*** empty log message ***

author: Bart De Schuymer <bdschuym@pandora.be> 2002-09-16 20:25:25 +0000
committer: Bart De Schuymer <bdschuym@pandora.be> 2002-09-16 20:25:25 +0000
commit: 5186b52583ac7c8fc78235d41541a51e5d7b53d2 (patch)
tree: 66c93f4e6d0b7b28012eb7a5031055dc247f0e3a
parent: e5ed21681d65767a0bfdbb30e92d6c40fdca8ea6 (diff)
9 files changed, 155 insertions, 0 deletions
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_arp.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_arp.h
new file mode 100644
index 0000000..8967dda
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_arp.h
@@ -0,0 +1,26 @@
+#ifndef __LINUX_BRIDGE_EBT_ARP_H
+#define __LINUX_BRIDGE_EBT_ARP_H
+
+#define EBT_ARP_OPCODE 0x01
+#define EBT_ARP_HTYPE 0x02
+#define EBT_ARP_PTYPE 0x04
+#define EBT_ARP_SRC_IP 0x08
+#define EBT_ARP_DST_IP 0x10
+#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
+   EBT_ARP_SRC_IP | EBT_ARP_DST_IP)
+#define EBT_ARP_MATCH "arp"
+
+struct ebt_arp_info
+{
+	uint16_t htype;
+	uint16_t ptype;
+	uint16_t opcode;
+	uint32_t saddr;
+	uint32_t smsk;
+	uint32_t daddr;
+	uint32_t dmsk;
+	uint8_t  bitmask;
+	uint8_t  invflags;
+};
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h
new file mode 100644
index 0000000..b2791e0
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h
@@ -0,0 +1,24 @@
+#ifndef __LINUX_BRIDGE_EBT_IP_H
+#define __LINUX_BRIDGE_EBT_IP_H
+
+#define EBT_IP_SOURCE 0x01
+#define EBT_IP_DEST 0x02
+#define EBT_IP_TOS 0x04
+#define EBT_IP_PROTO 0x08
+#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO)
+#define EBT_IP_MATCH "ip"
+
+// the same values are used for the invflags
+struct ebt_ip_info
+{
+	uint32_t saddr;
+	uint32_t daddr;
+	uint32_t smsk;
+	uint32_t dmsk;
+	uint8_t  tos;
+	uint8_t  protocol;
+	uint8_t  bitmask;
+	uint8_t  invflags;
+};
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h
new file mode 100644
index 0000000..d3e7377
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h
@@ -0,0 +1,17 @@
+#ifndef __LINUX_BRIDGE_EBT_LOG_H
+#define __LINUX_BRIDGE_EBT_LOG_H
+
+#define EBT_LOG_IP 0x01 // if the frame is made by ip, log the ip information
+#define EBT_LOG_ARP 0x02
+#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP)
+#define EBT_LOG_PREFIX_SIZE 30
+#define EBT_LOG_WATCHER "log"
+
+struct ebt_log_info
+{
+	uint8_t loglevel;
+	uint8_t prefix[EBT_LOG_PREFIX_SIZE];
+	uint32_t bitmask;
+};
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_m.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_m.h
new file mode 100644
index 0000000..301524f
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_m.h
@@ -0,0 +1,15 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
+#define __LINUX_BRIDGE_EBT_MARK_M_H
+
+#define EBT_MARK_AND 0x01
+#define EBT_MARK_OR 0x02
+#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
+struct ebt_mark_m_info
+{
+	unsigned long mark, mask;
+	uint8_t invert;
+	uint8_t bitmask;
+};
+#define EBT_MARK_MATCH "mark_m"
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h
new file mode 100644
index 0000000..f84d2ad
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h
@@ -0,0 +1,12 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
+#define __LINUX_BRIDGE_EBT_MARK_T_H
+
+struct ebt_mark_t_info
+{
+	unsigned long mark;
+	// EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
+	int target;
+};
+#define EBT_MARK_TARGET "mark"
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h
new file mode 100644
index 0000000..eac1871
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h
@@ -0,0 +1,13 @@
+#ifndef __LINUX_BRIDGE_EBT_NAT_H
+#define __LINUX_BRIDGE_EBT_NAT_H
+
+struct ebt_nat_info
+{
+	unsigned char mac[ETH_ALEN];
+	// EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN
+	int target;
+};
+#define EBT_SNAT_TARGET "snat"
+#define EBT_DNAT_TARGET "dnat"
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h
new file mode 100644
index 0000000..c741521
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h
@@ -0,0 +1,11 @@
+#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
+#define __LINUX_BRIDGE_EBT_REDIRECT_H
+
+struct ebt_redirect_info
+{
+	// EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
+	int target;
+};
+#define EBT_REDIRECT_TARGET "redirect"
+
+#endif
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_vlan.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_vlan.h
new file mode 100644
index 0000000..cb1fcc4
--- /dev/null
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_vlan.h
@@ -0,0 +1,20 @@
+#ifndef __LINUX_BRIDGE_EBT_VLAN_H
+#define __LINUX_BRIDGE_EBT_VLAN_H
+
+#define EBT_VLAN_ID	0x01
+#define EBT_VLAN_PRIO	0x02
+#define EBT_VLAN_ENCAP	0x04
+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP)
+#define EBT_VLAN_MATCH "vlan"
+
+struct ebt_vlan_info {
+	uint16_t id;		/* VLAN ID {1-4095} */
+	uint8_t prio;		/* VLAN User Priority {0-7} */
+	uint16_t encap;		/* VLAN Encapsulated frame code {0-65535} */
+	uint8_t bitmask;		/* Args bitmask bit 1=1 - ID arg,
+				   bit 2=1 User-Priority arg, bit 3=1 encap*/
+	uint8_t invflags;		/* Inverse bitmask  bit 1=1 - inversed ID arg, 
+				   bit 2=1 - inversed Pirority arg */
+};
+
+#endif
diff --git a/kernel/linux2.5/net/bridge/netfilter/Config.in b/kernel/linux2.5/net/bridge/netfilter/Config.in
new file mode 100644
index 0000000..59b8b63
--- /dev/null
+++ b/kernel/linux2.5/net/bridge/netfilter/Config.in
@@ -0,0 +1,17 @@
+#
+# Bridge netfilter configuration
+#
+dep_tristate '  Bridge: ebtables' CONFIG_BRIDGE_NF_EBTABLES $CONFIG_BRIDGE
+dep_tristate '    ebt: filter table support' CONFIG_BRIDGE_EBT_T_FILTER $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: nat table support' CONFIG_BRIDGE_EBT_T_NAT $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: broute table support' CONFIG_BRIDGE_EBT_BROUTE $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: log support' CONFIG_BRIDGE_EBT_LOG $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: IP filter support' CONFIG_BRIDGE_EBT_IPF $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: ARP filter support' CONFIG_BRIDGE_EBT_ARPF $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: 802.1Q VLAN filter support (EXPERIMENTAL)' CONFIG_BRIDGE_EBT_VLANF $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: mark filter support' CONFIG_BRIDGE_EBT_MARKF $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: snat target support' CONFIG_BRIDGE_EBT_SNAT $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: dnat target support' CONFIG_BRIDGE_EBT_DNAT $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: redirect target support' CONFIG_BRIDGE_EBT_REDIRECT $CONFIG_BRIDGE_NF_EBTABLES
+dep_tristate '    ebt: mark target support' CONFIG_BRIDGE_EBT_MARK_T $CONFIG_BRIDGE_NF_EBTABLES
+
author	Bart De Schuymer <bdschuym@pandora.be>	2002-09-16 20:25:25 +0000
committer	Bart De Schuymer <bdschuym@pandora.be>	2002-09-16 20:25:25 +0000
commit	5186b52583ac7c8fc78235d41541a51e5d7b53d2 (patch)
tree	66c93f4e6d0b7b28012eb7a5031055dc247f0e3a
parent	e5ed21681d65767a0bfdbb30e92d6c40fdca8ea6 (diff)