Initial revision

1 files changed, 483 insertions, 0 deletions

diff --git a/userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff b/userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff
new file mode 100644
index 0000000..9a3bc67
--- /dev/null
+++ b/userspace/patches/incremental-patches/ebtables-v2.0pre3.004.diff
@@ -0,0 +1,483 @@
+--- ebtables-v2.0pre3.003/ebtables.c	Sat Apr 27 16:57:47 2002
++++ ebtables-v2.0pre3.004/ebtables.c	Wed Apr 24 19:47:02 2002
+@@ -63,8 +63,8 @@
+ 	{ "policy"        , required_argument, 0, 'P' },
+ 	{ "in-interface"  , required_argument, 0, 'i' },
+ 	{ "in-if"         , required_argument, 0, 'i' },
+-	{ "logical-in"    , required_argument, 0, 1   },
+-	{ "logical-out"   , required_argument, 0, 2   },
++	{ "logical-in"    , required_argument, 0, 2   },
++	{ "logical-out"   , required_argument, 0, 3   },
+ 	{ "out-interface" , required_argument, 0, 'o' },
+ 	{ "out-if"        , required_argument, 0, 'o' },
+ 	{ "version"       , no_argument      , 0, 'V' },
+@@ -155,6 +155,8 @@
+ 	e->ethproto = 0;
+ 	strcpy(e->in, "");
+ 	strcpy(e->out, "");
++	strcpy(e->logical_in, "");
++	strcpy(e->logical_out, "");
+ 	e->m_list = NULL;
+ 	e->w_list = NULL;
+ 	// the init function of the standard target should have put the verdict
+@@ -1278,9 +1280,9 @@
+ 			break;
+ 
+ 		case 'i': // input interface
+-		case 1  : // logical input interface
++		case 2  : // logical input interface
+ 		case 'o': // output interface
+-		case 2  : // logical output interface
++		case 3  : // logical output interface
+ 		case 'j': // target
+ 		case 'p': // net family protocol
+ 		case 's': // source mac
+@@ -1306,7 +1308,7 @@
+ 				strcpy(new_entry->in, argv[optind - 1]);
+ 				break;
+ 			}
+-			if (c == 1) {
++			if (c == 2) {
+ 				check_option(&replace.flags, OPT_LOGICALIN);
+ 				if (replace.selected_hook > 2)
+ 					print_error("Use logical in-interface "
+@@ -1342,7 +1344,7 @@
+ 				strcpy(new_entry->out, argv[optind - 1]);
+ 				break;
+ 			}
+-			if (c == 2) {
++			if (c == 3) {
+ 				check_option(&replace.flags, OPT_LOGICALOUT);
+ 				if (replace.selected_hook < 2)
+ 					print_error("Use logical out-interface "
+--- /dev/null	Thu Aug 24 11:00:32 2000
++++ ebtables-v2.0pre3.004/extensions/ebt_redirect.c	Sat Apr 27 17:18:16 2002
+@@ -0,0 +1,109 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <linux/netfilter_bridge/ebtables.h>
++#include <getopt.h>
++#include "../include/ebtables_u.h"
++#include <linux/netfilter_bridge/ebt_redirect.h>
++
++extern char *standard_targets[NUM_STANDARD_TARGETS];
++
++#define REDIRECT_TARGET '1'
++static struct option opts[] =
++{
++	{ "redirect-target"    , required_argument, 0, REDIRECT_TARGET },
++	{ 0 }
++};
++
++static void print_help()
++{
++	printf(
++	"redirect option:\n"
++	" --redirect-target target   : ACCEPT, DROP or CONTINUE\n");
++}
++
++static void init(struct ebt_entry_target *target)
++{
++	struct ebt_redirect_info *redirectinfo =
++	   (struct ebt_redirect_info *)target->data;
++
++	redirectinfo->target = EBT_ACCEPT;
++	return;
++}
++
++
++#define OPT_REDIRECT_TARGET  0x01
++static int parse(int c, char **argv, int argc,
++   const struct ebt_u_entry *entry, unsigned int *flags,
++   struct ebt_entry_target **target)
++{
++	int i;
++	struct ebt_redirect_info *redirectinfo =
++	   (struct ebt_redirect_info *)(*target)->data;
++
++	switch (c) {
++	case REDIRECT_TARGET:
++		check_option(flags, OPT_REDIRECT_TARGET);
++		for (i = 0; i < NUM_STANDARD_TARGETS; i++)
++			if (!strcmp(optarg, standard_targets[i])) {
++				redirectinfo->target = i;
++				break;
++			}
++		if (i == NUM_STANDARD_TARGETS)
++			print_error("Illegal --redirect-target target");
++		break;
++	default:
++		return 0;
++	}
++	return 1;
++}
++
++static void final_check(const struct ebt_u_entry *entry,
++   const struct ebt_entry_target *target, const char *name, unsigned int hook)
++{
++	if ( (hook != NF_BR_PRE_ROUTING || strcmp(name, "nat")) &&
++	   (hook != NF_BR_BROUTING || strcmp(name, "broute")) )
++		print_error("Wrong chain for redirect");
++}
++
++static void print(const struct ebt_u_entry *entry,
++   const struct ebt_entry_target *target)
++{
++	struct ebt_redirect_info *redirectinfo =
++	   (struct ebt_redirect_info *)target->data;
++
++	printf("redirect");
++	printf(" --redirect-target %s", standard_targets[redirectinfo->target]);
++}
++
++static int compare(const struct ebt_entry_target *t1,
++   const struct ebt_entry_target *t2)
++{
++	struct ebt_redirect_info *redirectinfo1 =
++	   (struct ebt_redirect_info *)t1->data;
++	struct ebt_redirect_info *redirectinfo2 =
++	   (struct ebt_redirect_info *)t2->data;
++
++	return redirectinfo1->target == redirectinfo2->target;
++}
++
++static struct ebt_u_target redirect_target =
++{
++	EBT_REDIRECT_TARGET,
++	sizeof(struct ebt_redirect_info),
++	print_help,
++	init,
++	parse,
++	final_check,
++	print,
++	compare,
++	opts,
++};
++
++static void _init(void) __attribute__ ((constructor));
++static void _init(void)
++{
++	register_target(&redirect_target);
++}
+--- ebtables-v2.0pre3.003/extensions/ebt_nat.c	Sat Apr 27 16:57:41 2002
++++ ebtables-v2.0pre3.004/extensions/ebt_nat.c	Sat Apr 27 17:16:19 2002
+@@ -8,54 +8,71 @@
+ #include "../include/ebtables_u.h"
+ #include <linux/netfilter_bridge/ebt_nat.h>
+ 
++extern char *standard_targets[NUM_STANDARD_TARGETS];
++
+ int to_source_supplied, to_dest_supplied;
+ 
+ #define NAT_S '1'
+ #define NAT_D '1'
++#define NAT_S_TARGET '2'
++#define NAT_D_TARGET '2'
+ static struct option opts_s[] =
+ {
+ 	{ "to-source"     , required_argument, 0, NAT_S },
+ 	{ "to-src"        , required_argument, 0, NAT_S },
+-	{ 0 },
++	{ "snat-target"    , required_argument, 0, NAT_S_TARGET },
++	{ 0 }
+ };
+ 
+ static struct option opts_d[] =
+ {
+ 	{ "to-destination", required_argument, 0, NAT_D },
+ 	{ "to-dst"        , required_argument, 0, NAT_D },
++	{ "dnat-target"    , required_argument, 0, NAT_D_TARGET },
+ 	{ 0 }
+ };
+ 
+ static void print_help_s()
+ {
+ 	printf(
+-	"snat option:\n"
+-	" --to-src address       : MAC address to map source to\n");
++	"snat options:\n"
++	" --to-src address       : MAC address to map source to\n"
++	" --snat-target target   : ACCEPT, DROP or CONTINUE\n");
+ }
+ 
+ static void print_help_d()
+ {
+ 	printf(
+-	"dnat option:\n"
+-	" --to-dst address       : MAC address to map destination to\n");
++	"dnat options:\n"
++	" --to-dst address       : MAC address to map destination to\n"
++	" --dnat-target target   : ACCEPT, DROP or CONTINUE\n");
+ }
+ 
+ static void init_s(struct ebt_entry_target *target)
+ {
++	struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
++
+ 	to_source_supplied = 0;
++	natinfo->target = EBT_ACCEPT;
+ 	return;
+ }
+ 
+ static void init_d(struct ebt_entry_target *target)
+ {
++	struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
++
+ 	to_dest_supplied = 0;
++	natinfo->target = EBT_ACCEPT;
++	return;
+ }
+ 
+-#define OPT_SNAT  0x01
++#define OPT_SNAT         0x01
++#define OPT_SNAT_TARGET  0x02
+ static int parse_s(int c, char **argv, int argc,
+    const struct ebt_u_entry *entry, unsigned int *flags,
+    struct ebt_entry_target **target)
+ {
++	int i;
+ 	struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data;
+ 
+ 	switch (c) {
+@@ -65,17 +82,29 @@
+ 		if (getmac(optarg, natinfo->mac))
+ 			print_error("Problem with specified to-source mac");
+ 		break;
++	case NAT_S_TARGET:
++		check_option(flags, OPT_SNAT_TARGET);
++		for (i = 0; i < NUM_STANDARD_TARGETS; i++)
++			if (!strcmp(optarg, standard_targets[i])) {
++				natinfo->target = i;
++				break;
++			}
++		if (i == NUM_STANDARD_TARGETS)
++			print_error("Illegal --snat-target target");
++		break;
+ 	default:
+-	return 0;
++		return 0;
+ 	}
+ 	return 1;
+ }
+ 
+-#define OPT_DNAT  0x01
++#define OPT_DNAT        0x01
++#define OPT_DNAT_TARGET 0x02
+ static int parse_d(int c, char **argv, int argc,
+    const struct ebt_u_entry *entry, unsigned int *flags,
+    struct ebt_entry_target **target)
+ {
++	int i;
+ 	struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data;
+ 
+ 	switch (c) {
+@@ -86,8 +115,18 @@
+ 			print_error("Problem with specified "
+ 			            "to-destination mac");
+ 		break;
++	case NAT_D_TARGET:
++		check_option(flags, OPT_DNAT_TARGET);
++		for (i = 0; i < NUM_STANDARD_TARGETS; i++)
++			if (!strcmp(optarg, standard_targets[i])) {
++				natinfo->target = i;
++				break;
++			}
++		if (i == NUM_STANDARD_TARGETS)
++			print_error("Illegal --dnat-target target");
++		break;
+ 	default:
+-	return 0;
++		return 0;
+ 	}
+ 	return 1;
+ }
+@@ -96,18 +135,18 @@
+    const struct ebt_entry_target *target, const char *name, unsigned int hook)
+ {
+ 	if (hook != NF_BR_POST_ROUTING || strcmp(name, "nat"))
+-		print_error("Wrong chain for SNAT");
++		print_error("Wrong chain for snat");
+ 	if (to_source_supplied == 0)
+ 		print_error("No snat address supplied");
+-
+ }
+ 
+ static void final_check_d(const struct ebt_u_entry *entry,
+    const struct ebt_entry_target *target, const char *name, unsigned int hook)
+ {
+-	if ( (hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) ||
+-	   strcmp(name, "nat") )
+-		print_error("Wrong chain for DNAT");
++	if ( ((hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) ||
++	   strcmp(name, "nat")) &&
++	   (hook != NF_BR_BROUTING || strcmp(name, "broute")) )
++		print_error("Wrong chain for dnat");
+ 	if (to_dest_supplied == 0)
+ 		print_error("No dnat address supplied");
+ }
+@@ -122,6 +161,7 @@
+ 	for (i = 0; i < ETH_ALEN; i++)
+ 		printf("%02x%s",
+ 		   natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":");
++	printf(" --snat-target %s", standard_targets[natinfo->target]);
+ }
+ 
+ static void print_d(const struct ebt_u_entry *entry,
+@@ -134,6 +174,7 @@
+ 	for (i = 0; i < ETH_ALEN; i++)
+ 		printf("%02x%s",
+ 		   natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":");
++	printf(" --dnat-target %s", standard_targets[natinfo->target]);
+ }
+ 
+ static int compare(const struct ebt_entry_target *t1,
+@@ -142,13 +183,15 @@
+ 	struct ebt_nat_info *natinfo1 = (struct ebt_nat_info *)t1->data;
+ 	struct ebt_nat_info *natinfo2 = (struct ebt_nat_info *)t2->data;
+ 
+-	return !memcmp(natinfo1->mac, natinfo2->mac, sizeof(natinfo1->mac));
++
++	return !memcmp(natinfo1->mac, natinfo2->mac, sizeof(natinfo1->mac)) &&
++	   natinfo1->target == natinfo2->target;
+ }
+ 
+ static struct ebt_u_target snat_target =
+ {
+ 	EBT_SNAT_TARGET,
+-	sizeof(struct ebt_nat_info) + sizeof(struct ebt_entry_target),
++	sizeof(struct ebt_nat_info),
+ 	print_help_s,
+ 	init_s,
+ 	parse_s,
+--- ebtables-v2.0pre3.003/extensions/Makefile	Sat Apr  6 21:56:53 2002
++++ ebtables-v2.0pre3.004/extensions/Makefile	Tue Apr 23 22:46:21 2002
+@@ -1,7 +1,7 @@
+ #! /usr/bin/make
+ 
+-EXT_FUNC+=nat arp ip standard log
+-EXT_TABLES+=filter nat
++EXT_FUNC+=nat arp ip standard log redirect
++EXT_TABLES+=filter nat broute
+ EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o)
+ EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o)
+ 
+--- ebtables-v2.0pre3.003/ChangeLog	Sun Apr 14 14:15:59 2002
++++ ebtables-v2.0pre3.004/ChangeLog	Sat Apr 27 17:24:26 2002
+@@ -1,3 +1,9 @@
++20020427
++	* added broute table.
++	* added redirect target.
++	* added --redirect-target, --snat-target and --dnat-target options.
++	* added logical_out and logical_in
++	* snat bugfix (->size)
+ 20020414
+ 	* fixed some things in the manual.
+ 	* fixed -P problem.
+--- ebtables-v2.0pre3.003/ebtables.8	Sat Apr 27 16:57:44 2002
++++ ebtables-v2.0pre3.004/ebtables.8	Sat Apr 27 13:33:37 2002
+@@ -1,4 +1,4 @@
+-.TH EBTABLES 8  "14 April 2002"
++.TH EBTABLES 8  "27 April 2002"
+ .\"
+ .\" Man page written by Bart De Schuymer <bart.de.schuymer@pandora.be>
+ .\" It is based on the iptables man page.
+@@ -40,7 +40,7 @@
+ complicated. This man page is written with the man page of iptables
+ next to it, so don't be surprised to see copied sentences and structure.
+ 
+-There are two tables with each three built-in chains. Each chain is a list
++There are three tables with built-in chains. Each chain is a list
+ of rules which can match frames: each rule specifies what to do with a
+ frame which matches. This is called a 'target'. The tables are used to
+ divide functionality into different sets of chains.
+@@ -66,7 +66,7 @@
+ .B "TARGET EXTENSIONS"
+ section.
+ .SS TABLES
+-There are two tables.
++There are three tables.
+ .TP
+ .B "-t, --table"
+ This option specifies the frame matching table which the command should
+@@ -90,6 +90,22 @@
+ of chains POSTROUTING and PREROUTING: it would be more accurate to call them
+ PREFORWARDING and POSTFORWARDING, but for all those who come from the iptables
+ world to ebtables it is easier to have the same names.
++.BR broute ,
++this table is used to make a brouter, it has one chain:
++.BR BROUTING .
++The targets
++.BR DROP and ACCEPT
++have special meaning in this table.
++.B DROP
++actually means the frame has to be routed, while
++.B ACCEPT
++means the frame has to be bridged. The
++.B BROUTING
++chain is traversed very early. It is only traversed by frames entering on
++a bridge enslaved nic that is in forwarding state. Normally those frames
++would be bridged, but you can decide otherwise here. The
++.B redirect
++target is very handy here.
+ .SH OPTIONS
+ The options can be divided into several different groups.
+ .SS COMMANDS
+@@ -334,13 +350,21 @@
+ The flag
+ .B --to-src
+ is an alias for this option.
++.br
++.BR "--snat-target " "\fItarget\fP"
++.br
++Specifies the standard target. After doing the snat, the rule still has 
++to give a standard target so ebtables knows what to do.
++The default target is ACCEPT. Making it CONTINUE could let you use
++multiple target extensions on the same frame. Making it DROP doesn't
++make sense, but you could do that too.
+ .TP
+ .B dnat
+ The
+ .B dnat
+ target can only be used in the
+-.BR PREROUTING " and the
+-.BR OUTPUT " chains of the " nat " table."
++.BR BROUTING " chain of the " broute " table and the "
++.BR PREROUTING " and " OUTPUT " chains of the " nat " table."
+ It specifies that the destination mac address has to be changed.
+ .br
+ .BR "--to-destination " "\fIaddress\fP"
+@@ -348,6 +372,31 @@
+ The flag
+ .B --to-dst
+ is an alias for this option.
++.br
++.BR "--dnat-target " "\fItarget\fP"
++.br
++Specifies the standard target. After doing the dnat, the rule still has to
++give a standard target so ebtables knows what to do.
++The default target is ACCEPT. Making it CONTINUE could let you use 
++multiple target extensions on the same frame. Making it DROP only makes
++sense in the BROUTING chain but using the redirect target is more logical
++there.
++.TP
++.B redirect
++The
++.B redirect
++target will change the MAC target address to that of the physical nic the
++frame arrived on. This target can only be used in the
++.BR BROUTING " chain of the " broute " table and the "
++.BR PREROUTING " chain of the " nat " table."
++.br
++.BR "--redirect-target " "\fItarget\fP"
++.br
++Specifies the standard target. After doing the MAC redirect, the rule
++still has to give a standard target so ebtables knows what to do.
++The default target is ACCEPT. Making it CONTINUE could let you use 
++multiple target extensions on the same frame. Making it DROP in the
++BROUTING chain will let the frames be routed.
+ .SH FILES
+ .I /etc/etherproto
+ .SH BUGS