diff options
author | Bart De Schuymer <bdschuym@pandora.be> | 2002-06-01 19:23:47 +0000 |
---|---|---|
committer | Bart De Schuymer <bdschuym@pandora.be> | 2002-06-01 19:23:47 +0000 |
commit | d891e9e5bc309d5aeb2ab774c76b34a92085b3e7 (patch) | |
tree | 94b68fc1c01f90cad62a171c27007ff317031008 /userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff |
Initial revision
Diffstat (limited to 'userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff')
-rw-r--r-- | userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff | 483 |
1 files changed, 483 insertions, 0 deletions
diff --git a/userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff b/userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff new file mode 100644 index 0000000..9a3bc67 --- /dev/null +++ b/userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff @@ -0,0 +1,483 @@ +--- ebtables-v2.0pre3.003/ebtables.c Sat Apr 27 16:57:47 2002 ++++ ebtables-v2.0pre3.004/ebtables.c Wed Apr 24 19:47:02 2002 +@@ -63,8 +63,8 @@ + { "policy" , required_argument, 0, 'P' }, + { "in-interface" , required_argument, 0, 'i' }, + { "in-if" , required_argument, 0, 'i' }, +- { "logical-in" , required_argument, 0, 1 }, +- { "logical-out" , required_argument, 0, 2 }, ++ { "logical-in" , required_argument, 0, 2 }, ++ { "logical-out" , required_argument, 0, 3 }, + { "out-interface" , required_argument, 0, 'o' }, + { "out-if" , required_argument, 0, 'o' }, + { "version" , no_argument , 0, 'V' }, +@@ -155,6 +155,8 @@ + e->ethproto = 0; + strcpy(e->in, ""); + strcpy(e->out, ""); ++ strcpy(e->logical_in, ""); ++ strcpy(e->logical_out, ""); + e->m_list = NULL; + e->w_list = NULL; + // the init function of the standard target should have put the verdict +@@ -1278,9 +1280,9 @@ + break; + + case 'i': // input interface +- case 1 : // logical input interface ++ case 2 : // logical input interface + case 'o': // output interface +- case 2 : // logical output interface ++ case 3 : // logical output interface + case 'j': // target + case 'p': // net family protocol + case 's': // source mac +@@ -1306,7 +1308,7 @@ + strcpy(new_entry->in, argv[optind - 1]); + break; + } +- if (c == 1) { ++ if (c == 2) { + check_option(&replace.flags, OPT_LOGICALIN); + if (replace.selected_hook > 2) + print_error("Use logical in-interface " +@@ -1342,7 +1344,7 @@ + strcpy(new_entry->out, argv[optind - 1]); + break; + } +- if (c == 2) { ++ if (c == 3) { + check_option(&replace.flags, OPT_LOGICALOUT); + if (replace.selected_hook < 2) + print_error("Use logical out-interface " +--- /dev/null Thu Aug 24 11:00:32 2000 ++++ ebtables-v2.0pre3.004/extensions/ebt_redirect.c Sat Apr 27 17:18:16 2002 +@@ -0,0 +1,109 @@ ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <linux/netfilter_bridge/ebtables.h> ++#include <getopt.h> ++#include "../include/ebtables_u.h" ++#include <linux/netfilter_bridge/ebt_redirect.h> ++ ++extern char *standard_targets[NUM_STANDARD_TARGETS]; ++ ++#define REDIRECT_TARGET '1' ++static struct option opts[] = ++{ ++ { "redirect-target" , required_argument, 0, REDIRECT_TARGET }, ++ { 0 } ++}; ++ ++static void print_help() ++{ ++ printf( ++ "redirect option:\n" ++ " --redirect-target target : ACCEPT, DROP or CONTINUE\n"); ++} ++ ++static void init(struct ebt_entry_target *target) ++{ ++ struct ebt_redirect_info *redirectinfo = ++ (struct ebt_redirect_info *)target->data; ++ ++ redirectinfo->target = EBT_ACCEPT; ++ return; ++} ++ ++ ++#define OPT_REDIRECT_TARGET 0x01 ++static int parse(int c, char **argv, int argc, ++ const struct ebt_u_entry *entry, unsigned int *flags, ++ struct ebt_entry_target **target) ++{ ++ int i; ++ struct ebt_redirect_info *redirectinfo = ++ (struct ebt_redirect_info *)(*target)->data; ++ ++ switch (c) { ++ case REDIRECT_TARGET: ++ check_option(flags, OPT_REDIRECT_TARGET); ++ for (i = 0; i < NUM_STANDARD_TARGETS; i++) ++ if (!strcmp(optarg, standard_targets[i])) { ++ redirectinfo->target = i; ++ break; ++ } ++ if (i == NUM_STANDARD_TARGETS) ++ print_error("Illegal --redirect-target target"); ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void final_check(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target, const char *name, unsigned int hook) ++{ ++ if ( (hook != NF_BR_PRE_ROUTING || strcmp(name, "nat")) && ++ (hook != NF_BR_BROUTING || strcmp(name, "broute")) ) ++ print_error("Wrong chain for redirect"); ++} ++ ++static void print(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target) ++{ ++ struct ebt_redirect_info *redirectinfo = ++ (struct ebt_redirect_info *)target->data; ++ ++ printf("redirect"); ++ printf(" --redirect-target %s", standard_targets[redirectinfo->target]); ++} ++ ++static int compare(const struct ebt_entry_target *t1, ++ const struct ebt_entry_target *t2) ++{ ++ struct ebt_redirect_info *redirectinfo1 = ++ (struct ebt_redirect_info *)t1->data; ++ struct ebt_redirect_info *redirectinfo2 = ++ (struct ebt_redirect_info *)t2->data; ++ ++ return redirectinfo1->target == redirectinfo2->target; ++} ++ ++static struct ebt_u_target redirect_target = ++{ ++ EBT_REDIRECT_TARGET, ++ sizeof(struct ebt_redirect_info), ++ print_help, ++ init, ++ parse, ++ final_check, ++ print, ++ compare, ++ opts, ++}; ++ ++static void _init(void) __attribute__ ((constructor)); ++static void _init(void) ++{ ++ register_target(&redirect_target); ++} +--- ebtables-v2.0pre3.003/extensions/ebt_nat.c Sat Apr 27 16:57:41 2002 ++++ ebtables-v2.0pre3.004/extensions/ebt_nat.c Sat Apr 27 17:16:19 2002 +@@ -8,54 +8,71 @@ + #include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_nat.h> + ++extern char *standard_targets[NUM_STANDARD_TARGETS]; ++ + int to_source_supplied, to_dest_supplied; + + #define NAT_S '1' + #define NAT_D '1' ++#define NAT_S_TARGET '2' ++#define NAT_D_TARGET '2' + static struct option opts_s[] = + { + { "to-source" , required_argument, 0, NAT_S }, + { "to-src" , required_argument, 0, NAT_S }, +- { 0 }, ++ { "snat-target" , required_argument, 0, NAT_S_TARGET }, ++ { 0 } + }; + + static struct option opts_d[] = + { + { "to-destination", required_argument, 0, NAT_D }, + { "to-dst" , required_argument, 0, NAT_D }, ++ { "dnat-target" , required_argument, 0, NAT_D_TARGET }, + { 0 } + }; + + static void print_help_s() + { + printf( +- "snat option:\n" +- " --to-src address : MAC address to map source to\n"); ++ "snat options:\n" ++ " --to-src address : MAC address to map source to\n" ++ " --snat-target target : ACCEPT, DROP or CONTINUE\n"); + } + + static void print_help_d() + { + printf( +- "dnat option:\n" +- " --to-dst address : MAC address to map destination to\n"); ++ "dnat options:\n" ++ " --to-dst address : MAC address to map destination to\n" ++ " --dnat-target target : ACCEPT, DROP or CONTINUE\n"); + } + + static void init_s(struct ebt_entry_target *target) + { ++ struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; ++ + to_source_supplied = 0; ++ natinfo->target = EBT_ACCEPT; + return; + } + + static void init_d(struct ebt_entry_target *target) + { ++ struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; ++ + to_dest_supplied = 0; ++ natinfo->target = EBT_ACCEPT; ++ return; + } + +-#define OPT_SNAT 0x01 ++#define OPT_SNAT 0x01 ++#define OPT_SNAT_TARGET 0x02 + static int parse_s(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target) + { ++ int i; + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; + + switch (c) { +@@ -65,17 +82,29 @@ + if (getmac(optarg, natinfo->mac)) + print_error("Problem with specified to-source mac"); + break; ++ case NAT_S_TARGET: ++ check_option(flags, OPT_SNAT_TARGET); ++ for (i = 0; i < NUM_STANDARD_TARGETS; i++) ++ if (!strcmp(optarg, standard_targets[i])) { ++ natinfo->target = i; ++ break; ++ } ++ if (i == NUM_STANDARD_TARGETS) ++ print_error("Illegal --snat-target target"); ++ break; + default: +- return 0; ++ return 0; + } + return 1; + } + +-#define OPT_DNAT 0x01 ++#define OPT_DNAT 0x01 ++#define OPT_DNAT_TARGET 0x02 + static int parse_d(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target) + { ++ int i; + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; + + switch (c) { +@@ -86,8 +115,18 @@ + print_error("Problem with specified " + "to-destination mac"); + break; ++ case NAT_D_TARGET: ++ check_option(flags, OPT_DNAT_TARGET); ++ for (i = 0; i < NUM_STANDARD_TARGETS; i++) ++ if (!strcmp(optarg, standard_targets[i])) { ++ natinfo->target = i; ++ break; ++ } ++ if (i == NUM_STANDARD_TARGETS) ++ print_error("Illegal --dnat-target target"); ++ break; + default: +- return 0; ++ return 0; + } + return 1; + } +@@ -96,18 +135,18 @@ + const struct ebt_entry_target *target, const char *name, unsigned int hook) + { + if (hook != NF_BR_POST_ROUTING || strcmp(name, "nat")) +- print_error("Wrong chain for SNAT"); ++ print_error("Wrong chain for snat"); + if (to_source_supplied == 0) + print_error("No snat address supplied"); +- + } + + static void final_check_d(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, unsigned int hook) + { +- if ( (hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) || +- strcmp(name, "nat") ) +- print_error("Wrong chain for DNAT"); ++ if ( ((hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) || ++ strcmp(name, "nat")) && ++ (hook != NF_BR_BROUTING || strcmp(name, "broute")) ) ++ print_error("Wrong chain for dnat"); + if (to_dest_supplied == 0) + print_error("No dnat address supplied"); + } +@@ -122,6 +161,7 @@ + for (i = 0; i < ETH_ALEN; i++) + printf("%02x%s", + natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":"); ++ printf(" --snat-target %s", standard_targets[natinfo->target]); + } + + static void print_d(const struct ebt_u_entry *entry, +@@ -134,6 +174,7 @@ + for (i = 0; i < ETH_ALEN; i++) + printf("%02x%s", + natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":"); ++ printf(" --dnat-target %s", standard_targets[natinfo->target]); + } + + static int compare(const struct ebt_entry_target *t1, +@@ -142,13 +183,15 @@ + struct ebt_nat_info *natinfo1 = (struct ebt_nat_info *)t1->data; + struct ebt_nat_info *natinfo2 = (struct ebt_nat_info *)t2->data; + +- return !memcmp(natinfo1->mac, natinfo2->mac, sizeof(natinfo1->mac)); ++ ++ return !memcmp(natinfo1->mac, natinfo2->mac, sizeof(natinfo1->mac)) && ++ natinfo1->target == natinfo2->target; + } + + static struct ebt_u_target snat_target = + { + EBT_SNAT_TARGET, +- sizeof(struct ebt_nat_info) + sizeof(struct ebt_entry_target), ++ sizeof(struct ebt_nat_info), + print_help_s, + init_s, + parse_s, +--- ebtables-v2.0pre3.003/extensions/Makefile Sat Apr 6 21:56:53 2002 ++++ ebtables-v2.0pre3.004/extensions/Makefile Tue Apr 23 22:46:21 2002 +@@ -1,7 +1,7 @@ + #! /usr/bin/make + +-EXT_FUNC+=nat arp ip standard log +-EXT_TABLES+=filter nat ++EXT_FUNC+=nat arp ip standard log redirect ++EXT_TABLES+=filter nat broute + EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o) + EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o) + +--- ebtables-v2.0pre3.003/ChangeLog Sun Apr 14 14:15:59 2002 ++++ ebtables-v2.0pre3.004/ChangeLog Sat Apr 27 17:24:26 2002 +@@ -1,3 +1,9 @@ ++20020427 ++ * added broute table. ++ * added redirect target. ++ * added --redirect-target, --snat-target and --dnat-target options. ++ * added logical_out and logical_in ++ * snat bugfix (->size) + 20020414 + * fixed some things in the manual. + * fixed -P problem. +--- ebtables-v2.0pre3.003/ebtables.8 Sat Apr 27 16:57:44 2002 ++++ ebtables-v2.0pre3.004/ebtables.8 Sat Apr 27 13:33:37 2002 +@@ -1,4 +1,4 @@ +-.TH EBTABLES 8 "14 April 2002" ++.TH EBTABLES 8 "27 April 2002" + .\" + .\" Man page written by Bart De Schuymer <bart.de.schuymer@pandora.be> + .\" It is based on the iptables man page. +@@ -40,7 +40,7 @@ + complicated. This man page is written with the man page of iptables + next to it, so don't be surprised to see copied sentences and structure. + +-There are two tables with each three built-in chains. Each chain is a list ++There are three tables with built-in chains. Each chain is a list + of rules which can match frames: each rule specifies what to do with a + frame which matches. This is called a 'target'. The tables are used to + divide functionality into different sets of chains. +@@ -66,7 +66,7 @@ + .B "TARGET EXTENSIONS" + section. + .SS TABLES +-There are two tables. ++There are three tables. + .TP + .B "-t, --table" + This option specifies the frame matching table which the command should +@@ -90,6 +90,22 @@ + of chains POSTROUTING and PREROUTING: it would be more accurate to call them + PREFORWARDING and POSTFORWARDING, but for all those who come from the iptables + world to ebtables it is easier to have the same names. ++.BR broute , ++this table is used to make a brouter, it has one chain: ++.BR BROUTING . ++The targets ++.BR DROP and ACCEPT ++have special meaning in this table. ++.B DROP ++actually means the frame has to be routed, while ++.B ACCEPT ++means the frame has to be bridged. The ++.B BROUTING ++chain is traversed very early. It is only traversed by frames entering on ++a bridge enslaved nic that is in forwarding state. Normally those frames ++would be bridged, but you can decide otherwise here. The ++.B redirect ++target is very handy here. + .SH OPTIONS + The options can be divided into several different groups. + .SS COMMANDS +@@ -334,13 +350,21 @@ + The flag + .B --to-src + is an alias for this option. ++.br ++.BR "--snat-target " "\fItarget\fP" ++.br ++Specifies the standard target. After doing the snat, the rule still has ++to give a standard target so ebtables knows what to do. ++The default target is ACCEPT. Making it CONTINUE could let you use ++multiple target extensions on the same frame. Making it DROP doesn't ++make sense, but you could do that too. + .TP + .B dnat + The + .B dnat + target can only be used in the +-.BR PREROUTING " and the +-.BR OUTPUT " chains of the " nat " table." ++.BR BROUTING " chain of the " broute " table and the " ++.BR PREROUTING " and " OUTPUT " chains of the " nat " table." + It specifies that the destination mac address has to be changed. + .br + .BR "--to-destination " "\fIaddress\fP" +@@ -348,6 +372,31 @@ + The flag + .B --to-dst + is an alias for this option. ++.br ++.BR "--dnat-target " "\fItarget\fP" ++.br ++Specifies the standard target. After doing the dnat, the rule still has to ++give a standard target so ebtables knows what to do. ++The default target is ACCEPT. Making it CONTINUE could let you use ++multiple target extensions on the same frame. Making it DROP only makes ++sense in the BROUTING chain but using the redirect target is more logical ++there. ++.TP ++.B redirect ++The ++.B redirect ++target will change the MAC target address to that of the physical nic the ++frame arrived on. This target can only be used in the ++.BR BROUTING " chain of the " broute " table and the " ++.BR PREROUTING " chain of the " nat " table." ++.br ++.BR "--redirect-target " "\fItarget\fP" ++.br ++Specifies the standard target. After doing the MAC redirect, the rule ++still has to give a standard target so ebtables knows what to do. ++The default target is ACCEPT. Making it CONTINUE could let you use ++multiple target extensions on the same frame. Making it DROP in the ++BROUTING chain will let the frames be routed. + .SH FILES + .I /etc/etherproto + .SH BUGS |