBUG_MSG
++		    ("params size %d is not eq to ebt_vlan_info (%d)\n",
++		     datalen, sizeof (struct ebt_vlan_info));
+ 		return -EINVAL;
++	}
+ 
+-	if (e->ethproto != __constant_htons (ETH_P_8021Q))
++	/*
++	 * Is it 802.1Q frame checked?
++	 */
++	if (e->ethproto != __constant_htons (ETH_P_8021Q)) {
++		DEBUG_MSG ("passed frame %2.4X is not 802.1Q (8100)\n",
++			   (unsigned short) ntohs (e->ethproto));
+ 		return -EINVAL;
++	}
+ 
++	/*
++	 * Check for bitmask range 
++	 * True if even one bit is out of mask
++	 */
+ 	if (infostuff->bitmask & ~EBT_VLAN_MASK) {
++		DEBUG_MSG ("bitmask %2X is out of mask (%2X)\n",
++			   infostuff->bitmask, EBT_VLAN_MASK);
++		return -EINVAL;
++	}
++
++	/*
++	 * Check for inversion flags range 
++	 */
++	if (infostuff->invflags & ~EBT_VLAN_MASK) {
++		DEBUG_MSG ("inversion flags %2X is out of mask (%2X)\n",
++			   infostuff->invflags, EBT_VLAN_MASK);
+ 		return -EINVAL;
+ 	}
+ 
++	/*
++	 * Reserved VLAN ID (VID) values
++	 * -----------------------------
++	 * 0 - The null VLAN ID. Indicates that the tag header contains only user_priority information;
++	 * no VLAN identifier is present in the frame. This VID value shall not be
++	 * configured as a PVID, configured in any Filtering Database entry, or used in any
++	 * Management operation.
++	 * 
++	 * 1 - The default Port VID (PVID) value used for classifying frames on ingress through a Bridge
++	 * Port. The PVID value can be changed by management on a per-Port basis.
++	 * 
++	 * 0x0FFF - Reserved for implementation use. This VID value shall not be configured as a
++	 * PVID or transmitted in a tag header.
++	 * 
++	 * The remaining values of VID are available for general use as VLAN identifiers.
++	 * A Bridge may implement the ability to support less than the full range of VID values; 
++	 * i.e., for a given implementation,
++	 * an upper limit, N, is defined for the VID values supported, where N is less than or equal to 4094.
++	 * All implementations shall support the use of all VID values in the range 0 through their defined maximum
++	 * VID, N.
++	 * 
++	 * For Linux, N = 4094.
++	 */
++	if (GET_BITMASK (EBT_VLAN_ID)) {	/* when vlan-id param was spec-ed */
++		if (!!infostuff->id) {	/* if id!=0 => check vid range */
++			if (infostuff->id > 4094) {	/* check if id > than (0x0FFE) */
++				DEBUG_MSG
++				    ("vlan id %d is out of range (1-4094)\n",
++				     infostuff->id);
++				return -EINVAL;
++			}
++			/*
++			 * Note: This is valid VLAN-tagged frame point.
++			 * Any value of user_priority are acceptable, but could be ignored
++			 * according to 802.1Q Std.
++			 */
++		} else {
++			/*
++			 * if id=0 (null VLAN ID)  => Check for user_priority range 
++			 */
++			if (GET_BITMASK (EBT_VLAN_PRIO)) {
++				if ((unsigned char) infostuff->prio > 7) {
++					DEBUG_MSG
++					    ("prio %d is out of range (0-7)\n",
++					     infostuff->prio);
++					return -EINVAL;
++				}
++			}
++			/*
++			 * Note2: This is valid priority-tagged frame point
++			 * with null VID field.
++			 */
++		}
++	} else {		/* VLAN Id not set */
++		if (GET_BITMASK (EBT_VLAN_PRIO)) {	/* But user_priority is set - abnormal! */
++			infostuff->id = 0;	/* Set null VID (case for Priority-tagged frames) */
++			SET_BITMASK (EBT_VLAN_ID);	/* and set id flag */
++		}
++	}
++	/*
++	 * Check for encapsulated proto range - it is possible to be any value for u_short range.
++	 * When relaying a tagged frame between 802.3/Ethernet MACs, 
++	 * a Bridge may adjust the padding field such that
++	 * the minimum size of a transmitted tagged frame is 68 octets (7.2).
++	 * if_ether.h:  ETH_ZLEN        60   -  Min. octets in frame sans FCS
++	 */
++	if (GET_BITMASK (EBT_VLAN_ENCAP)) {
++		if ((unsigned short) ntohs (infostuff->encap) < ETH_ZLEN) {
++			DEBUG_MSG
++			    ("encap packet length %d is less than minimal %d\n",
++			     ntohs (infostuff->encap), ETH_ZLEN);
++			return -EINVAL;
++		}
++	}
++
++	/*
++	 * Otherwise is all correct 
++	 */
++	DEBUG_MSG ("802.1Q tagged frame checked (%s table, %d hook)\n",
++		   tablename, hooknr);
+ 	return 0;
+ }
+ 
+@@ -122,22 +286,27 @@
+ 	{NULL, NULL},
+ 	EBT_VLAN_MATCH,
+ 	ebt_filter_vlan,
+-	ebt_vlan_check,
++	ebt_check_vlan,
+ 	NULL,
+ 	THIS_MODULE
+ };
+ 
++/*
++ * Module initialization function.
++ * Called when module is loaded to kernelspace
++ */
+ static int __init init (void)
+ {
+-	printk (KERN_INFO
+-		"ebt_vlan: 802.1Q VLAN matching module for EBTables "
+-		MODULE_VERSION "\n");
+-	if (debug)
+-		printk (KERN_DEBUG
+-			"ebt_vlan: 802.1Q rule matching debug is on\n");
++	DEBUG_MSG ("ebtables 802.1Q extension module v"
++		   MODULE_VERSION "\n");
++	DEBUG_MSG ("module debug=%d\n", !!debug);
+ 	return ebt_register_match (&filter_vlan);
+ }
+ 
++/*
++ * Module "finalization" function
++ * Called when download module from kernelspace
++ */
+ static void __exit fini (void)
+ {
+ 	ebt_unregister_match (&filter_vlan);
+@@ -145,8 +314,5 @@
+ 
+ module_init (init);
+ module_exit (fini);
++
+ EXPORT_NO_SYMBOLS;
+-MODULE_AUTHOR ("Nick Fedchik <nick@fedchik.org.ua>");
+-MODULE_DESCRIPTION ("802.1Q VLAN matching module for ebtables, v"
+-		    MODULE_VERSION);
+-MODULE_LICENSE ("GPL");
-- 
cgit v1.2.3