|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit b1cdae87f25021eb835872d86d6e7206bd421c3f, make fails thusly:
> libebtc.c: In function 'ebt_reinit_extensions':
> libebtc.c:275:11: error: 'union <anonymous>' has no member named 'revision'
> m->m->u.revision = m->revision;
> ^
> libebtc.c: In function 'ebt_check_rule_exists':
> libebtc.c:555:21: error: 'union <anonymous>' has no member named 'revision'
> m_l2->m->u.revision != m->m->u.revision)) {
> ^
> libebtc.c:555:41: error: 'union <anonymous>' has no member named 'revision'
> m_l2->m->u.revision != m->m->u.revision)) {
> ^
> libebtc.c: In function 'ebt_register_match':
> libebtc.c:1215:9: error: 'union <anonymous>' has no member named 'revision'
> m->m->u.revision = m->revision;
> ^
The cause of this failure is that the commit updated include/ebtables.h but
libebtc.c uses include/linux/netfilter_bridge/ebtables.h via
include/ebtables_u.h (gcc -E -C verifies this).
The 2 versions of ebtables.h looked to me to be otherwise close enough, so
amended ebtables_u.h to use the newer one.
Makefile insists on being warning-free, so cleared up warnings. Apart from
unused variables, there was also the issue that the diagnostic macro
ebt_print_error2 *returns* (i.e. makes its caller return) and returns -1. This
is unsuitable for use in functions which do not return a value, so introduced
ebt_print_error3 to do this.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
This patch is part of a proposal to add a string filter to
ebtables, which would be similar to the string filter in
iptables.
Like iptables, the ebtables filter uses the xt_string module,
however some modifications have been made for this to work
correctly.
Currently ebtables assumes that the revision number of all match
modules is 0. The xt_string module doesn't register a match with
revision 0 so the solution is to modify ebtables to allow
extensions to specify a revision number, similar to iptables.
This gets passed down to the kernel, which is then able to find
the match module correctly.
Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|