From d891e9e5bc309d5aeb2ab774c76b34a92085b3e7 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sat, 1 Jun 2002 19:23:47 +0000 Subject: Initial revision --- .../incremental-patches/ebtables-v2.0pre2.002.diff | 2204 ++++++++++++++++++++ 1 file changed, 2204 insertions(+) create mode 100644 userspace/patches/incremental-patches/ebtables-v2.0pre2.002.diff (limited to 'userspace/patches/incremental-patches/ebtables-v2.0pre2.002.diff') diff --git a/userspace/patches/incremental-patches/ebtables-v2.0pre2.002.diff b/userspace/patches/incremental-patches/ebtables-v2.0pre2.002.diff new file mode 100644 index 0000000..c638367 --- /dev/null +++ b/userspace/patches/incremental-patches/ebtables-v2.0pre2.002.diff @@ -0,0 +1,2204 @@ +This is a big patch. +Hope I didn't break anything. + +--- ebtables-v2.0pre2.001/Makefile Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/Makefile Thu Apr 11 18:38:47 2002 +@@ -2,8 +2,7 @@ + + KERNEL_DIR?=/usr/src/linux + PROGNAME:=ebtables +-PROGVERSION:="2.0pre1 (April 2002)" +- ++PROGVERSION:="2.0pre2.001 (April 2002)" + + MANDIR?=/usr/local/man + CFLAGS:=-Wall -Wunused +--- ebtables-v2.0pre2.001/ebtables.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/ebtables.c Wed Apr 10 22:46:27 2002 +@@ -34,7 +34,8 @@ + #include + #include "include/ebtables_u.h" + +-// here are the number-name correspondences kept for the ethernet frame type field ++// here are the number-name correspondences kept for the ethernet ++// frame type field + #define PROTOCOLFILE "/etc/etherproto" + + #define DATABASEHOOKNR NF_BR_NUMHOOKS +@@ -81,27 +82,28 @@ + + // yup, all the possible target names + char* standard_targets[NUM_STANDARD_TARGETS] = { +- "ACCEPT" , ++ "ACCEPT", + "DROP", + "CONTINUE", + }; + + // tells what happened to the old rules +-unsigned short *counterchanges; ++static unsigned short *counterchanges; + // holds all the data +-struct ebt_u_replace replace; ++static struct ebt_u_replace replace; + + // the chosen table +-struct ebt_u_table *table = NULL; ++static struct ebt_u_table *table = NULL; + // the lists of supported tables, matches, watchers and targets +-struct ebt_u_table *tables = NULL; +-struct ebt_u_match *matches = NULL; +-struct ebt_u_watcher *watchers = NULL; +-struct ebt_u_target *targets = NULL; ++static struct ebt_u_table *tables = NULL; ++static struct ebt_u_match *matches = NULL; ++static struct ebt_u_watcher *watchers = NULL; ++static struct ebt_u_target *targets = NULL; + + struct ebt_u_target *find_target(const char *name) + { + struct ebt_u_target *t = targets; ++ + while(t && strcmp(t->name, name)) + t = t->next; + return t; +@@ -110,6 +112,7 @@ + struct ebt_u_match *find_match(const char *name) + { + struct ebt_u_match *m = matches; ++ + while(m && strcmp(m->name, name)) + m = m->next; + return m; +@@ -118,6 +121,7 @@ + struct ebt_u_watcher *find_watcher(const char *name) + { + struct ebt_u_watcher *w = watchers; ++ + while(w && strcmp(w->name, name)) + w = w->next; + return w; +@@ -126,17 +130,18 @@ + struct ebt_u_table *find_table(char *name) + { + struct ebt_u_table *t = tables; ++ + while (t && strcmp(t->name, name)) + t = t->next; + return t; + } + +-// the pointers in here are special: +-// the struct ebt_target * pointer is actually a struct ebt_u_target * pointer +-// instead of making yet a few other structs, we just do a cast +-// we need a struct ebt_u_target pointer because we know the address of the data they +-// point to won't change. We want to allow that the struct ebt_u_target.t member can +-// change. ++// The pointers in here are special: ++// The struct ebt_target * pointer is actually a struct ebt_u_target * pointer. ++// instead of making yet a few other structs, we just do a cast. ++// We need a struct ebt_u_target pointer because we know the address of the data ++// they point to won't change. We want to allow that the struct ebt_u_target.t ++// member can change. + // Same holds for the struct ebt_match and struct ebt_watcher pointers + struct ebt_u_entry *new_entry; + +@@ -149,13 +154,14 @@ + strcpy(e->out, ""); + e->m_list = NULL; + e->w_list = NULL; +- // the init function of the standard target should have put the verdict on CONTINUE ++ // the init function of the standard target should have put the verdict ++ // on CONTINUE + e->t = (struct ebt_entry_target *)find_target(EBT_STANDARD_TARGET); + if (!e->t) + print_bug("Couldn't load standard target\n"); + } + +-// this doesn't free e, basically becoz it's lazy ++// this doesn't free e, becoz the calling function might need e->next + void free_u_entry(struct ebt_u_entry *e) + { + struct ebt_u_match_list *m_l, *m_l2; +@@ -178,6 +184,40 @@ + free(e->t); + } + ++// the user will use the match, so put it in new_entry ++static void add_match(struct ebt_u_match *m) ++{ ++ struct ebt_u_match_list **m_list, *new; ++ ++ m->used = 1; ++ for (m_list = &new_entry->m_list; ++ *m_list; m_list = &(*m_list)->next); ++ new = (struct ebt_u_match_list *) ++ malloc(sizeof(struct ebt_u_match_list)); ++ if (!new) ++ print_memory(); ++ *m_list = new; ++ new->next = NULL; ++ new->m = (struct ebt_entry_match *)m; ++} ++ ++static void add_watcher(struct ebt_u_watcher *w) ++{ ++ struct ebt_u_watcher_list **w_list; ++ struct ebt_u_watcher_list *new; ++ ++ w->used = 1; ++ for (w_list = &new_entry->w_list; ++ *w_list; w_list = &(*w_list)->next); ++ new = (struct ebt_u_watcher_list *) ++ malloc(sizeof(struct ebt_u_watcher_list)); ++ if (!new) ++ print_memory(); ++ *w_list = new; ++ new->next = NULL; ++ new->w = (struct ebt_entry_watcher *)w; ++} ++ + static int global_option_offset = 0; + #define OPTION_OFFSET 256 + static struct option * +@@ -196,6 +236,8 @@ + *options_offset = global_option_offset; + + merge = malloc(sizeof(struct option) * (num_new + num_old + 1)); ++ if (!merge) ++ print_memory(); + memcpy(merge, oldopts, num_old * sizeof(struct option)); + for (i = 0; i < num_new; i++) { + merge[num_old + i] = newopts[i]; +@@ -219,7 +261,8 @@ + print_memory(); + strcpy(m->m->u.name, m->name); + m->m->match_size = size; +- ebt_options = merge_options(ebt_options, m->extra_ops, &(m->option_offset)); ++ ebt_options = merge_options ++ (ebt_options, m->extra_ops, &(m->option_offset)); + m->init(m->m); + + for (i = &matches; *i; i = &((*i)->next)); +@@ -237,7 +280,8 @@ + print_memory(); + strcpy(w->w->u.name, w->name); + w->w->watcher_size = size; +- ebt_options = merge_options(ebt_options, w->extra_ops, &(w->option_offset)); ++ ebt_options = merge_options ++ (ebt_options, w->extra_ops, &(w->option_offset)); + w->init(w->w); + + for (i = &watchers; *i; i = &((*i)->next)); +@@ -255,7 +299,8 @@ + print_memory(); + strcpy(t->t->u.name, t->name); + t->t->target_size = size; +- ebt_options = merge_options(ebt_options, t->extra_ops, &(t->option_offset)); ++ ebt_options = merge_options ++ (ebt_options, t->extra_ops, &(t->option_offset)); + t->init(t->t); + for (i = &targets; *i; i = &((*i)->next)); + t->next = NULL; +@@ -292,7 +337,7 @@ + return 0; + } + +-/* helper function: processes a line of data from the file brebt_protocolnames */ ++// helper function: processes a line of data from the file /etc/etherproto + int get_a_line(char *buffer, char *value, FILE *ifp) + { + int i, hlp; +@@ -314,7 +359,7 @@ + + // buffer[0] already contains the first letter + for (i = 1; i < 21; i++) { +- hlp = fscanf(ifp, "%c", buffer+i); ++ hlp = fscanf(ifp, "%c", buffer + i); + if (hlp == EOF || hlp == 0) return -1; + if (buffer[i] == '\t' || buffer[i] == ' ') + break; +@@ -327,7 +372,8 @@ + // buffer[0] already contains the first letter + for (i = 1; i < 5; i++) { + hlp = fscanf(ifp, "%c", value+i); +- if (value[i] == '\n' || value[i] == '\t' || value[i] == ' ' || hlp == EOF) ++ if (value[i] == '\n' || value[i] == '\t' || ++ value[i] == ' ' || hlp == EOF) + break; + } + if (i == 5) return -1; +@@ -342,7 +388,7 @@ + return 0; + } + +-/* helper function for list_em() */ ++// helper function for list_em() + int number_to_name(unsigned short proto, char *name) + { + FILE *ifp; +@@ -363,13 +409,12 @@ + fclose(ifp); + return 0; + } +- return -1; + } + +-/* helper function for list_rules() */ ++// helper function for list_rules() + static void list_em(int hooknr) + { +- int i, space = 0; ++ int i, j, space = 0, digits; + struct ebt_u_entry *hlp; + struct ebt_u_match_list *m_l; + struct ebt_u_watcher_list *w_l; +@@ -379,7 +424,8 @@ + char name[21]; + + hlp = replace.hook_entry[hooknr]->entries; +- printf("\nBridge chain: %s\nPolicy: %s\n", hooknames[hooknr], standard_targets[(int)(replace.hook_entry[hooknr]->policy)]); ++ printf("\nBridge chain: %s\nPolicy: %s\n", hooknames[hooknr], ++ standard_targets[replace.hook_entry[hooknr]->policy]); + printf("nr. of entries: %d \n", replace.hook_entry[hooknr]->nentries); + + i = replace.hook_entry[hooknr]->nentries; +@@ -389,19 +435,18 @@ + } + + for (i = 0; i < replace.hook_entry[hooknr]->nentries; i++) { +- int j = i + 1, space2 = 0; +- // a little work to get nice rule numbers +- // this can probably be done easier - so what ++ digits = 0; ++ // A little work to get nice rule numbers. + while (j > 9) { +- space2++; ++ digits++; + j /= 10; + } +- for (j = 0; j < space - space2; j++) ++ for (j = 0; j < space - digits; j++) + printf(" "); + printf("%d. ", i + 1); + +- // don't print anything about the protocol if no protocol was specified +- // obviously this means any protocol will do ++ // Don't print anything about the protocol if no protocol was ++ // specified, obviously this means any protocol will do. + if (!(hlp->bitmask & EBT_NOPROTO)) { + printf("eth proto: "); + if (hlp->invflags & EBT_IPROTO) +@@ -416,20 +461,20 @@ + } + } + if (hlp->bitmask & EBT_SOURCEMAC) { +- int j; + printf("source mac: "); + if (hlp->invflags & EBT_ISOURCE) + printf("! "); + for (j = 0; j < ETH_ALEN; j++) +- printf("%02x%s", hlp->sourcemac[j], (j == ETH_ALEN - 1) ? ", " : ":"); ++ printf("%02x%s", hlp->sourcemac[j], ++ (j == ETH_ALEN - 1) ? ", " : ":"); + } + if (hlp->bitmask & EBT_DESTMAC) { +- int j; + printf("dest mac: "); + if (hlp->invflags & EBT_IDEST) + printf("! "); + for (j = 0; j < ETH_ALEN; j++) +- printf("%02x%s", hlp->destmac[j], (j == ETH_ALEN - 1) ? ", " : ":"); ++ printf("%02x%s", hlp->destmac[j], ++ (j == ETH_ALEN - 1) ? ", " : ":"); + } + if (hlp->in[0] != '\0') { + if (hlp->invflags & EBT_IIN) +@@ -462,9 +507,10 @@ + printf("target: "); + t = find_target(hlp->t->u.name); + if (!t) +- print_error("Target not found."); ++ print_bug("Target not found"); + t->print(hlp, hlp->t); +- printf(", count = %llu", replace.counters[replace.counter_entry[hooknr] + i].pcnt); ++ printf(", count = %llu", ++ replace.counters[replace.counter_entry[hooknr] + i].pcnt); + printf("\n"); + hlp = hlp->next; + } +@@ -492,30 +538,30 @@ + struct ebt_u_watcher_list *w_l; + + printf( +- "%s v%s\n" +- "Usage:\n" +- "ebtables -[ADI] chain rule-specification [options]\n" +- "ebtables -P chain target\n" +- "ebtables -[LFZ] [chain]\n" +- "ebtables -[b] [y,n]\n" +- "Commands:\n" +- "--append -A chain : Append to chain\n" +- "--delete -D chain : Delete matching rule from chain\n" +- "--delete -D chain rulenum : Delete rule at position rulenum from chain\n" +- "--insert -I chain rulenum : insert rule at position rulenum in chain\n" +- "--list -L [chain] : List the rules in a chain or in all chains\n" +- "--list -L "DATABASEHOOKNAME" : List the database (if present)\n" +- "--flush -F [chain] : Delete all rules in chain or in all chains\n" +- "--zero -Z [chain] : Put counters on zero in chain or in all chains\n" +- "--policy -P chain target : Change policy on chain to target\n" +- "Options:\n" +- "--proto -p [!] proto : protocol hexadecimal, by name or LENGTH\n" +- "--src -s [!] address : source mac address\n" +- "--dst -d [!] address : destination mac address\n" +- "--in-if -i [!] name : network input interface name\n" +- "--out-if -o [!] name : network output interface name\n" +- "--version -V : print package version\n" +- "\n" , ++"%s v%s\n" ++"Usage:\n" ++"ebtables -[ADI] chain rule-specification [options]\n" ++"ebtables -P chain target\n" ++"ebtables -[LFZ] [chain]\n" ++"ebtables -[b] [y,n]\n" ++"Commands:\n" ++"--append -A chain : Append to chain\n" ++"--delete -D chain : Delete matching rule from chain\n" ++"--delete -D chain rulenum : Delete rule at position rulenum from chain\n" ++"--insert -I chain rulenum : insert rule at position rulenum in chain\n" ++"--list -L [chain] : List the rules in a chain or in all chains\n" ++"--list -L "DATABASEHOOKNAME" : List the database (if present)\n" ++"--flush -F [chain] : Delete all rules in chain or in all chains\n" ++"--zero -Z [chain] : Put counters on zero in chain or in all chains\n" ++"--policy -P chain target : Change policy on chain to target\n" ++"Options:\n" ++"--proto -p [!] proto : protocol hexadecimal, by name or LENGTH\n" ++"--src -s [!] address : source mac address\n" ++"--dst -d [!] address : destination mac address\n" ++"--in-if -i [!] name : network input interface name\n" ++"--out-if -o [!] name : network output interface name\n" ++"--version -V : print package version\n" ++"\n" , + prog_name, + prog_version); + +@@ -538,7 +584,7 @@ + exit(0); + } + +-/* execute command L */ ++// execute command L + static void list_rules() + { + int i; +@@ -563,7 +609,8 @@ + replace.num_counters = replace.nentries; + if (replace.nentries) { + // '+ 1' for the CNT_END +- if ( !(counterchanges = (unsigned short *)malloc((replace.nentries + 1) * sizeof(unsigned short))) ) ++ if (!(counterchanges = (unsigned short *) malloc( ++ (replace.nentries + 1) * sizeof(unsigned short)))) + print_memory(); + // done nothing special to the rules + for (i = 0; i < replace.nentries; i++) +@@ -611,12 +658,14 @@ + if (replace.hook_entry[replace.selected_hook]->nentries == 0) + exit(0); + oldnentries = replace.nentries; +- replace.nentries = replace.nentries - replace.hook_entry[replace.selected_hook]->nentries; ++ replace.nentries = replace.nentries - ++ replace.hook_entry[replace.selected_hook]->nentries; + + // delete the counters belonging to the specified chain + if (replace.nentries) { + // +1 for CNT_END +- if ( !(counterchanges = (unsigned short *)malloc((oldnentries + 1) * sizeof(unsigned short))) ) ++ if ( !(counterchanges = (unsigned short *) ++ malloc((oldnentries + 1) * sizeof(unsigned short))) ) + print_memory(); + cnt = counterchanges; + for (i = 0; i < NF_BR_NUMHOOKS; i++) { +@@ -660,23 +709,31 @@ + + // handle '-D chain rulenr' command + if (rule_nr != -1) { +- if (rule_nr > replace.hook_entry[replace.selected_hook]->nentries) ++ if (rule_nr > ++ replace.hook_entry[replace.selected_hook]->nentries) + return 0; ++ // user starts counting from 1 + return rule_nr - 1; + } + u_e = replace.hook_entry[replace.selected_hook]->entries; +- // check for an existing rule (if there are duplicate rules, take the first occurance) +- for (i = 0; i < replace.hook_entry[replace.selected_hook]->nentries; i++, u_e = u_e->next) { ++ // check for an existing rule (if there are duplicate rules, ++ // take the first occurance) ++ for (i = 0; i < replace.hook_entry[replace.selected_hook]->nentries; ++ i++, u_e = u_e->next) { + if (!u_e) + print_bug("Hmm, trouble"); + if ( u_e->ethproto == new_entry->ethproto +- && !strncmp(u_e->in, new_entry->in, IFNAMSIZ) +- && !strncmp(u_e->out, new_entry->out, IFNAMSIZ) && u_e->bitmask == new_entry->bitmask) { +- if (new_entry->bitmask & EBT_SOURCEMAC && strncmp(u_e->sourcemac, new_entry->sourcemac, ETH_ALEN)) ++ && !strcmp(u_e->in, new_entry->in) ++ && !strcmp(u_e->out, new_entry->out) ++ && u_e->bitmask == new_entry->bitmask) { ++ if (new_entry->bitmask & EBT_SOURCEMAC && ++ strcmp(u_e->sourcemac, new_entry->sourcemac)) + continue; +- if (new_entry->bitmask & EBT_DESTMAC && strncmp(u_e->destmac, new_entry->destmac, ETH_ALEN)) ++ if (new_entry->bitmask & EBT_DESTMAC && ++ strcmp(u_e->destmac, new_entry->destmac)) + continue; +- if (new_entry->bitmask != u_e->bitmask || new_entry->invflags != u_e->invflags) ++ if (new_entry->bitmask != u_e->bitmask || ++ new_entry->invflags != u_e->invflags) + continue; + // compare all matches + m_l = new_entry->m_list; +@@ -684,7 +741,8 @@ + while (m_l) { + m = (struct ebt_u_match *)(m_l->m); + m_l2 = u_e->m_list; +- while (m_l2 && strcmp(m_l2->m->u.name, m->m->u.name)) ++ while (m_l2 && ++ strcmp(m_l2->m->u.name, m->m->u.name)) + m_l2 = m_l2->next; + if (!m_l2 || !m->compare(m->m, m_l2->m)) + goto letscontinue; +@@ -707,7 +765,8 @@ + while (w_l) { + w = (struct ebt_u_watcher *)(w_l->w); + w_l2 = u_e->w_list; +- while (w_l2 && strcmp(w_l2->w->u.name, w->w->u.name)) ++ while (w_l2 && ++ strcmp(w_l2->w->u.name, w->w->u.name)) + w_l2 = w_l2->next; + if (!w_l2 || !w->compare(w->w, w_l2->w)) + goto letscontinue; +@@ -743,8 +802,10 @@ + struct ebt_u_watcher_list *w_l; + + if (rule_nr != -1) { // command -I +- if (--rule_nr > replace.hook_entry[replace.selected_hook]->nentries) +- print_error("rule nr too high: %d > %d.", rule_nr, replace.hook_entry[replace.selected_hook]->nentries); ++ if (--rule_nr > ++ replace.hook_entry[replace.selected_hook]->nentries) ++ print_error("rule nr too high: %d > %d", rule_nr, ++ replace.hook_entry[replace.selected_hook]->nentries); + } else + rule_nr = replace.hook_entry[replace.selected_hook]->nentries; + // we're adding one rule +@@ -754,7 +815,8 @@ + + // handle counter stuff + // +1 for CNT_END +- if ( !(counterchanges = (unsigned short *)malloc((replace.nentries + 1) * sizeof(unsigned short))) ) ++ if ( !(counterchanges = (unsigned short *) ++ malloc((replace.nentries + 1) * sizeof(unsigned short))) ) + print_memory(); + cnt = counterchanges; + for (i = 0; i < replace.selected_hook; i++) { +@@ -813,7 +875,7 @@ + struct ebt_u_entry *u_e, *u_e2; + + if ( (i = check_rule_exists(rule_nr)) == -1 ) +- print_error("Sorry, rule does not exists."); ++ print_error("Sorry, rule does not exists"); + + // we're deleting a rule + replace.num_counters = replace.nentries; +@@ -827,7 +889,8 @@ + } + lentmp += i; + // +1 for CNT_END +- if ( !(counterchanges = (unsigned short *)malloc((replace.num_counters + 1) * sizeof(unsigned short))) ) ++ if ( !(counterchanges = (unsigned short *)malloc( ++ (replace.num_counters + 1) * sizeof(unsigned short))) ) + print_memory(); + cnt = counterchanges; + for (j = 0; j < lentmp; j++) { +@@ -871,8 +934,8 @@ + + if (zerochain == -1) { + // tell main() we don't update the counters +- // this results in tricking the kernel to zero his counters, naively expecting +- // userspace to update its counters. Muahahaha ++ // this results in tricking the kernel to zero his counters, ++ // naively expecting userspace to update its counters. Muahahaha + counterchanges = NULL; + replace.num_counters = 0; + } else { +@@ -881,7 +944,10 @@ + + if (replace.hook_entry[zerochain]->nentries == 0) + exit(0); +- counterchanges = (unsigned short *)malloc((replace.nentries + 1) * sizeof(unsigned short)); ++ counterchanges = (unsigned short *) ++ malloc((replace.nentries + 1) * sizeof(unsigned short)); ++ if (!counterchanges) ++ print_memory(); + cnt = counterchanges; + for (i = 0; i < zerochain; i++) { + if (!(replace.valid_hooks & (1 << i))) +@@ -915,10 +981,12 @@ + + // 0 : database disabled (-db n) + if (!(nr.nentries)) +- print_error("Database not present (disabled), try ebtables --db y."); +- (nr.nentries)--; +- if (!nr.nentries) print_error("Database empty."); +- if ( !(db = (struct brdb_dbentry *) malloc(nr.nentries * sizeof(struct brdb_dbentry))) ) ++ print_error("Database not present" ++ " (disabled), try ebtables --db y"); ++ nr.nentries--; ++ if (!nr.nentries) print_error("Database empty"); ++ if ( !(db = (struct brdb_dbentry *) ++ malloc(nr.nentries * sizeof(struct brdb_dbentry))) ) + print_memory(); + + get_db(nr.nentries, db); +@@ -931,7 +999,7 @@ + "out-if : %s\n" + "protocol: ", i + 1, hooknames[db->hook], db->in, db->out); + if (db->ethproto == IDENTIFY802_3) +- printf("NO PROTO, OLD 802.3 STYLE LENGTH FIELD\n"); ++ printf("802.2/802.3 STYLE LENGTH FIELD\n"); + else { + if (number_to_name(ntohs(db->ethproto), name)) + printf("%x\n",ntohs(db->ethproto)); +@@ -943,13 +1011,13 @@ + exit(0); + } + +-// handle counter and db disabling and enabling ++// handle db [dis,en]abling + static void allowdb(char yorn) + { + __u16 decision; + + if (yorn != 'y' && yorn != 'n') +- print_error("Option [y] or [n] needed."); ++ print_error("Option [y] or [n] needed"); + + if (yorn == 'y') + decision = BRDB_DB; +@@ -980,7 +1048,8 @@ + if (strcasecmp(buffer, name)) + continue; + i = (unsigned short) strtol(value, &bfr, 16); +- if (*bfr != '\0') return -1; ++ if (*bfr != '\0') ++ return -1; + new_entry->ethproto = i; + fclose(ifp); + return 0; +@@ -1022,7 +1091,7 @@ + void check_option(unsigned int *flags, unsigned int mask) + { + if (*flags & mask) +- print_error("Multiple use of same option not allowed."); ++ print_error("Multiple use of same option not allowed"); + *flags |= mask; + } + +@@ -1040,17 +1109,21 @@ + { + char *buffer, allowbc = 'n'; + int c, i; +- int zerochain = -1; // this special one for the -Z option (we can have -Z -L ) ++ // this special one for the -Z option (we can have -Z -L ) ++ int zerochain = -1; + int policy = -1; + int rule_nr = -1;// used for -D chain number + struct ebt_u_target *t; ++ struct ebt_u_match *m; ++ struct ebt_u_watcher *w; ++ struct ebt_u_match_list *m_l; ++ struct ebt_u_watcher_list *w_l; + +- // initialize the table name, OPT_ flags and selected hook ++ // initialize the table name, OPT_ flags, selected hook and command + strcpy(replace.name, "filter"); + replace.flags = 0; + replace.selected_hook = -1; + replace.command = 'h'; +- // execute the _init functions of the extensions + + new_entry = (struct ebt_u_entry *)malloc(sizeof(struct ebt_u_entry)); + if (!new_entry) +@@ -1059,7 +1132,8 @@ + initialize_entry(new_entry); + + // getopt saves the day +- while ((c = getopt_long(argc, argv, "-A:D:I:L::Z::F::P:Vhi:o:j:p:b:s:d:t:", ebt_options, NULL)) != -1) { ++ while ((c = getopt_long(argc, argv, ++ "-A:D:I:L::Z::F::P:Vhi:o:j:p:b:s:d:t:", ebt_options, NULL)) != -1) { + switch (c) { + + case 'A': // add a rule +@@ -1068,33 +1142,39 @@ + case 'I': // insert a rule + replace.command = c; + if (replace.flags & OPT_COMMAND) +- print_error("Multiple commands not allowed."); ++ print_error("Multiple commands not allowed"); + replace.flags |= OPT_COMMAND; + if ((replace.selected_hook = get_hooknr(optarg)) == -1) +- print_error("Bad chain."); +- // '-' denotes another option, if no other option it must be the (optional) rule number +- if (c == 'D' && optind < argc && argv[optind][0] != '-') { ++ print_error("Bad chain"); ++ if (c == 'D' && optind < argc && ++ argv[optind][0] != '-') { + rule_nr = strtol(argv[optind], &buffer, 10); + if (*buffer != '\0' || rule_nr < 0) +- print_error("Problem with the specified rule number."); ++ print_error("Problem with the " ++ "specified rule number"); + optind++; + } + if (c == 'P') { + if (optind >= argc) +- print_error("No policy specified."); ++ print_error("No policy specified"); + for (i = 0; i < 2; i++) +- if (!strcmp(argv[optind], standard_targets[i])) ++ if (!strcmp(argv[optind], ++ standard_targets[i])) { + policy = i; ++ break; ++ } + if (policy == -1) +- print_error("Wrong policy."); ++ print_error("Wrong policy"); + optind++; + } + if (c == 'I') { + if (optind >= argc) +- print_error("No rulenr for -I specified."); ++ print_error("No rulenr for -I" ++ " specified"); + rule_nr = strtol(argv[optind], &buffer, 10); + if (*buffer != '\0' || rule_nr < 0) +- print_error("Problem with the specified rule number."); ++ print_error("Problem with the specified" ++ " rule number"); + optind++; + } + break; +@@ -1104,24 +1184,29 @@ + case 'Z': // zero counters + if (c == 'Z') { + if (replace.flags & OPT_ZERO) +- print_error("Multiple commands not allowed."); +- if ( (replace.flags & OPT_COMMAND && replace.command != 'L')) +- print_error("command -Z only allowed together with command -L."); ++ print_error("Multiple commands" ++ " not allowed"); ++ if ( (replace.flags & OPT_COMMAND && ++ replace.command != 'L')) ++ print_error("command -Z only allowed " ++ "together with command -L"); + replace.flags |= OPT_ZERO; + } else { + replace.command = c; + if (replace.flags & OPT_COMMAND) +- print_error("Multiple commands not allowed."); ++ print_error("Multiple commands" ++ " not allowed"); + replace.flags |= OPT_COMMAND; + } + i = -1; + if (optarg) { + if ( (i = get_hooknr(optarg)) == -1 ) +- print_error("Bad chain."); ++ print_error("Bad chain"); + } else + if (optind < argc && argv[optind][0] != '-') { +- if ( (i = get_hooknr(argv[optind])) == -1 ) +- print_error("Bad chain."); ++ if ((i = get_hooknr(argv[optind])) ++ == -1) ++ print_error("Bad chain"); + optind++; + } + if (i != -1) { +@@ -1135,47 +1220,34 @@ + case 'V': // version + replace.command = 'V'; + if (replace.flags & OPT_COMMAND) +- print_error("Multiple commands not allowed."); ++ print_error("Multiple commands not allowed"); + printf("%s, %s\n", prog_name, prog_version); + exit(0); + + case 'h': // help + if (replace.flags & OPT_COMMAND) +- print_error("Multiple commands not allowed."); ++ print_error("Multiple commands not allowed"); + replace.command = 'h'; + // All other arguments should be extension names + while (optind < argc) { + struct ebt_u_match *m; + struct ebt_u_watcher *w; + +- if ((m = find_match(argv[optind]))) { +- struct ebt_u_match_list **m_list, *new; +- +- m->used = 1; +- for (m_list = &new_entry->m_list; *m_list; m_list = &(*m_list)->next); +- new = (struct ebt_u_match_list *)malloc(sizeof(struct ebt_u_match_list)); +- if (!new) +- print_memory(); +- *m_list = new; +- new->next = NULL; +- new->m = (struct ebt_entry_match *)m; +- } else if ((w = find_watcher(argv[optind]))) { +- struct ebt_u_watcher_list **w_list, *new; +- w->used = 1; +- for (w_list = &new_entry->w_list; *w_list; w_list = &(*w_list)->next); +- new = (struct ebt_u_watcher_list *)malloc(sizeof(struct ebt_u_watcher_list)); +- if (!new) +- print_memory(); +- *w_list = new; +- new->next = NULL; +- new->w = (struct ebt_entry_watcher *)w; +- } else { ++ if ((m = find_match(argv[optind]))) ++ add_match(m); ++ else if ((w = find_watcher(argv[optind]))) ++ add_watcher(w); ++ else { + if (!(t = find_target(argv[optind]))) +- print_error("Extension %s not found.", argv[optind]); ++ print_error("Extension %s " ++ "not found", argv[optind]); + if (replace.flags & OPT_JUMP) +- print_error("Sorry, you can only see help for one target extension each time."); ++ print_error("Sorry, you can " ++ "only see help for one " ++ "target extension each time"); + replace.flags |= OPT_JUMP; +- new_entry->t = (struct ebt_entry_target *)t; ++ new_entry->t = ++ (struct ebt_entry_target *)t; + } + optind++; + } +@@ -1184,7 +1256,7 @@ + case 't': // table + check_option(&replace.flags, OPT_TABLE); + if (strlen(optarg) > EBT_TABLE_MAXNAMELEN) +- print_error("Table name too long."); ++ print_error("Table name too long"); + strcpy(replace.name, optarg); + break; + +@@ -1195,56 +1267,69 @@ + case 's': // source mac + case 'd': // destination mac + if ((replace.flags & OPT_COMMAND) == 0) +- print_error("No command specified."); +- if ( replace.command != 'A' && replace.command != 'D' && replace.command != 'I') +- print_error("Command and option do not match."); ++ print_error("No command specified"); ++ if ( replace.command != 'A' && ++ replace.command != 'D' && replace.command != 'I') ++ print_error("Command and option do not match"); + if (c == 'i') { + check_option(&replace.flags, OPT_IN); +- if (replace.selected_hook == 2) +- print_error("Use in-interface only in INPUT, FORWARD and PREROUTING chains."); ++ if (replace.selected_hook > 2) ++ print_error("Use in-interface only in " ++ "INPUT, FORWARD and PREROUTING chains"); + if (check_inverse(optarg)) + new_entry->invflags |= EBT_IIN; + + if (optind > argc) +- print_error("Missing interface argument."); ++ print_error("No in-interface " ++ "specified"); + if (strlen(argv[optind - 1]) >= IFNAMSIZ) +- print_error("Illegal interfacelength."); +- strncpy(new_entry->in, argv[optind - 1], IFNAMSIZ); ++ print_error("Illegal interfacelength"); ++ strcpy(new_entry->in, argv[optind - 1]); + break; + } + if (c == 'o') { + check_option(&replace.flags, OPT_OUT); +- if (replace.selected_hook == 0) +- print_error("Use out-interface only in OUTPUT, FORWARD and POSTROUTING chains."); ++ if (replace.selected_hook < 2) ++ print_error("Use out-interface only" ++ " in OUTPUT, FORWARD and " ++ "POSTROUTING chains"); + if (check_inverse(optarg)) + new_entry->invflags |= EBT_IOUT; + + if (optind > argc) +- print_error("Missing interface argument."); ++ print_error("No out-interface " ++ "specified"); ++ + if (strlen(argv[optind - 1]) >= IFNAMSIZ) +- print_error("Illegal interface length."); +- strncpy(new_entry->out, argv[optind - 1], IFNAMSIZ); ++ print_error("Illegal interface " ++ "length"); ++ strcpy(new_entry->out, argv[optind - 1]); + break; + } + if (c == 'j') { + + check_option(&replace.flags, OPT_JUMP); + for (i = 0; i < NUM_STANDARD_TARGETS; i++) +- if (!strcmp(optarg, standard_targets[i])) { +- t = find_target(EBT_STANDARD_TARGET); +- ((struct ebt_standard_target *)t->t)->verdict = i; ++ if (!strcmp(optarg, ++ standard_targets[i])) { ++ t = find_target( ++ EBT_STANDARD_TARGET); ++ ((struct ebt_standard_target *) ++ t->t)->verdict = i; + break; + } + // must be an extension then + if (i == NUM_STANDARD_TARGETS) { + struct ebt_u_target *t; + t = find_target(optarg); +- if (!t) +- print_error("Illegal target name."); +- new_entry->t = (struct ebt_entry_target *)t; +- } else +- ((struct ebt_standard_target *)(((struct ebt_u_target *)new_entry->t)->t))->verdict = i; +- ++ // -j standard not allowed either ++ if (!t || t == ++ (struct ebt_u_target *)new_entry->t) ++ print_error("Illegal target " ++ "name"); ++ new_entry->t = ++ (struct ebt_entry_target *)t; ++ } + break; + } + if (c == 's') { +@@ -1253,9 +1338,12 @@ + new_entry->invflags |= EBT_ISOURCE; + + if (optind > argc) +- print_error("Missing source mac argument."); +- if (getmac(argv[optind - 1], new_entry->sourcemac)) +- print_error("Problem with specified source mac."); ++ print_error("No source mac " ++ "specified"); ++ if (getmac(argv[optind - 1], ++ new_entry->sourcemac)) ++ print_error("Problem with specified " ++ "source mac"); + new_entry->bitmask |= EBT_SOURCEMAC; + break; + } +@@ -1265,9 +1353,12 @@ + new_entry->invflags |= EBT_IDEST; + + if (optind > argc) +- print_error("Missing destination mac argument."); +- if (getmac(argv[optind - 1], new_entry->destmac)) +- print_error("Problem with specified destination mac."); ++ print_error("No destination mac " ++ "specified"); ++ if (getmac(argv[optind - 1], ++ new_entry->destmac)) ++ print_error("Problem with specified " ++ "destination mac"); + new_entry->bitmask |= EBT_DESTMAC; + break; + } +@@ -1276,22 +1367,26 @@ + new_entry->invflags |= EBT_IPROTO; + + if (optind > argc) +- print_error("Missing protocol argument."); ++ print_error("No protocol specified"); + new_entry->bitmask &= ~((unsigned int)EBT_NOPROTO); + i = strtol(argv[optind - 1], &buffer, 16); + if (*buffer == '\0' && (i < 0 || i > 0xFFFF)) +- print_error("Problem with the specified protocol."); ++ print_error("Problem with the specified " ++ "protocol"); + new_entry->ethproto = i; + if (*buffer != '\0') + if (name_to_protocol(argv[optind - 1]) == -1) +- print_error("Problem with the specified protocol."); +- if (new_entry->ethproto < 1536 && !(new_entry->bitmask & EBT_802_3)) +- print_error("Sorry, protocols have values above or equal to 1536 (0x0600)."); ++ print_error("Problem with the specified" ++ " protocol"); ++ if (new_entry->ethproto < 1536 && ++ !(new_entry->bitmask & EBT_802_3)) ++ print_error("Sorry, protocols have values above" ++ " or equal to 1536 (0x0600)"); + break; + + case 'b': // allow database? + if (replace.flags & OPT_COMMAND) +- print_error("Multiple commands not allowed."); ++ print_error("Multiple commands not allowed"); + replace.command = c; + allowbc = *optarg; + break; +@@ -1300,49 +1395,32 @@ + + // is it a target option? + t = (struct ebt_u_target *)new_entry->t; +- if (!(t->parse(c - t->option_offset, argv, argc, new_entry, &t->flags, &t->t))) { +- struct ebt_u_match *m; +- +- // is it a match_option? +- for (m = matches; m; m = m->next) +- if (m->parse(c - m->option_offset, argv, argc, new_entry, &m->flags, &m->m)) +- break; ++ if ((t->parse(c - t->option_offset, argv, argc, ++ new_entry, &t->flags, &t->t))) ++ continue; + +- if (m == NULL) { +- struct ebt_u_watcher *w; ++ // is it a match_option? ++ for (m = matches; m; m = m->next) ++ if (m->parse(c - m->option_offset, argv, ++ argc, new_entry, &m->flags, &m->m)) ++ break; + +- // is it a watcher option? +- for (w = watchers; w; w = w->next) +- if (w->parse(c - w->option_offset, argv, argc, new_entry, &w->flags, &w->w)) +- break; +- +- if (w == NULL) +- print_error("Unknown argument."); +- if (w->used == 0) { +- struct ebt_u_watcher_list **w_list, *new; +- w->used = 1; +- for (w_list = &new_entry->w_list; *w_list; w_list = &(*w_list)->next); +- new = (struct ebt_u_watcher_list *)malloc(sizeof(struct ebt_u_watcher_list)); +- if (!new) +- print_memory(); +- *w_list = new; +- new->next = NULL; +- new->w = (struct ebt_entry_watcher *)w; +- } +- } else { +- if (m->used == 0) { +- struct ebt_u_match_list **m_list, *new; +- m->used = 1; +- for (m_list = &new_entry->m_list; *m_list; m_list = &(*m_list)->next); +- new = (struct ebt_u_match_list *)malloc(sizeof(struct ebt_u_match_list)); +- if (!new) +- print_memory(); +- *m_list = new; +- new->next = NULL; +- new->m = (struct ebt_entry_match *)m; +- } +- } ++ if (m != NULL) { ++ if (m->used == 0) ++ add_match(m); ++ continue; + } ++ ++ // is it a watcher option? ++ for (w = watchers; w; w = w->next) ++ if (w->parse(c-w->option_offset, argv, ++ argc, new_entry, &w->flags, &w->w)) ++ break; ++ ++ if (w == NULL) ++ print_error("Unknown argument"); ++ if (w->used == 0) ++ add_watcher(w); + } + } + +@@ -1352,43 +1430,40 @@ + if (replace.command == 'L' && replace.selected_hook == DATABASEHOOKNR) + list_db(); + +- if ( (replace.flags & OPT_COMMAND) && replace.command != 'L' && replace.flags & OPT_ZERO ) +- print_error("Command -Z only allowed together with command -L."); ++ if ( (replace.flags & OPT_COMMAND) && replace.command != 'L' && ++ replace.flags & OPT_ZERO ) ++ print_error("Command -Z only allowed together with command -L"); + +- if (replace.command == 'A' || replace.command == 'I' || replace.command == 'D') { ++ if (replace.command == 'A' || replace.command == 'I' || ++ replace.command == 'D') { + if (replace.selected_hook == -1) +- print_error("Not enough information."); ++ print_error("Not enough information"); + } + + if ( !(table = find_table(replace.name)) ) +- print_error("Bad table name."); ++ print_error("Bad table name"); + + // do this after parsing everything, so we can print specific info + if (replace.command == 'h' && !(replace.flags & OPT_ZERO)) + print_help(); + + // do the final checks +- { +- struct ebt_u_match_list *m_l = new_entry->m_list; +- struct ebt_u_match *m; +- struct ebt_u_watcher_list *w_l = new_entry->w_list; +- struct ebt_u_watcher *w; +- struct ebt_u_target *t = (struct ebt_u_target *)new_entry->t; +- ++ m_l = new_entry->m_list; ++ w_l = new_entry->w_list; ++ t = (struct ebt_u_target *)new_entry->t; + while (m_l) { + m = (struct ebt_u_match *)(m_l->m); +- m->final_check(new_entry, m->m, replace.name, replace.selected_hook); ++ m->final_check(new_entry, m->m, replace.name, ++ replace.selected_hook); + m_l = m_l->next; + } +- + while (w_l) { + w = (struct ebt_u_watcher *)(w_l->w); +- w->final_check(new_entry, w->w, replace.name, replace.selected_hook); ++ w->final_check(new_entry, w->w, replace.name, ++ replace.selected_hook); + w_l = w_l->next; + } +- + t->final_check(new_entry, t->t, replace.name, replace.selected_hook); +- } + + // so, the extensions can work with the host endian + // the kernel does not have to do this ofcourse +@@ -1396,10 +1471,10 @@ + + // get the kernel's information + get_table(&replace); +- replace.nentries = replace.nentries; + // check if selected_hook is a valid_hook +- if (replace.selected_hook >= 0 && !(replace.valid_hooks & (1 << replace.selected_hook))) +- print_error("Bad chain name."); ++ if (replace.selected_hook >= 0 && ++ !(replace.valid_hooks & (1 << replace.selected_hook))) ++ print_error("Bad chain name"); + if (replace.command == 'P') + change_policy(policy); + else if (replace.command == 'L') { +--- ebtables-v2.0pre2.001/communication.c Wed Apr 3 17:22:39 2002 ++++ ebtables-v2.0pre2.002/communication.c Wed Apr 10 22:10:49 2002 +@@ -25,12 +25,6 @@ + + extern char* hooknames[NF_BR_NUMHOOKS]; + +-void print_memory() +-{ +- printf("Out of memory\n"); +- exit(0); +-} +- + int sockfd = -1; + + void get_sockfd() +@@ -38,7 +32,7 @@ + if (sockfd == -1) { + sockfd = socket(AF_INET, SOCK_RAW, PF_INET); + if (sockfd < 0) +- print_error("Problem getting a socket."); ++ print_error("Problem getting a socket"); + } + } + +@@ -60,7 +54,8 @@ + new->nentries = u_repl->nentries; + new->num_counters = u_repl->num_counters; + new->counters = u_repl->counters; +- memcpy(new->counter_entry, u_repl->counter_entry, sizeof(new->counter_entry)); ++ memcpy(new->counter_entry, u_repl->counter_entry, ++ sizeof(new->counter_entry)); + // determine size + for (i = 0; i < NF_BR_NUMHOOKS; i++) { + if (!(new->valid_hooks & (1 << i))) +@@ -86,7 +81,8 @@ + } + // a little sanity check + if (j != u_repl->hook_entry[i]->nentries) +- print_bug("Wrong nentries: %d != %d, hook = %s", j, u_repl->hook_entry[i]->nentries, hooknames[i]); ++ print_bug("Wrong nentries: %d != %d, hook = %s", j, ++ u_repl->hook_entry[i]->nentries, hooknames[i]); + } + + new->entries_size = entries_size; +@@ -116,7 +112,8 @@ + tmp->ethproto = e->ethproto; + memcpy(tmp->in, e->in, sizeof(tmp->in)); + memcpy(tmp->out, e->out, sizeof(tmp->out)); +- memcpy(tmp->sourcemac, e->sourcemac, sizeof(tmp->sourcemac)); ++ memcpy(tmp->sourcemac, e->sourcemac, ++ sizeof(tmp->sourcemac)); + memcpy(tmp->destmac, e->destmac, sizeof(tmp->destmac)); + + base = p; +@@ -159,11 +156,13 @@ + // give the data to the kernel + optlen = sizeof(struct ebt_replace) + repl->entries_size; + if (setsockopt(sockfd, IPPROTO_IP, EBT_SO_SET_ENTRIES, repl, optlen)) +- print_error("Couldn't update kernel chains, you probably need to insmod an extension."); ++ print_error("Couldn't update kernel chains, you probably need " ++ "to insmod an extension"); + } + + // gets executed after deliver_table +-void deliver_counters(struct ebt_u_replace *u_repl, unsigned short *counterchanges) ++void ++deliver_counters(struct ebt_u_replace *u_repl, unsigned short *counterchanges) + { + unsigned short *point; + struct ebt_counter *old, *new, *newcounters; +@@ -173,7 +172,8 @@ + if (u_repl->nentries == 0) + return; + +- newcounters = (struct ebt_counter *)malloc(u_repl->nentries * sizeof(struct ebt_counter)); ++ newcounters = (struct ebt_counter *) ++ malloc(u_repl->nentries * sizeof(struct ebt_counter)); + if (!newcounters) + print_memory(); + memset(newcounters, 0, u_repl->nentries * sizeof(struct ebt_counter)); +@@ -208,7 +208,8 @@ + free(u_repl->counters); + u_repl->counters = newcounters; + u_repl->num_counters = u_repl->nentries; +- optlen = u_repl->nentries * sizeof(struct ebt_counter) + sizeof(struct ebt_replace); ++ optlen = u_repl->nentries * sizeof(struct ebt_counter) + ++ sizeof(struct ebt_replace); + // now put the stuff in the kernel's struct ebt_replace + repl.counters = u_repl->counters; + repl.num_counters = u_repl->num_counters; +@@ -224,7 +225,8 @@ + { + struct ebt_u_match_list *new; + +- new = (struct ebt_u_match_list *)malloc(sizeof(struct ebt_u_match_list)); ++ new = (struct ebt_u_match_list *) ++ malloc(sizeof(struct ebt_u_match_list)); + if (!new) + print_memory(); + new->m = (struct ebt_entry_match *)malloc(m->match_size); +@@ -235,12 +237,14 @@ + **l = new; + *l = &new->next; + if (find_match(new->m->u.name) == NULL) +- print_error("Kernel match %s unsupported by userspace tool.", new->m->u.name); ++ print_error("Kernel match %s unsupported by userspace tool", ++ new->m->u.name); + return 0; + } + + static int +-ebt_translate_watcher(struct ebt_entry_watcher *w, struct ebt_u_watcher_list ***l) ++ebt_translate_watcher(struct ebt_entry_watcher *w, ++ struct ebt_u_watcher_list ***l) + { + struct ebt_u_watcher_list *new; + +@@ -255,13 +259,15 @@ + **l = new; + *l = &new->next; + if (find_watcher(new->w->u.name) == NULL) +- print_error("Kernel watcher %s unsupported by userspace tool.", new->w->u.name); ++ print_error("Kernel watcher %s unsupported by userspace tool", ++ new->w->u.name); + return 0; + } + + static int +-ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, int *totalcnt, +- struct ebt_u_entry ***u_e, struct ebt_u_replace *u_repl, unsigned int valid_hooks) ++ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, ++ int *totalcnt, struct ebt_u_entry ***u_e, struct ebt_u_replace *u_repl, ++ unsigned int valid_hooks) + { + // an entry + if (e->bitmask & EBT_ENTRY_OR_ENTRIES) { +@@ -295,7 +301,8 @@ + if (!new->t) + print_memory(); + if (find_target(t->u.name) == NULL) +- print_error("Kernel target %s unsupported by userspace tool.", t->u.name); ++ print_error("Kernel target %s unsupported by " ++ "userspace tool", t->u.name); + memcpy(new->t, t, t->target_size); + + // I love pointers +@@ -304,7 +311,7 @@ + (*cnt)++; + (*totalcnt)++; + return 0; +- } else {// a new chain ++ } else { // a new chain + int i; + struct ebt_entries *entries = (struct ebt_entries *)e; + struct ebt_u_entries *new; +@@ -319,7 +326,8 @@ + print_bug("Nr of entries in the chain is wrong"); + *n = entries->nentries; + *cnt = 0; +- new = (struct ebt_u_entries *)malloc(sizeof(struct ebt_u_entries)); ++ new = (struct ebt_u_entries *) ++ malloc(sizeof(struct ebt_u_entries)); + if (!new) + print_memory(); + new->nentries = entries->nentries; +@@ -344,12 +352,14 @@ + optlen = sizeof(struct ebt_replace); + strcpy(repl.name, u_repl->name); + if (getsockopt(sockfd, IPPROTO_IP, EBT_SO_GET_INFO, &repl, &optlen)) +- print_bug("hmm, what is wrong??? bug#3"); ++ print_error("A kernel module needed by your command is probably" ++ " not loaded. Try insmod ebtables or the like"); + + if ( !(repl.entries = (char *) malloc(repl.entries_size)) ) + print_memory(); + if (repl.nentries) { +- if (!(repl.counters = (struct ebt_counter *) malloc(repl.nentries * sizeof(struct ebt_counter))) ) ++ if (!(repl.counters = (struct ebt_counter *) ++ malloc(repl.nentries * sizeof(struct ebt_counter))) ) + print_memory(); + } + else +@@ -357,7 +367,8 @@ + + // we want to receive the counters + repl.num_counters = repl.nentries; +- optlen += repl.entries_size + repl.num_counters * sizeof(struct ebt_counter); ++ optlen += repl.entries_size + repl.num_counters * ++ sizeof(struct ebt_counter); + if (getsockopt(sockfd, IPPROTO_IP, EBT_SO_GET_ENTRIES, &repl, &optlen)) + print_bug("hmm, what is wrong??? bug#1"); + +@@ -367,12 +378,15 @@ + u_repl->nentries = repl.nentries; + u_repl->num_counters = repl.num_counters; + u_repl->counters = repl.counters; +- memcpy(u_repl->counter_entry, repl.counter_entry, sizeof(repl.counter_entry)); ++ memcpy(u_repl->counter_entry, repl.counter_entry, ++ sizeof(repl.counter_entry)); + hook = -1; + i = 0; // holds the expected nr. of entries for the chain + j = 0; // holds the up to now counted entries for the chain +- k = 0; // holds the total nr. of entries, should equal u_repl->nentries afterwards +- EBT_ENTRY_ITERATE(repl.entries, repl.entries_size, ebt_translate_entry, &hook, &i, &j, &k, &u_e, u_repl, u_repl->valid_hooks); ++ k = 0; // holds the total nr. of entries, ++ // should equal u_repl->nentries afterwards ++ EBT_ENTRY_ITERATE(repl.entries, repl.entries_size, ebt_translate_entry, ++ &hook, &i, &j, &k, &u_e, u_repl, u_repl->valid_hooks); + if (k != u_repl->nentries) + print_bug("Wrong total nentries"); + } +@@ -384,7 +398,8 @@ + get_sockfd(); + + if (getsockopt(sockfd, IPPROTO_IP, BRDB_SO_GET_DBINFO, nr, &optlen)) +- print_error("Sorry, br_db code probably not in kernel, try insmod br_db."); ++ print_error("Sorry, br_db code probably not in kernel, " ++ "try insmod br_db"); + } + + void get_db(int len, struct brdb_dbentry *db) +@@ -405,5 +420,6 @@ + get_sockfd(); + + if (setsockopt(sockfd, IPPROTO_IP, BRDB_SO_SET_ALLOWDB, decision, optlen)) +- print_error("Sorry, br_db code probably not in kernel, try insmod br_db."); ++ print_error("Sorry, br_db code probably not in kernel, " ++ "try insmod br_db"); + } +--- ebtables-v2.0pre2.001/extensions/ebt_nat.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebt_nat.c Thu Apr 11 18:12:55 2002 +@@ -52,8 +52,9 @@ + } + + #define OPT_SNAT 0x01 +-static int parse_s(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_target **target) ++static int parse_s(int c, char **argv, int argc, ++ const struct ebt_u_entry *entry, unsigned int *flags, ++ struct ebt_entry_target **target) + { + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; + +@@ -62,7 +63,7 @@ + check_option(flags, OPT_SNAT); + to_source_supplied = 1; + if (getmac(optarg, natinfo->mac)) +- print_error("Problem with specified to-source mac."); ++ print_error("Problem with specified to-source mac"); + break; + default: + return 0; +@@ -71,8 +72,9 @@ + } + + #define OPT_DNAT 0x01 +-static int parse_d(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_target **target) ++static int parse_d(int c, char **argv, int argc, ++ const struct ebt_u_entry *entry, unsigned int *flags, ++ struct ebt_entry_target **target) + { + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; + +@@ -81,7 +83,8 @@ + check_option(flags, OPT_DNAT); + to_dest_supplied = 1; + if (getmac(optarg, natinfo->mac)) +- print_error("Problem with specified to-destination mac."); ++ print_error("Problem with specified " ++ "to-destination mac"); + break; + default: + return 0; +@@ -89,44 +92,52 @@ + return 1; + } + +-static void final_check_s(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, unsigned int hook) ++static void final_check_s(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target, const char *name, unsigned int hook) + { + if (hook != NF_BR_POST_ROUTING || strcmp(name, "nat")) +- print_error("Wrong chain for SNAT."); ++ print_error("Wrong chain for SNAT"); + if (to_source_supplied == 0) +- print_error("No snat address supplied."); ++ print_error("No snat address supplied"); + + } + +-static void final_check_d(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, unsigned int hook) ++static void final_check_d(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target, const char *name, unsigned int hook) + { +- if ( (hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) || strcmp(name, "nat") ) +- print_error("Wrong chain for DNAT."); ++ if ( (hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) || ++ strcmp(name, "nat") ) ++ print_error("Wrong chain for DNAT"); + if (to_dest_supplied == 0) +- print_error("No dnat address supplied."); ++ print_error("No dnat address supplied"); + } + +-static void print_s(const struct ebt_u_entry *entry, const struct ebt_entry_target *target) ++static void print_s(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target) + { + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; + int i; + + printf("snat - to: "); + for (i = 0; i < ETH_ALEN; i++) +- printf("%02x%s", natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":"); ++ printf("%02x%s", ++ natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":"); + } + +-static void print_d(const struct ebt_u_entry *entry, const struct ebt_entry_target *target) ++static void print_d(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target) + { + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; + int i; + + printf("dnat - to: "); + for (i = 0; i < ETH_ALEN; i++) +- printf("%02x%s", natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":"); ++ printf("%02x%s", ++ natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":"); + } + +-static int compare(const struct ebt_entry_target *t1, const struct ebt_entry_target *t2) ++static int compare(const struct ebt_entry_target *t1, ++ const struct ebt_entry_target *t2) + { + struct ebt_nat_info *natinfo1 = (struct ebt_nat_info *)t1->data; + struct ebt_nat_info *natinfo2 = (struct ebt_nat_info *)t2->data; +--- ebtables-v2.0pre2.001/extensions/ebt_ip.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebt_ip.c Wed Apr 10 23:28:40 2002 +@@ -40,16 +40,16 @@ + return -1; + *q = '\0'; + onebyte = strtol(p, &end, 10); +- if (*end != '\0' || onebyte >255 || onebyte < 0) ++ if (*end != '\0' || onebyte > 255 || onebyte < 0) + return -1; +- ip2[i] = (unsigned char) onebyte; ++ ip2[i] = (unsigned char)onebyte; + p = q + 1; + } + + onebyte = strtol(p, &end, 10); + if (*end != '\0' || onebyte >255 || onebyte < 0) + return -1; +- ip2[3] = (unsigned char) onebyte; ++ ip2[3] = (unsigned char)onebyte; + + return 0; + } +@@ -88,15 +88,15 @@ + *p = '\0'; + i = ip_mask(p + 1, (unsigned char *)msk); + if (i) +- print_error("Problem with the ip mask."); ++ print_error("Problem with the ip mask"); + } + else + *msk = 0xFFFFFFFF; + + i = undot_ip(address, (unsigned char *)addr); +- *addr = *addr & *msk; + if (i) +- print_error("Problem with the ip address."); ++ print_error("Problem with the ip address"); ++ *addr = *addr & *msk; + } + + // transform the ip mask into a string ready for output +@@ -106,7 +106,6 @@ + static char buf[20]; + __u32 maskaddr, bits; + +- // cool hack I copied from iptables.c ... Think about it :-) + maskaddr = ntohl(mask); + + // don't print /32 +@@ -114,7 +113,7 @@ + return ""; + + i = 32; +- bits = 0xFFFFFFFEL;// case 0xFFFFFFFF has just been dealt with ++ bits = 0xFFFFFFFEL; // case 0xFFFFFFFF has just been dealt with + while (--i >= 0 && maskaddr != bits) + bits <<= 1; + +@@ -123,9 +122,10 @@ + else if (!i) + *buf = '\0'; + else +- /* mask was not a decent combination of 1's and 0's */ +- sprintf(buf, "/%d.%d.%d.%d", ((unsigned char *)&mask)[0], ((unsigned char *)&mask)[1], +- ((unsigned char *)&mask)[2], ((unsigned char *)&mask)[3]); ++ // mask was not a decent combination of 1's and 0's ++ sprintf(buf, "/%d.%d.%d.%d", ((unsigned char *)&mask)[0], ++ ((unsigned char *)&mask)[1], ((unsigned char *)&mask)[2], ++ ((unsigned char *)&mask)[3]); + + return buf; + } +@@ -133,11 +133,11 @@ + static void print_help() + { + printf( +- "ip options:\n" +- "--ip-src [!] address[/mask]: ip source specification\n" +- "--ip-dst [!] address[/mask]: ip destination specification\n" +- "--ip-tos [!] tos : ip tos specification\n" +- "--ip-proto [!] protocol : ip protocol specification\n"); ++"ip options:\n" ++"--ip-src [!] address[/mask]: ip source specification\n" ++"--ip-dst [!] address[/mask]: ip destination specification\n" ++"--ip-tos [!] tos : ip tos specification\n" ++"--ip-proto [!] protocol : ip protocol specification\n"); + } + + static void init(struct ebt_entry_match *match) +@@ -152,9 +152,8 @@ + #define OPT_DEST 0x02 + #define OPT_TOS 0x04 + #define OPT_PROTO 0x08 +-static int parse(int c, char **argv, int argc, +- const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_match **match) ++static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, ++ unsigned int *flags, struct ebt_entry_match **match) + { + struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)(*match)->data; + char *end, *buffer; +@@ -163,13 +162,13 @@ + switch (c) { + case IP_SOURCE: + check_option(flags, OPT_SOURCE); ++ ipinfo->bitmask |= EBT_IP_SOURCE; ++ + case IP_DEST: +- if (c == IP_DEST) ++ if (c == IP_DEST) { + check_option(flags, OPT_DEST); +- if (c == IP_SOURCE) +- ipinfo->bitmask |= EBT_IP_SOURCE; +- else + ipinfo->bitmask |= EBT_IP_DEST; ++ } + if (check_inverse(optarg)) { + if (c == IP_SOURCE) + ipinfo->invflags |= EBT_IP_SOURCE; +@@ -178,34 +177,38 @@ + } + + if (optind > argc) +- print_error("Missing ip address argument."); ++ print_error("Missing ip address argument"); + if (c == IP_SOURCE) +- parse_ip_address(argv[optind - 1], &ipinfo->saddr, &ipinfo->smsk); ++ parse_ip_address(argv[optind - 1], &ipinfo->saddr, ++ &ipinfo->smsk); + else +- parse_ip_address(argv[optind - 1], &ipinfo->daddr, &ipinfo->dmsk); ++ parse_ip_address(argv[optind - 1], &ipinfo->daddr, ++ &ipinfo->dmsk); + break; ++ + case IP_myTOS: + check_option(flags, OPT_TOS); + if (check_inverse(optarg)) + ipinfo->invflags |= EBT_IP_TOS; + + if (optind > argc) +- print_error("Missing ip tos argument."); ++ print_error("Missing ip tos argument"); + i = strtol(argv[optind - 1], &end, 16); + if (i < 0 || i > 255 || *buffer != '\0') +- print_error("Problem with specified ip tos."); ++ print_error("Problem with specified ip tos"); + ipinfo->tos = i; + ipinfo->bitmask |= EBT_IP_TOS; + break; ++ + case IP_PROTO: + check_option(flags, OPT_PROTO); + if (check_inverse(optarg)) + ipinfo->invflags |= EBT_IP_PROTO; + if (optind > argc) +- print_error("Missing ip protocol argument."); ++ print_error("Missing ip protocol argument"); + i = strtol(argv[optind - 1], &end, 10); + if (i < 0 || i > 255 || *end != '\0') +- print_error("Problem with specified ip protocol."); ++ print_error("Problem with specified ip protocol"); + ipinfo->protocol = i; + ipinfo->bitmask |= EBT_IP_PROTO; + break; +@@ -215,13 +218,17 @@ + return 1; + } + +-static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, unsigned int hook) ++static void final_check(const struct ebt_u_entry *entry, ++ const struct ebt_entry_match *match, const char *name, unsigned int hook) + { +- if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || entry->ethproto != ETH_P_IP) +- print_error("For IP filtering the protocol must be specified as IPV4."); ++ if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || ++ entry->ethproto != ETH_P_IP) ++ print_error("For IP filtering the protocol must be " ++ "specified as IPv4"); + } + +-static void print(const struct ebt_u_entry *entry, const struct ebt_entry_match *match) ++static void print(const struct ebt_u_entry *entry, ++ const struct ebt_entry_match *match) + { + struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)match->data; + int j; +@@ -231,7 +238,8 @@ + if (ipinfo->invflags & EBT_IP_SOURCE) + printf("! "); + for (j = 0; j < 4; j++) +- printf("%d%s", ((unsigned char *)&ipinfo->saddr)[j], (j == 3) ? "" : "."); ++ printf("%d%s",((unsigned char *)&ipinfo->saddr)[j], ++ (j == 3) ? "" : "."); + printf("%s, ", mask_to_dotted(ipinfo->smsk)); + } + if (ipinfo->bitmask & EBT_IP_DEST) { +@@ -239,7 +247,8 @@ + if (ipinfo->invflags & EBT_IP_DEST) + printf("! "); + for (j = 0; j < 4; j++) +- printf("%d%s", ((unsigned char *)&ipinfo->daddr)[j], (j == 3) ? "" : "."); ++ printf("%d%s", ((unsigned char *)&ipinfo->daddr)[j], ++ (j == 3) ? "" : "."); + printf("%s, ", mask_to_dotted(ipinfo->dmsk)); + } + if (ipinfo->bitmask & EBT_IP_TOS) { +@@ -256,7 +265,8 @@ + } + } + +-static int compare(const struct ebt_entry_match *m1, const struct ebt_entry_match *m2) ++static int compare(const struct ebt_entry_match *m1, ++ const struct ebt_entry_match *m2) + { + struct ebt_ip_info *ipinfo1 = (struct ebt_ip_info *)m1->data; + struct ebt_ip_info *ipinfo2 = (struct ebt_ip_info *)m2->data; +--- ebtables-v2.0pre2.001/extensions/ebt_arp.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebt_arp.c Wed Apr 10 23:05:29 2002 +@@ -44,20 +44,20 @@ + int i = 0; + + printf( +- "arp options:\n" +- "--arp-opcode opcode : ARP opcode (integer or string)\n" +- "--arp-htype type : ARP hardware type (integer or string)\n" +- "--arp-ptype type : ARP protocol type (hexadecimal or string)\n" +- "--arp-ip-src [!] address[/mask]: ARP ip source specification\n" +- "--arp-ip-dst [!] address[/mask]: ARP ip target specification\n" +- " opcode strings: \n"); ++"arp options:\n" ++"--arp-opcode opcode : ARP opcode (integer or string)\n" ++"--arp-htype type : ARP hardware type (integer or string)\n" ++"--arp-ptype type : ARP protocol type (hexadecimal or string)\n" ++"--arp-ip-src [!] address[/mask]: ARP ip source specification\n" ++"--arp-ip-dst [!] address[/mask]: ARP ip target specification\n" ++" opcode strings: \n"); + while (strcmp(opcodes[i], "")) { + printf("%d = %s\n", i + 1, opcodes[i]); + i++; + } + printf( +- " hardware type string: \n 1 = Ethernet\n" +- " protocol type string: \n 0x0800 = IPv4\n"); ++" hardware type string: \n 1 = Ethernet\n" ++" protocol type string: \n 0x0800 = IPv4\n"); + } + + static void init(struct ebt_entry_match *match) +@@ -68,7 +68,8 @@ + arpinfo->bitmask = 0; + } + +-void parse_ip_address(char *address, __u32 *addr, __u32 *msk); // defined in ebt_ip.c ++// defined in ebt_ip.c ++void parse_ip_address(char *address, __u32 *addr, __u32 *msk); + + #define OPT_OPCODE 0x01 + #define OPT_HTYPE 0x02 +@@ -87,15 +88,14 @@ + + switch (c) { + case ARP_OPCODE: +- + check_option(flags, OPT_OPCODE); + if (check_inverse(optarg)) + arpinfo->invflags |= EBT_ARP_OPCODE; + + if (optind > argc) +- print_error("Missing arp opcode argument."); ++ print_error("Missing arp opcode argument"); + i = strtol(argv[optind - 1], &end, 10); +- if (i < 0 || i > (0x1 << 16) || *end !='\0') { ++ if (i < 0 || i >= (0x1 << 16) || *end !='\0') { + i = 0; + while (strcmp(opcodes[i], "")) { + if (!strcasecmp(opcodes[i], optarg)) +@@ -103,7 +103,8 @@ + i++; + } + if (!strcmp(opcodes[i], "")) +- print_error("Problem with specified arp opcode."); ++ print_error("Problem with specified " ++ "arp opcode"); + } + arpinfo->opcode = htons(i); + arpinfo->bitmask |= EBT_ARP_OPCODE; +@@ -115,13 +116,14 @@ + arpinfo->invflags |= EBT_ARP_HTYPE; + + if (optind > argc) +- print_error("Missing arp hardware type argument."); ++ print_error("Missing arp hardware type argument"); + i = strtol(argv[optind - 1], &end, 10); +- if (i < 0 || i > (0x1 << 16) || *end !='\0') { ++ if (i < 0 || i >= (0x1 << 16) || *end !='\0') { + if (!strcasecmp("Ethernet", argv[optind - 1])) + i = 1; + else +- print_error("Problem with specified arp hardware type."); ++ print_error("Problem with specified arp " ++ "hardware type"); + } + arpinfo->htype = htons(i); + arpinfo->bitmask |= EBT_ARP_HTYPE; +@@ -133,13 +135,14 @@ + arpinfo->invflags |= EBT_ARP_PTYPE; + + if (optind > argc) +- print_error("Missing arp protocol type argument."); ++ print_error("Missing arp protocol type argument"); + i = strtol(argv[optind - 1], &end, 16); +- if (i < 0 || i > (0x1 << 16) || *end !='\0') { ++ if (i < 0 || i >= (0x1 << 16) || *end !='\0') { + if (!strcasecmp("IPv4", argv[optind - 1])) + i = 0x0800; + else +- print_error("Problem with specified arp protocol type."); ++ print_error("Problem with specified arp " ++ "protocol type"); + } + arpinfo->ptype = htons(i); + arpinfo->bitmask |= EBT_ARP_PTYPE; +@@ -165,7 +168,7 @@ + arpinfo->invflags |= EBT_ARP_DST_IP; + } + if (optind > argc) +- print_error("Missing ip address argument."); ++ print_error("Missing ip address argument"); + parse_ip_address(argv[optind - 1], addr, mask); + break; + default: +@@ -174,14 +177,19 @@ + return 1; + } + +-static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, unsigned int hook) ++static void final_check(const struct ebt_u_entry *entry, ++const struct ebt_entry_match *match, const char *name, unsigned int hook) + { +- if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || (entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP)) +- print_error("For (R)ARP filtering the protocol must be specified as ARP or RARP."); ++ if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || ++ (entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP)) ++ print_error("For (R)ARP filtering the protocol must be " ++ "specified as ARP or RARP"); + } + +-char *mask_to_dotted(__u32 mask); // defined in the ebt_ip.c +-static void print(const struct ebt_u_entry *entry, const struct ebt_entry_match *match) ++// defined in the ebt_ip.c ++char *mask_to_dotted(__u32 mask); ++static void print(const struct ebt_u_entry *entry, ++ const struct ebt_entry_match *match) + { + struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data; + int i; +@@ -209,7 +217,8 @@ + if (arpinfo->invflags & EBT_ARP_SRC_IP) + printf("! "); + for (i = 0; i < 4; i++) +- printf("%d%s", ((unsigned char *)&arpinfo->saddr)[i], (i == 3) ? "" : "."); ++ printf("%d%s", ((unsigned char *)&arpinfo->saddr)[i], ++ (i == 3) ? "" : "."); + printf("%s, ", mask_to_dotted(arpinfo->smsk)); + } + if (arpinfo->bitmask & EBT_ARP_DST_IP) { +@@ -217,12 +226,14 @@ + if (arpinfo->invflags & EBT_ARP_DST_IP) + printf("! "); + for (i = 0; i < 4; i++) +- printf("%d%s", ((unsigned char *)&arpinfo->daddr)[i], (i == 3) ? "" : "."); ++ printf("%d%s", ((unsigned char *)&arpinfo->daddr)[i], ++ (i == 3) ? "" : "."); + printf("%s, ", mask_to_dotted(arpinfo->dmsk)); + } + } + +-static int compare(const struct ebt_entry_match *m1, const struct ebt_entry_match *m2) ++static int compare(const struct ebt_entry_match *m1, ++ const struct ebt_entry_match *m2) + { + struct ebt_arp_info *arpinfo1 = (struct ebt_arp_info *)m1->data; + struct ebt_arp_info *arpinfo2 = (struct ebt_arp_info *)m2->data; +--- ebtables-v2.0pre2.001/extensions/ebt_log.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebt_log.c Wed Apr 10 23:51:18 2002 +@@ -9,14 +9,14 @@ + + // copied from syslog.h + // used for the LOG target +-#define LOG_EMERG 0 /* system is unusable */ +-#define LOG_ALERT 1 /* action must be taken immediately */ +-#define LOG_CRIT 2 /* critical conditions */ +-#define LOG_ERR 3 /* error conditions */ +-#define LOG_WARNING 4 /* warning conditions */ +-#define LOG_NOTICE 5 /* normal but significant condition */ +-#define LOG_INFO 6 /* informational */ +-#define LOG_DEBUG 7 /* debug-level messages */ ++#define LOG_EMERG 0 // system is unusable ++#define LOG_ALERT 1 // action must be taken immediately ++#define LOG_CRIT 2 // critical conditions ++#define LOG_ERR 3 // error conditions ++#define LOG_WARNING 4 // warning conditions ++#define LOG_NOTICE 5 // normal but significant condition ++#define LOG_INFO 6 // informational ++#define LOG_DEBUG 7 // debug-level messages + #define LOG_DEFAULT_LEVEL LOG_INFO + + typedef struct _code { +@@ -70,16 +70,17 @@ + int i; + + printf( +- "log options:\n" +- "--log : use this if you're not specifying anything\n" +- "--log-level level : level = [1-8] or a string\n" +- "--log-prefix prefix : max. %d chars.\n" +- "--log-ip : put ip info. in the log for ip packets\n" +- "--log-arp : put (r)arp info. in the log for (r)arp packets\n" ++"log options:\n" ++"--log : use this if you're not specifying anything\n" ++"--log-level level : level = [1-8] or a string\n" ++"--log-prefix prefix : max. %d chars.\n" ++"--log-ip : put ip info. in the log for ip packets\n" ++"--log-arp : put (r)arp info. in the log for (r)arp packets\n" + , EBT_LOG_PREFIX_SIZE - 1); + printf("levels:\n"); + for (i = 0; i < 8; i++) +- printf("%d = %s\n", eight_priority[i].c_val, eight_priority[i].c_name); ++ printf("%d = %s\n", eight_priority[i].c_val, ++ eight_priority[i].c_name); + } + + static void init(struct ebt_entry_watcher *watcher) +@@ -88,7 +89,7 @@ + + loginfo->bitmask = 0; + loginfo->prefix[0] = '\0'; +- loginfo->loglevel = 6; ++ loginfo->loglevel = LOG_NOTICE; + } + + #define OPT_PREFIX 0x01 +@@ -96,9 +97,8 @@ + #define OPT_ARP 0x04 + #define OPT_IP 0x08 + #define OPT_LOG 0x10 +-static int parse(int c, char **argv, int argc, +- const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_watcher **watcher) ++static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, ++ unsigned int *flags, struct ebt_entry_watcher **watcher) + { + struct ebt_log_info *loginfo = (struct ebt_log_info *)(*watcher)->data; + int i; +@@ -108,9 +108,10 @@ + case LOG_PREFIX: + check_option(flags, OPT_PREFIX); + if (strlen(optarg) > sizeof(loginfo->prefix) - 1) +- print_error("Prefix too long."); ++ print_error("Prefix too long"); + strcpy(loginfo->prefix, optarg); + break; ++ + case LOG_LEVEL: + check_option(flags, OPT_LEVEL); + i = strtol(optarg, &end, 16); +@@ -119,16 +120,19 @@ + else + loginfo->loglevel = i; + if (loginfo->loglevel == 9) +- print_error("Problem with the log-level."); ++ print_error("Problem with the log-level"); + break; ++ + case LOG_IP: + check_option(flags, OPT_IP); + loginfo->bitmask |= EBT_LOG_IP; + break; ++ + case LOG_ARP: + check_option(flags, OPT_ARP); + loginfo->bitmask |= EBT_LOG_ARP; + break; ++ + case LOG_LOG: + check_option(flags, OPT_LOG); + break; +@@ -138,16 +142,18 @@ + return 1; + } + +-static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watcher, const char *name, unsigned int hook) ++static void final_check(const struct ebt_u_entry *entry, ++ const struct ebt_entry_watcher *watcher, const char *name, unsigned int hook) + { + return; + } + +-static void print(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watcher) ++static void print(const struct ebt_u_entry *entry, ++ const struct ebt_entry_watcher *watcher) + { + struct ebt_log_info *loginfo = (struct ebt_log_info *)watcher->data; + +- printf("log: log-level = %s - log-prefix = '%s'", ++ printf("log: log-level = %s - log-prefix = \"%s\"", + eight_priority[loginfo->loglevel].c_name, + loginfo->prefix); + if (loginfo->bitmask & EBT_LOG_IP) +@@ -157,7 +163,8 @@ + printf(" "); + } + +-static int compare(const struct ebt_entry_watcher *w1, const struct ebt_entry_watcher *w2) ++static int compare(const struct ebt_entry_watcher *w1, ++ const struct ebt_entry_watcher *w2) + { + struct ebt_log_info *loginfo1 = (struct ebt_log_info *)w1->data; + struct ebt_log_info *loginfo2 = (struct ebt_log_info *)w2->data; +--- ebtables-v2.0pre2.001/extensions/ebt_standard.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebt_standard.c Thu Apr 11 18:14:07 2002 +@@ -19,17 +19,19 @@ + ((struct ebt_standard_target *)t)->verdict = EBT_CONTINUE; + } + +-static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_target **target) ++static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, ++ unsigned int *flags, struct ebt_entry_target **target) + { + return 0; + } + +-static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, unsigned int hook) ++static void final_check(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target, const char *name, unsigned int hook) + { + } + +-static void print(const struct ebt_u_entry *entry, const struct ebt_entry_target *target) ++static void print(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target) + { + __u8 verdict = ((struct ebt_standard_target *)target)->verdict; + +@@ -41,9 +43,11 @@ + printf("Drop "); + } + +-static int compare(const struct ebt_entry_target *t1, const struct ebt_entry_target *t2) ++static int compare(const struct ebt_entry_target *t1, ++ const struct ebt_entry_target *t2) + { +- return ((struct ebt_standard_target *)t1)->verdict == ((struct ebt_standard_target *)t2)->verdict; ++ return ((struct ebt_standard_target *)t1)->verdict == ++ ((struct ebt_standard_target *)t2)->verdict; + } + + static struct ebt_u_target standard = +--- ebtables-v2.0pre2.001/extensions/ebtable_filter.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebtable_filter.c Thu Apr 11 18:14:40 2002 +@@ -3,7 +3,8 @@ + #include + #include "../include/ebtables_u.h" + +-#define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | (1 << NF_BR_LOCAL_OUT)) ++#define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \ ++ (1 << NF_BR_LOCAL_OUT)) + + static void print_help(char **hn) + { +--- ebtables-v2.0pre2.001/extensions/ebtable_nat.c Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/extensions/ebtable_nat.c Thu Apr 11 18:14:57 2002 +@@ -2,7 +2,8 @@ + #include + #include "../include/ebtables_u.h" + +-#define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_POST_ROUTING)) ++#define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \ ++ (1 << NF_BR_POST_ROUTING)) + + static void print_help(char **hn) + { +--- ebtables-v2.0pre2.001/ChangeLog Wed Apr 3 16:56:37 2002 ++++ ebtables-v2.0pre2.002/ChangeLog Thu Apr 11 18:26:21 2002 +@@ -1,3 +1,12 @@ ++20020411 ++ * -j standard no longer works, is this cryptic? good :) ++ * lots of beautification. ++ - made some code smaller ++ - made everything fit within 80 columns ++ * fix problems with -i and -o option ++ * print_memory now prints useful info ++ * trying to see the tables when ebtables is not loaded in kernel ++ no longer makes this be seen as a bug. + 20020403 + ebtables v2.0 released, changes: + * A complete rewrite, made everything modular. +--- ebtables-v2.0pre2.001/include/ebtables_u.h Thu Apr 11 18:27:45 2002 ++++ ebtables-v2.0pre2.002/include/ebtables_u.h Wed Apr 10 22:29:01 2002 +@@ -38,20 +38,28 @@ + { + char name[EBT_TABLE_MAXNAMELEN]; + unsigned int valid_hooks; +- unsigned int nentries; // nr of rules in the table ++ // nr of rules in the table ++ unsigned int nentries; + struct ebt_u_entries *hook_entry[NF_BR_NUMHOOKS]; +- unsigned int counter_entry[NF_BR_NUMHOOKS]; // how many counters in front of it? +- unsigned int num_counters; // nr of counters the userspace expects back +- struct ebt_counter *counters; // where the kernel will put the old counters +- unsigned int flags; // can be used e.g. to know if a standard option has been specified twice +- char command; // we stick the specified command (e.g. -A) in here +- int selected_hook; // here we stick the hook to do our thing on (can be -1 if unspecified) ++ // how many counters in front of it? ++ unsigned int counter_entry[NF_BR_NUMHOOKS]; ++ // nr of counters userspace expects back ++ unsigned int num_counters; ++ // where the kernel will put the old counters ++ struct ebt_counter *counters; ++ // can be used e.g. to know if a standard option ++ // has been specified twice ++ unsigned int flags; ++ // we stick the specified command (e.g. -A) in here ++ char command; ++ // here we stick the hook to do our thing on (can be -1 if unspecified) ++ int selected_hook; + }; + + struct ebt_u_table + { + char name[EBT_TABLE_MAXNAMELEN]; +- int (*check) (struct ebt_u_replace *repl); ++ int (*check)(struct ebt_u_replace *repl); + void (*help)(char **); + struct ebt_u_table *next; + }; +@@ -70,9 +78,9 @@ + + struct ebt_u_entry + { +- __u32 bitmask; // this needs to be the first field ++ __u32 bitmask; + __u32 invflags; +- __u16 ethproto; /* packet type ID field */ ++ __u16 ethproto; + __u8 in[IFNAMSIZ]; + __u8 out[IFNAMSIZ]; + __u8 sourcemac[ETH_ALEN]; +@@ -86,35 +94,47 @@ + struct ebt_u_match + { + char name[EBT_FUNCTION_MAXNAMELEN]; +- unsigned int size;// size of the real match data ++ // size of the real match data + sizeof struct ebt_match ++ unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_match *m); + int (*parse)(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_match **match); +- void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, unsigned int hook); +- void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_match *match); +- int (*compare)(const struct ebt_entry_match *m1, const struct ebt_entry_match *m2); ++ void (*final_check)(const struct ebt_u_entry *entry, ++ const struct ebt_entry_match *match, ++ const char *name, unsigned int hook); ++ void (*print)(const struct ebt_u_entry *entry, ++ const struct ebt_entry_match *match); ++ int (*compare)(const struct ebt_entry_match *m1, ++ const struct ebt_entry_match *m2); + const struct option *extra_ops; +- unsigned int flags;// can be used e.g. to check for multiple occurance of the same option ++ // can be used e.g. to check for multiple occurance of the same option ++ unsigned int flags; + unsigned int option_offset; + struct ebt_entry_match *m; +- unsigned int used;// if used == 1 we no longer have to add it to the match chain of the new entry ++ // if used == 1 we no longer have to add it to ++ // the match chain of the new entry ++ unsigned int used; + struct ebt_u_match *next; + }; + + struct ebt_u_watcher + { + char name[EBT_FUNCTION_MAXNAMELEN]; +- unsigned int size;// size of the real match data ++ unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_watcher *w); + int (*parse)(int c, char **argv, int argc, +- const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_watcher **watcher); +- void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watch, const char *name, unsigned int hook); +- void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watcher); +- int (*compare)(const struct ebt_entry_watcher *w1, const struct ebt_entry_watcher *w2); ++ const struct ebt_u_entry *entry, unsigned int *flags, ++ struct ebt_entry_watcher **watcher); ++ void (*final_check)(const struct ebt_u_entry *entry, ++ const struct ebt_entry_watcher *watch, const char *name, ++ unsigned int hook); ++ void (*print)(const struct ebt_u_entry *entry, ++ const struct ebt_entry_watcher *watcher); ++ int (*compare)(const struct ebt_entry_watcher *w1, ++ const struct ebt_entry_watcher *w2); + const struct option *extra_ops; + unsigned int flags; + unsigned int option_offset; +@@ -126,14 +146,19 @@ + struct ebt_u_target + { + char name[EBT_FUNCTION_MAXNAMELEN]; +- unsigned int size;// size of the real match data ++ unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_target *t); +- int (*parse)(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, +- struct ebt_entry_target **target); +- void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, unsigned int hook); +- void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_target *target); +- int (*compare)(const struct ebt_entry_target *t1, const struct ebt_entry_target *t2); ++ int (*parse)(int c, char **argv, int argc, ++ const struct ebt_u_entry *entry, unsigned int *flags, ++ struct ebt_entry_target **target); ++ void (*final_check)(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target, const char *name, ++ unsigned int hook); ++ void (*print)(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target); ++ int (*compare)(const struct ebt_entry_target *t1, ++ const struct ebt_entry_target *t2); + const struct option *extra_ops; + unsigned int option_offset; + unsigned int flags; +@@ -150,19 +175,21 @@ + struct ebt_u_target *find_target(const char *name); + struct ebt_u_match *find_match(const char *name); + struct ebt_u_watcher *find_watcher(const char *name); +-void deliver_counters(struct ebt_u_replace *repl, unsigned short * counterchanges); ++void deliver_counters(struct ebt_u_replace *repl, ++ unsigned short * counterchanges); + void deliver_table(struct ebt_u_replace *repl); +-void get_sockfd(); + void get_dbinfo(struct brdb_dbinfo *nr); + void get_db(int len, struct brdb_dbentry *db); + void deliver_allowdb(__u16 *decision); +-void print_memory(); +-void init_extensions(); + int getmac(char *from, char *to); + void check_option(unsigned int *flags, unsigned int mask); + int check_inverse(const char option[]); +-#define print_bug(format, args...) {printf("BUG: "format"\n", ##args); exit(-1);} +-#define print_error(format, args...) {printf(format"\n", ##args); exit(-1);} ++#define print_bug(format, args...) \ ++ {printf("BUG: "format".\n", ##args); exit(-1);} ++#define print_error(format, args...) {printf(format".\n", ##args); exit(-1);} ++#define print_memory() {printf("Ebtables: " __FILE__ " " __FUNCTION__ \ ++ " %d :Out of memory.\n", __LINE__); exit(-1);} ++ + + + // used for keeping the rule counters right during rule adds or deletes -- cgit v1.2.3