From 41e8a19ea9934eac5c8ca53e786be88e6e9d1bd7 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sun, 23 Jun 2002 08:03:12 +0000 Subject: *** empty log message *** --- ChangeLog | 9 +++++++++ extensions/ebt_arp.c | 17 ++++++++--------- extensions/ebt_ip.c | 19 +++++++++---------- extensions/ebt_log.c | 9 ++++----- extensions/ebt_nat.c | 15 +++++++-------- extensions/ebt_redirect.c | 14 +++++++------- extensions/ebt_standard.c | 18 +++++++++++------- extensions/ebt_vlan.c | 9 ++++----- 8 files changed, 59 insertions(+), 51 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3a58b07..0c584b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20020621 + * some unlogged changes (due to lazyness) + * change the output for -L to make it look like it would look when + the user inputs the command. + * try to autoload modules + * some minor bugfixes + * add user defined chains support (without new commands yet, + deliberately) + * comparing rules didn't take the logical devices into account 20020520 * update help for -s and -d * add VLAN in ethertypes diff --git a/extensions/ebt_arp.c b/extensions/ebt_arp.c index 0e22b0b..d094b68 100644 --- a/extensions/ebt_arp.c +++ b/extensions/ebt_arp.c @@ -3,7 +3,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -178,7 +177,7 @@ static int parse(int c, char **argv, int argc, } static void final_check(const struct ebt_u_entry *entry, -const struct ebt_entry_match *match, const char *name, unsigned int hook) +const struct ebt_entry_match *match, const char *name, unsigned int hook_mask) { if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || (entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP)) @@ -195,40 +194,40 @@ static void print(const struct ebt_u_entry *entry, int i; if (arpinfo->bitmask & EBT_ARP_OPCODE) { - printf("arp opcode: "); + printf("--arp-op "); if (arpinfo->invflags & EBT_ARP_OPCODE) printf("! "); printf("%d ", ntohs(arpinfo->opcode)); } if (arpinfo->bitmask & EBT_ARP_HTYPE) { - printf("arp htype: "); + printf("--arp-htype "); if (arpinfo->invflags & EBT_ARP_HTYPE) printf("! "); printf("%d ", ntohs(arpinfo->htype)); } if (arpinfo->bitmask & EBT_ARP_PTYPE) { - printf("arp ptype: "); + printf("--arp-ptype "); if (arpinfo->invflags & EBT_ARP_PTYPE) printf("! "); printf("0x%x ", ntohs(arpinfo->ptype)); } if (arpinfo->bitmask & EBT_ARP_SRC_IP) { - printf("arp src IP "); + printf("--arp-ip-src "); if (arpinfo->invflags & EBT_ARP_SRC_IP) printf("! "); for (i = 0; i < 4; i++) printf("%d%s", ((unsigned char *)&arpinfo->saddr)[i], (i == 3) ? "" : "."); - printf("%s, ", mask_to_dotted(arpinfo->smsk)); + printf("%s ", mask_to_dotted(arpinfo->smsk)); } if (arpinfo->bitmask & EBT_ARP_DST_IP) { - printf("arp dst IP "); + printf("--arp-ip-dst "); if (arpinfo->invflags & EBT_ARP_DST_IP) printf("! "); for (i = 0; i < 4; i++) printf("%d%s", ((unsigned char *)&arpinfo->daddr)[i], (i == 3) ? "" : "."); - printf("%s, ", mask_to_dotted(arpinfo->dmsk)); + printf("%s ", mask_to_dotted(arpinfo->dmsk)); } } diff --git a/extensions/ebt_ip.c b/extensions/ebt_ip.c index 5d62d3a..cb425f9 100644 --- a/extensions/ebt_ip.c +++ b/extensions/ebt_ip.c @@ -3,7 +3,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -219,7 +218,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, } static void final_check(const struct ebt_u_entry *entry, - const struct ebt_entry_match *match, const char *name, unsigned int hook) + const struct ebt_entry_match *match, const char *name, unsigned int hook_mask) { if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || entry->ethproto != ETH_P_IP) @@ -234,34 +233,34 @@ static void print(const struct ebt_u_entry *entry, int j; if (ipinfo->bitmask & EBT_IP_SOURCE) { - printf("source ip: "); + printf("--ip-src "); if (ipinfo->invflags & EBT_IP_SOURCE) printf("! "); for (j = 0; j < 4; j++) printf("%d%s",((unsigned char *)&ipinfo->saddr)[j], (j == 3) ? "" : "."); - printf("%s, ", mask_to_dotted(ipinfo->smsk)); + printf("%s ", mask_to_dotted(ipinfo->smsk)); } if (ipinfo->bitmask & EBT_IP_DEST) { - printf("dest ip: "); + printf("--ip-dst "); if (ipinfo->invflags & EBT_IP_DEST) printf("! "); for (j = 0; j < 4; j++) printf("%d%s", ((unsigned char *)&ipinfo->daddr)[j], (j == 3) ? "" : "."); - printf("%s, ", mask_to_dotted(ipinfo->dmsk)); + printf("%s ", mask_to_dotted(ipinfo->dmsk)); } if (ipinfo->bitmask & EBT_IP_TOS) { - printf("ip TOS: "); + printf("--ip-tos "); if (ipinfo->invflags & EBT_IP_TOS) printf("! "); - printf("0x%02X, ", ipinfo->tos); + printf("0x%02X ", ipinfo->tos); } if (ipinfo->bitmask & EBT_IP_PROTO) { - printf("ip proto: "); + printf("--ip-proto "); if (ipinfo->invflags & EBT_IP_DEST) printf("! "); - printf("%d, ", ipinfo->protocol); + printf("%d ", ipinfo->protocol); } } diff --git a/extensions/ebt_log.c b/extensions/ebt_log.c index 6dff952..1dca3ad 100644 --- a/extensions/ebt_log.c +++ b/extensions/ebt_log.c @@ -2,7 +2,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -143,7 +142,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, } static void final_check(const struct ebt_u_entry *entry, - const struct ebt_entry_watcher *watcher, const char *name, unsigned int hook) + const struct ebt_entry_watcher *watcher, const char *name, unsigned int hook_mask) { return; } @@ -153,13 +152,13 @@ static void print(const struct ebt_u_entry *entry, { struct ebt_log_info *loginfo = (struct ebt_log_info *)watcher->data; - printf("log: log-level = %s - log-prefix = \"%s\"", + printf("--log-level %s --log-prefix \"%s\"", eight_priority[loginfo->loglevel].c_name, loginfo->prefix); if (loginfo->bitmask & EBT_LOG_IP) - printf(" - log-ip"); + printf(" --log-ip"); if (loginfo->bitmask & EBT_LOG_ARP) - printf(" - log-arp"); + printf(" --log-arp"); printf(" "); } diff --git a/extensions/ebt_nat.c b/extensions/ebt_nat.c index 1f88ae2..06414cf 100644 --- a/extensions/ebt_nat.c +++ b/extensions/ebt_nat.c @@ -4,7 +4,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -137,20 +136,20 @@ static int parse_d(int c, char **argv, int argc, } static void final_check_s(const struct ebt_u_entry *entry, - const struct ebt_entry_target *target, const char *name, unsigned int hook) + const struct ebt_entry_target *target, const char *name, unsigned int hook_mask) { - if (hook != NF_BR_POST_ROUTING || strcmp(name, "nat")) + if (!(hook_mask & (1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) print_error("Wrong chain for snat"); if (to_source_supplied == 0) print_error("No snat address supplied"); } static void final_check_d(const struct ebt_u_entry *entry, - const struct ebt_entry_target *target, const char *name, unsigned int hook) + const struct ebt_entry_target *target, const char *name, unsigned int hook_mask) { - if ( ((hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) || + if (((hook_mask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) || strcmp(name, "nat")) && - (hook != NF_BR_BROUTING || strcmp(name, "broute")) ) + ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) print_error("Wrong chain for dnat"); if (to_dest_supplied == 0) print_error("No dnat address supplied"); @@ -161,7 +160,7 @@ static void print_s(const struct ebt_u_entry *entry, { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; - printf("snat - to: "); + printf("--to-src "); printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); printf(" --snat-target %s", standard_targets[natinfo->target]); } @@ -171,7 +170,7 @@ static void print_d(const struct ebt_u_entry *entry, { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; - printf("dnat - to: "); + printf("--to-dst "); printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); printf(" --dnat-target %s", standard_targets[natinfo->target]); } diff --git a/extensions/ebt_redirect.c b/extensions/ebt_redirect.c index 3dff790..1fc7fd8 100644 --- a/extensions/ebt_redirect.c +++ b/extensions/ebt_redirect.c @@ -3,7 +3,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -33,7 +32,6 @@ static void init(struct ebt_entry_target *target) return; } - #define OPT_REDIRECT_TARGET 0x01 static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, @@ -61,10 +59,10 @@ static int parse(int c, char **argv, int argc, } static void final_check(const struct ebt_u_entry *entry, - const struct ebt_entry_target *target, const char *name, unsigned int hook) + const struct ebt_entry_target *target, const char *name, unsigned int hook_mask) { - if ( (hook != NF_BR_PRE_ROUTING || strcmp(name, "nat")) && - (hook != NF_BR_BROUTING || strcmp(name, "broute")) ) + if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) && + ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) ) print_error("Wrong chain for redirect"); } @@ -74,8 +72,10 @@ static void print(const struct ebt_u_entry *entry, struct ebt_redirect_info *redirectinfo = (struct ebt_redirect_info *)target->data; - printf("redirect"); - printf(" --redirect-target %s", standard_targets[redirectinfo->target]); + if (redirectinfo->target == EBT_ACCEPT) + return; + printf(" --redirect-target %s", + standard_targets[-redirectinfo->target - 1]); } static int compare(const struct ebt_entry_target *t1, diff --git a/extensions/ebt_standard.c b/extensions/ebt_standard.c index 983d055..9ca1fed 100644 --- a/extensions/ebt_standard.c +++ b/extensions/ebt_standard.c @@ -1,6 +1,6 @@ #include +#include #include -#include #include #include "../include/ebtables_u.h" @@ -26,21 +26,25 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, } static void final_check(const struct ebt_u_entry *entry, - const struct ebt_entry_target *target, const char *name, unsigned int hook) + const struct ebt_entry_target *target, const char *name, unsigned int hook_mask) { } static void print(const struct ebt_u_entry *entry, const struct ebt_entry_target *target) { - __u8 verdict = ((struct ebt_standard_target *)target)->verdict; + int verdict = ((struct ebt_standard_target *)target)->verdict; if (verdict == EBT_CONTINUE) - printf("Continue "); - else if (verdict == EBT_ACCEPT) - printf("Accept "); + printf("CONTINUE "); + else if (verdict == EBT_ACCEPT) + printf("ACCEPT "); + else if (verdict == EBT_DROP) + printf("DROP "); + else if (verdict == EBT_RETURN) + printf("RETURN "); else - printf("Drop "); + print_error("BUG: Bad standard target"); // this is a bug } static int compare(const struct ebt_entry_target *t1, diff --git a/extensions/ebt_vlan.c b/extensions/ebt_vlan.c index 2379f97..06708da 100644 --- a/extensions/ebt_vlan.c +++ b/extensions/ebt_vlan.c @@ -19,7 +19,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -194,7 +193,7 @@ parse (int c, char **argv, int argc, static void final_check (const struct ebt_u_entry *entry, const struct ebt_entry_match *match, - const char *name, unsigned int hook) + const char *name, unsigned int hook_mask) { /* * Is any proto supplied there? Or specified proto isn't 802.1Q? @@ -218,7 +217,7 @@ print (const struct ebt_u_entry *entry, * Print VLAN ID if they are specified */ if (vlaninfo->bitmask & EBT_VLAN_ID) { - printf ("vlan id: %s%d, ", + printf ("--vlan-id %s %d, ", vlaninfo->invflags & EBT_VLAN_ID ? "!" : "", vlaninfo->id); } @@ -226,7 +225,7 @@ print (const struct ebt_u_entry *entry, * Print VLAN priority if they are specified */ if (vlaninfo->bitmask & EBT_VLAN_PRIO) { - printf ("vlan prio: %s%d, ", + printf ("--vlan-prio %s %d, ", vlaninfo->invflags & EBT_VLAN_PRIO ? "!" : "", vlaninfo->prio); } @@ -234,7 +233,7 @@ print (const struct ebt_u_entry *entry, * Print VLAN encapsulated protocol if they are specified */ if (vlaninfo->bitmask & EBT_VLAN_ENCAP) { - printf ("vlan encap: %s%2.4X, ", + printf ("--vlan-encap %s %2.4X, ", vlaninfo->invflags & EBT_VLAN_ENCAP ? "!" : "", ntohs (vlaninfo->encap)); } -- cgit v1.2.3