diff options
author | Bernie Harris <bernie.harris@alliedtelesis.co.nz> | 2018-03-21 15:42:29 +1300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-04-27 00:27:31 +0200 |
commit | b1cdae87f25021eb835872d86d6e7206bd421c3f (patch) | |
tree | 24f875d58b4f4de5722c96d1eff8baeb0c6e61f2 /include | |
parent | 2e783b2277665c467138e7685309622456c41db4 (diff) |
extensions: Add string filter to ebtables
This patch is part of a proposal to add a string filter to
ebtables, which would be similar to the string filter in
iptables.
Like iptables, the ebtables filter uses the xt_string module,
however some modifications have been made for this to work
correctly.
Currently ebtables assumes that the revision number of all match
modules is 0. The xt_string module doesn't register a match with
revision 0 so the solution is to modify ebtables to allow
extensions to specify a revision number, similar to iptables.
This gets passed down to the kernel, which is then able to find
the match module correctly.
Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/ebtables.h | 16 | ||||
-rw-r--r-- | include/ebtables_u.h | 1 |
2 files changed, 14 insertions, 3 deletions
diff --git a/include/ebtables.h b/include/ebtables.h index 8f520c6..9bbedbb 100644 --- a/include/ebtables.h +++ b/include/ebtables.h @@ -20,6 +20,7 @@ #define EBT_TABLE_MAXNAMELEN 32 #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN +#define EBT_EXTENSION_MAXNAMELEN 31 /* verdicts >0 are "branches" */ #define EBT_ACCEPT -1 @@ -113,7 +114,10 @@ struct ebt_entries { struct ebt_entry_match { union { - char name[EBT_FUNCTION_MAXNAMELEN]; + struct { + char name[EBT_EXTENSION_MAXNAMELEN]; + uint8_t revision; + }; struct ebt_match *match; } u; /* size of data */ @@ -127,7 +131,10 @@ struct ebt_entry_match struct ebt_entry_watcher { union { - char name[EBT_FUNCTION_MAXNAMELEN]; + struct { + char name[EBT_EXTENSION_MAXNAMELEN]; + uint8_t revision; + }; struct ebt_watcher *watcher; } u; /* size of data */ @@ -141,7 +148,10 @@ struct ebt_entry_watcher struct ebt_entry_target { union { - char name[EBT_FUNCTION_MAXNAMELEN]; + struct { + char name[EBT_EXTENSION_MAXNAMELEN]; + uint8_t revision; + }; struct ebt_target *target; } u; /* size of data */ diff --git a/include/ebtables_u.h b/include/ebtables_u.h index 17afa94..c858996 100644 --- a/include/ebtables_u.h +++ b/include/ebtables_u.h @@ -144,6 +144,7 @@ struct ebt_u_entry struct ebt_u_match { char name[EBT_FUNCTION_MAXNAMELEN]; + uint8_t revision; /* size of the real match data */ unsigned int size; void (*help)(void); |