summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfnm3 <fnm3>2002-06-14 17:28:13 +0000
committerfnm3 <fnm3>2002-06-14 17:28:13 +0000
commit199d31a20f95babd74d692beb89988e2fb851032 (patch)
treef830ecf66793450012d4783b92158ec557d86c6c
parent0d581985af2e3dfea67bbf4825628f642a7ae134 (diff)
New parameter definitions addded
Kernelspace changes for encapsulated protocol parameter Version changed Updated VLAN match extension section Removed empty lines at end of file Userspace changes - vlan encapsulated protocol match added
-rw-r--r--kernel/linux/include/linux/netfilter_bridge/ebt_vlan.h8
-rw-r--r--kernel/linux/net/bridge/netfilter/ebt_vlan.c70
-rw-r--r--userspace/ebtables2/Makefile2
-rw-r--r--userspace/ebtables2/ebtables.89
-rw-r--r--userspace/ebtables2/ethertypes5
-rw-r--r--userspace/ebtables2/extensions/ebt_vlan.c119
6 files changed, 158 insertions, 55 deletions
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_vlan.h b/kernel/linux/include/linux/netfilter_bridge/ebt_vlan.h
index 079112b..8dc5bd9 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebt_vlan.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_vlan.h
@@ -3,14 +3,16 @@
#define EBT_VLAN_ID 0x01
#define EBT_VLAN_PRIO 0x02
-#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO)
+#define EBT_VLAN_ENCAP 0x04
+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP)
#define EBT_VLAN_MATCH "vlan"
struct ebt_vlan_info {
__u16 id; /* VLAN ID {1-4095} */
- __u16 prio; /* VLAN Priority {0-7} */
+ __u8 prio; /* VLAN User Priority {0-7} */
+ __u16 encap; /* VLAN Encapsulated frame code {0-65535} */
__u8 bitmask; /* Args bitmask bit 1=1 - ID arg,
- bit 2=1 - Pirority arg */
+ bit 2=1 User-Priority arg, bit 3=1 encap*/
__u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
bit 2=1 - inversed Pirority arg */
};
diff --git a/kernel/linux/net/bridge/netfilter/ebt_vlan.c b/kernel/linux/net/bridge/netfilter/ebt_vlan.c
index 8ad921d..f7e2c16 100644
--- a/kernel/linux/net/bridge/netfilter/ebt_vlan.c
+++ b/kernel/linux/net/bridge/netfilter/ebt_vlan.c
@@ -5,7 +5,7 @@
* Bart De Schuymer <bart.de.schuymer@pandora.be>
* Nick Fedchik <nick@fedchik.org.ua>
*
- * May, 2002
+ * June, 2002
*/
#include <linux/netfilter_bridge/ebtables.h>
@@ -18,6 +18,8 @@ static unsigned char debug;
MODULE_PARM (debug, "0-1b");
MODULE_PARM_DESC (debug, "debug=1 is turn on debug messages");
+#define MODULE_VERSION "0.2"
+
static int ebt_filter_vlan (const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -30,43 +32,64 @@ static int ebt_filter_vlan (const struct sk_buff *skb,
(struct vlan_ethhdr *) skb->mac.raw;
unsigned short v_id;
unsigned short v_prio;
+ unsigned short v_TCI;
/*
- * Calculate 802.1Q VLAN ID and Priority
- * Reserved one bit (13) for CFI
+ * Calculate 802.1Q VLAN ID and user_priority from
+ * Tag Control Information (TCI) field.
+ * Reserved one bit (13) for CFI (Canonical Format Indicator)
*/
- v_id = ntohs ((unsigned short) vlanethhdr->h_vlan_TCI) & 0xFFF;
- v_prio = ntohs ((unsigned short) vlanethhdr->h_vlan_TCI) >> 13;
+ v_TCI = ntohs (vlanethhdr->h_vlan_TCI);
+ v_id = v_TCI & 0xFFF;
+ v_prio = v_TCI >> 13;
/*
* Checking VLANs
*/
if (infostuff->bitmask & EBT_VLAN_ID) { /* Is VLAN ID parsed? */
if (!((infostuff->id == v_id)
- ^ !!(infostuff->invflags & EBT_VLAN_ID)))
- return 1;
+ ^ !!(infostuff->invflags & EBT_VLAN_ID)))
+ return 1;
if (debug)
printk (KERN_DEBUG
"ebt_vlan: matched ID=%s%d (mask=%X)\n",
- (infostuff->invflags & EBT_VLAN_ID) ? "!" : "",
- infostuff->id,
- (unsigned char) infostuff->bitmask);
+ (infostuff->
+ invflags & EBT_VLAN_ID) ? "!" : "",
+ infostuff->id, infostuff->bitmask);
}
/*
- * Checking Priority
+ * Checking User Priority
*/
if (infostuff->bitmask & EBT_VLAN_PRIO) { /* Is VLAN Prio parsed? */
- if (!( (infostuff->prio == v_prio)
- ^ !!(infostuff->invflags & EBT_VLAN_PRIO)))
- return 1; /* missed */
+ if (!((infostuff->prio == v_prio)
+ ^ !!(infostuff->invflags & EBT_VLAN_PRIO)))
+ return 1; /* missed */
if (debug)
printk (KERN_DEBUG
"ebt_vlan: matched Prio=%s%d (mask=%X)\n",
- (infostuff->invflags & EBT_VLAN_PRIO) ? "!" : "",
- infostuff->prio,
- (unsigned char) infostuff->bitmask);
+ (infostuff->
+ invflags & EBT_VLAN_PRIO) ? "!" : "",
+ infostuff->prio, infostuff->bitmask);
}
/*
+ * Checking for Encapsulated proto
+ */
+ if (infostuff->bitmask & EBT_VLAN_ENCAP) { /* Is VLAN Encap parsed? */
+ if (!
+ ((infostuff->encap ==
+ vlanethhdr->h_vlan_encapsulated_proto)
+ ^ !!(infostuff->invflags & EBT_VLAN_ENCAP)))
+ return 1; /* missed */
+ if (debug)
+ printk (KERN_DEBUG
+ "ebt_vlan: matched encap=%s%2.4X (mask=%X)\n",
+ (infostuff->
+ invflags & EBT_VLAN_ENCAP) ? "!" : "",
+ ntohs (infostuff->encap),
+ infostuff->bitmask);
+ }
+
+ /*
* rule matched
*/
return 0;
@@ -96,7 +119,10 @@ static int ebt_vlan_check (const char *tablename, unsigned int hooknr,
}
static struct ebt_match filter_vlan = {
- {NULL, NULL}, EBT_VLAN_MATCH, ebt_filter_vlan, ebt_vlan_check,
+ {NULL, NULL},
+ EBT_VLAN_MATCH,
+ ebt_filter_vlan,
+ ebt_vlan_check,
NULL,
THIS_MODULE
};
@@ -104,10 +130,11 @@ static struct ebt_match filter_vlan = {
static int __init init (void)
{
printk (KERN_INFO
- "ebt_vlan: 802.1Q VLAN matching module for EBTables\n");
+ "ebt_vlan: 802.1Q VLAN matching module for EBTables "
+ MODULE_VERSION "\n");
if (debug)
printk (KERN_DEBUG
- "ebt_vlan: 802.1Q matching debug is on\n");
+ "ebt_vlan: 802.1Q rule matching debug is on\n");
return ebt_register_match (&filter_vlan);
}
@@ -120,5 +147,6 @@ module_init (init);
module_exit (fini);
EXPORT_NO_SYMBOLS;
MODULE_AUTHOR ("Nick Fedchik <nick@fedchik.org.ua>");
-MODULE_DESCRIPTION ("802.1Q VLAN matching module for ebtables, v0.1");
+MODULE_DESCRIPTION ("802.1Q VLAN matching module for ebtables, v"
+ MODULE_VERSION);
MODULE_LICENSE ("GPL");
diff --git a/userspace/ebtables2/Makefile b/userspace/ebtables2/Makefile
index e82be17..8ebcd0f 100644
--- a/userspace/ebtables2/Makefile
+++ b/userspace/ebtables2/Makefile
@@ -2,7 +2,7 @@
KERNEL_DIR?=/usr/src/linux
PROGNAME:=ebtables
-PROGVERSION:="2.0pre6 (May 2002)"
+PROGVERSION:="2.0pre8 (June 2002)"
MANDIR?=/usr/local/man
CFLAGS:=-Wall -Wunused
diff --git a/userspace/ebtables2/ebtables.8 b/userspace/ebtables2/ebtables.8
index d0d7a18..b9d57c8 100644
--- a/userspace/ebtables2/ebtables.8
+++ b/userspace/ebtables2/ebtables.8
@@ -21,7 +21,7 @@
.\"
.\"
.SH NAME
-ebtables(v.2.0) \- ethernet bridge packet table administration
+ebtables (v.2.0) \- ethernet bridge packet table administration
.SH SYNOPSIS
.BR "ebtables -[ADI] " "chain rule-specification [options]"
.br
@@ -316,7 +316,7 @@ The ARP IP source address specification.
.BR "--arp-ip-dst " "[!] \fIaddress\fP[/\fImask\fP]"
The ARP IP destination address specification.
.SS vlan
-Specify 802.1Q VLAN specific fields. These will only work if the protocol equals
+Specify 802.1Q Tag Control Information fields. These will only work if the protocol equals
.BR 802_1Q .
For more details see
.BR "ebtables -h vlan" .
@@ -325,7 +325,10 @@ For more details see
The VLAN identifier (decimal number from 0 to 4095).
.TP
.BR "--vlan-prio " "[!] \fIprio\fP"
-The VLAN priority type, this can be a decimal number from 0 to 7. The default value is 0.
+The VLAN user priority type, this can be a decimal number from 0 to 7. The default value is 0.
+.TP
+.BR "--vlan-encap " "[!] \fIprotocol\fP"
+The VLAN encapsulated protocol, this can be a hexadecimal number from 0000 to FFFF. The default value is 0.
.SH WATCHER EXTENSION(S)
Watchers are things that only look at frames passing by. These watchers only see the
frame if the frame passes all the matches of the rule.
diff --git a/userspace/ebtables2/ethertypes b/userspace/ebtables2/ethertypes
index 0123bf3..e53d4f2 100644
--- a/userspace/ebtables2/ethertypes
+++ b/userspace/ebtables2/ethertypes
@@ -7,7 +7,7 @@
# programs using this file should not be case sensitive
# that's all :-))
IPV4 0800 put your comments behind, on the same line, after a tab
-X25 0800 or whitespace
+X25 0805 or whitespace
ARP 0806
802_1Q 8100 802.1Q Virtual LAN tagged frame
IPX 8137
@@ -30,5 +30,4 @@ PPP_DISC 8863 PPPoE discovery messages
PPP_SES 8864 PPPoE session messages
ATMMPOA 884C MultiProtocol over ATM
ATMFATE 8884 Frame-based ATM Transport over Ethernet
-
-
+LOOP 9000
diff --git a/userspace/ebtables2/extensions/ebt_vlan.c b/userspace/ebtables2/extensions/ebt_vlan.c
index ad3e6f7..580fa71 100644
--- a/userspace/ebtables2/extensions/ebt_vlan.c
+++ b/userspace/ebtables2/extensions/ebt_vlan.c
@@ -1,44 +1,49 @@
/*
- * Summary: ebt_vlan userspace module
- *
- * Description: 802.1Q Virtual LAN match support module for ebtables project.
- * Enable to match 802.1Q VLAN tagged frames by VLAN numeric
- * identifier (12-bites field) and frame priority (3-bites field)
+ * Summary: ebt_vlan - 802.1 Q match extension module for userspace
+ *
+ * Description:802.1 Q Virtual LAN match support module for ebtables project.
+ * Enable to match 802.1 Q VLAN tagged frames by VLAN numeric
+ * identifier (12 - bits field) and user_priority (3 bits field)
*
* Authors:
* Bart De Schuymer <bart.de.schuymer@pandora.be>
- * Nick Fedchik <nick@fedchik.org.ua>
- *
- * May, 2002
+ * Nick Fedchik <nick@fedchik.org.ua>
+ * June, 2002
+ *
+ * License: GPL
+ *
*/
-
+
+#include <getopt.h>
+#include <netinet/in.h>
#include <stdio.h>
-#include <string.h>
#include <stdlib.h>
+#include <string.h>
#include <sys/socket.h>
-#include <netinet/in.h>
+
#include <linux/netfilter_bridge/ebtables.h>
-#include <getopt.h>
#include "../include/ebtables_u.h"
-#include <linux/netfilter_bridge/ebt_vlan.h>
#define VLAN_ID '1'
#define VLAN_PRIO '2'
+#define VLAN_ENCAP '3'
static struct option opts[] = {
{"vlan-id", required_argument, 0, VLAN_ID},
{"vlan-prio", required_argument, 0, VLAN_PRIO},
+ {"vlan-encap", required_argument, 0, VLAN_ENCAP},
{0}
};
/*
- * Print out help for ebtables -h vlan
+ * Print out local help by ebtables -h vlan
*/
static void print_help ()
{
printf ("802.1Q VLAN options:\n"
- "--vlan-id [!] id : VLAN ID 1-4095 (integer)\n"
- "--vlan-prio [!] prio : VLAN Priority 0-7 (integer)\n");
+ "--vlan-id [!] id : VLAN ID 1-4094 (integer)\n"
+ "--vlan-prio [!] prio : VLAN Priority 0-7 (integer)\n"
+ "--vlan-encap [!] proto : VLAN Encapsulated Protocol (integer or string as in /etc/ethertypes)\n");
}
/*
@@ -53,12 +58,18 @@ static void init (struct ebt_entry_match *match)
*/
vlaninfo->id = 0;
vlaninfo->prio = 0;
+ vlaninfo->encap = 0;
vlaninfo->invflags = 0;
vlaninfo->bitmask = 0;
}
+/*
+ * option flags definition
+ */
#define OPT_VLAN_ID 0x01
#define OPT_VLAN_PRIO 0x02
+#define OPT_VLAN_ENCAP 0x04
+
static int
parse (int c, char **argv, int argc,
const struct ebt_u_entry *entry, unsigned int *flags,
@@ -66,20 +77,24 @@ parse (int c, char **argv, int argc,
{
struct ebt_vlan_info *vlaninfo =
(struct ebt_vlan_info *) (*match)->data;
- unsigned short i;
+ unsigned long i;
char *end;
switch (c) {
case VLAN_ID:
+ /*
+ * ebtables.c:check_option(unsigned int *flags, unsigned int mask)
+ * checking for multiple usage of same option
+ */
check_option (flags, OPT_VLAN_ID);
/*
- * Check If we got inversed arg for VID,
+ * Check If we got inversed arg for vlan-id option,
* otherwise unset inversion flag
*/
if (check_inverse (optarg))
vlaninfo->invflags |= EBT_VLAN_ID;
/*
- * Check arg value presense
+ * Check arg value presence
*/
if (optind > argc)
print_error ("Missing VLAN ID argument\n");
@@ -90,15 +105,21 @@ parse (int c, char **argv, int argc,
*/
(unsigned short) i = strtol (argv[optind - 1], &end, 10);
/*
- * Check arg val range
+ * Check arg val range
*/
- if (i < 1 || i >= 4096 || *end != '\0') {
+ if (i < 1 || i >= 4094 || *end != '\0') {
i = 0;
print_error
("Problem with specified VLAN ID range\n");
}
+ /*
+ * Set up parameter value
+ */
vlaninfo->id = i;
- vlaninfo->bitmask|=EBT_VLAN_ID;
+ /*
+ * Set up parameter presence flag
+ */
+ vlaninfo->bitmask |= EBT_VLAN_ID;
break;
case VLAN_PRIO:
@@ -113,7 +134,7 @@ parse (int c, char **argv, int argc,
* set *end to end of argv string,
* base set 10 for decimal only
*/
- (unsigned short) i = strtol (argv[optind - 1], &end, 10);
+ (unsigned char) i = strtol (argv[optind - 1], &end, 10);
/*
* Check arg val range
*/
@@ -122,10 +143,45 @@ parse (int c, char **argv, int argc,
print_error
("Problem with specified VLAN Priority range\n");
}
+ /*
+ * Set up parameter value
+ */
vlaninfo->prio = i;
- vlaninfo->bitmask|=EBT_VLAN_PRIO;
+ /*
+ * Set up parameter presence flag
+ */
+ vlaninfo->bitmask |= EBT_VLAN_PRIO;
break;
+ case VLAN_ENCAP:
+ check_option (flags, OPT_VLAN_ENCAP);
+ if (check_inverse (optarg))
+ vlaninfo->invflags |= EBT_VLAN_ENCAP;
+ if (optind > argc)
+ print_error
+ ("Missing VLAN Encapsulated Protocol argument\n");
+ /*
+ * Parameter can be decimal, hexadecimal, or string.
+ * Check arg val range
+ */
+ (unsigned short) i = strtol (argv[optind - 1], &end, 16);
+ if (*end == '\0' && (i < 0 || i > 0xFFFF))
+ print_error
+ ("Problem with the specified encapsulated protocol");
+ if (*end != '\0')
+ if (name_to_protocol (argv[optind - 1]) == -1)
+ print_error
+ ("Problem with the specified encapsulated"
+ "protocol");
+ /*
+ * Set up parameter value (network notation)
+ */
+ vlaninfo->encap = htons (i);
+ /*
+ * Set up parameter presence flag
+ */
+ vlaninfo->bitmask |= EBT_VLAN_ENCAP;
+ break;
default:
return 0;
}
@@ -174,6 +230,14 @@ print (const struct ebt_u_entry *entry,
vlaninfo->invflags & EBT_VLAN_PRIO ? "!" : "",
vlaninfo->prio);
}
+ /*
+ * Print VLAN encapsulated protocol if they are specified
+ */
+ if (vlaninfo->bitmask & EBT_VLAN_ENCAP) {
+ printf ("vlan encap: %s%2.4X, ",
+ vlaninfo->invflags & EBT_VLAN_ENCAP ? "!" : "",
+ ntohs (vlaninfo->encap));
+ }
}
@@ -209,6 +273,13 @@ compare (const struct ebt_entry_match *vlan1,
if (vlaninfo1->prio != vlaninfo2->prio)
return 0;
};
+ /*
+ * Compare VLAN Encap if they are present
+ */
+ if (vlaninfo1->bitmask & EBT_VLAN_ENCAP) {
+ if (vlaninfo1->encap != vlaninfo2->encap)
+ return 0;
+ };
return 1;
}