summaryrefslogtreecommitdiffstats
path: root/userspace/patches/incremental-patches
diff options
context:
space:
mode:
authorBart De Schuymer <bdschuym@pandora.be>2002-10-17 21:40:45 +0000
committerBart De Schuymer <bdschuym@pandora.be>2002-10-17 21:40:45 +0000
commite3b444048f8bbd3cff9a79862904acf53612cc9a (patch)
treee8175a9ea366676991d3c53afa6cf25df3052a2e /userspace/patches/incremental-patches
parent490166ff3459fa4fbbe69e98959364977f2b47cb (diff)
*** empty log message ***
Diffstat (limited to 'userspace/patches/incremental-patches')
-rw-r--r--userspace/patches/incremental-patches/v2.0/ebtables-v2.0.1.001.diff289
1 files changed, 289 insertions, 0 deletions
diff --git a/userspace/patches/incremental-patches/v2.0/ebtables-v2.0.1.001.diff b/userspace/patches/incremental-patches/v2.0/ebtables-v2.0.1.001.diff
new file mode 100644
index 0000000..85e3949
--- /dev/null
+++ b/userspace/patches/incremental-patches/v2.0/ebtables-v2.0.1.001.diff
@@ -0,0 +1,289 @@
+--- ebtables-v2.0/Makefile Thu Sep 19 19:52:09 2002
++++ ebtables-v2.0.1/Makefile Thu Oct 17 23:27:29 2002
+@@ -2,8 +2,8 @@
+
+ KERNEL_DIR?=/usr/src/linux
+ PROGNAME:=ebtables
+-PROGVERSION:="2.0"
+-PROGDATE:="September 2002"
++PROGVERSION:="2.0.1"
++PROGDATE:="October 2002"
+
+ MANDIR?=/usr/local/man
+ CFLAGS:=-Wall -Wunused
+--- ebtables-v2.0/ebtables.c Sat Aug 24 23:01:21 2002
++++ ebtables-v2.0.1/ebtables.c Thu Oct 17 22:51:12 2002
+@@ -635,8 +635,9 @@
+ print_bug("Target not found");
+ t->print(hlp, hlp->t);
+ if (replace.flags & LIST_C)
+- printf(", count = %llu",
+- replace.counters[entries->counter_offset + i].pcnt);
++ printf(", pcnt = %llu -- bcnt = %llu",
++ replace.counters[entries->counter_offset + i].pcnt,
++ replace.counters[entries->counter_offset + i].bcnt);
+ printf("\n");
+ hlp = hlp->next;
+ }
+--- ebtables-v2.0/extensions/ebt_ip.c Thu Aug 29 18:48:36 2002
++++ ebtables-v2.0.1/extensions/ebt_ip.c Thu Oct 17 23:21:16 2002
+@@ -1,7 +1,36 @@
++/*
++ * ebtables ebt_ip: IP extension module for userspace
++ *
++ * Authors:
++ * Bart De Schuymer <bart.de.schuymer@pandora.be>
++ *
++ * Changes:
++ * added ip-sport and ip-dport; parsing of port arguments is
++ * based on code from iptables-1.2.7a
++ * Innominate Security Technologies AG <mhopf@innominate.com>
++ * September, 2002
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ *
++ */
++
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <getopt.h>
++#include <netdb.h>
+ #include "../include/ebtables_u.h"
+ #include <linux/netfilter_bridge/ebt_ip.h>
+
+@@ -9,16 +38,22 @@
+ #define IP_DEST '2'
+ #define IP_myTOS '3' // include/bits/in.h seems to already define IP_TOS
+ #define IP_PROTO '4'
++#define IP_SPORT '5'
++#define IP_DPORT '6'
+
+ static struct option opts[] =
+ {
+- { "ip-source" , required_argument, 0, IP_SOURCE },
+- { "ip-src" , required_argument, 0, IP_SOURCE },
+- { "ip-destination", required_argument, 0, IP_DEST },
+- { "ip-dst" , required_argument, 0, IP_DEST },
+- { "ip-tos" , required_argument, 0, IP_myTOS },
+- { "ip-protocol" , required_argument, 0, IP_PROTO },
+- { "ip-proto" , required_argument, 0, IP_PROTO },
++ { "ip-source" , required_argument, 0, IP_SOURCE },
++ { "ip-src" , required_argument, 0, IP_SOURCE },
++ { "ip-destination" , required_argument, 0, IP_DEST },
++ { "ip-dst" , required_argument, 0, IP_DEST },
++ { "ip-tos" , required_argument, 0, IP_myTOS },
++ { "ip-protocol" , required_argument, 0, IP_PROTO },
++ { "ip-proto" , required_argument, 0, IP_PROTO },
++ { "ip-source-port" , required_argument, 0, IP_SPORT },
++ { "ip-sport" , required_argument, 0, IP_SPORT },
++ { "ip-destination-port" , required_argument, 0, IP_DPORT },
++ { "ip-dport" , required_argument, 0, IP_DPORT },
+ { 0 }
+ };
+
+@@ -127,6 +162,56 @@
+ return buf;
+ }
+
++// transform a protocol and service name into a port number
++static uint16_t parse_port(const char *protocol, const char *name)
++{
++ struct servent *service;
++ char *end;
++ int port;
++
++ port = strtol(name, &end, 10);
++ if (*end != '\0') {
++ if (protocol &&
++ (service = getservbyname(name, protocol)) != NULL)
++ return ntohs(service->s_port);
++ }
++ else if (port >= 0 || port <= 0xFFFF) {
++ return port;
++ }
++ print_error("Problem with specified %s port '%s'",
++ protocol?protocol:"", name);
++ return 0; /* never reached */
++}
++
++static void
++parse_port_range(const char *protocol, const char *portstring, uint16_t *ports)
++{
++ char *buffer;
++ char *cp;
++
++ buffer = strdup(portstring);
++ if ((cp = strchr(buffer, ':')) == NULL)
++ ports[0] = ports[1] = parse_port(protocol, buffer);
++ else {
++ *cp = '\0';
++ cp++;
++ ports[0] = buffer[0] ? parse_port(protocol, buffer) : 0;
++ ports[1] = cp[0] ? parse_port(protocol, cp) : 0xFFFF;
++
++ if (ports[0] > ports[1])
++ print_error("Invalid portrange (min > max)");
++ }
++ free(buffer);
++}
++
++static void print_port_range(uint16_t *ports)
++{
++ if (ports[0] == ports[1])
++ printf("%d ", ports[0]);
++ else
++ printf("%d:%d ", ports[0], ports[1]);
++}
++
+ static void print_help()
+ {
+ printf(
+@@ -134,7 +219,9 @@
+ "--ip-src [!] address[/mask]: ip source specification\n"
+ "--ip-dst [!] address[/mask]: ip destination specification\n"
+ "--ip-tos [!] tos : ip tos specification\n"
+-"--ip-proto [!] protocol : ip protocol specification\n");
++"--ip-proto [!] protocol : ip protocol specification\n"
++"--ip-sport [!] port[:port] : tcp/udp source port or port range\n"
++"--ip-dport [!] port[:port] : tcp/udp destination port or port range\n");
+ }
+
+ static void init(struct ebt_entry_match *match)
+@@ -149,6 +236,8 @@
+ #define OPT_DEST 0x02
+ #define OPT_TOS 0x04
+ #define OPT_PROTO 0x08
++#define OPT_SPORT 0x10
++#define OPT_DPORT 0x20
+ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
+ unsigned int *flags, struct ebt_entry_match **match)
+ {
+@@ -183,6 +272,27 @@
+ &ipinfo->dmsk);
+ break;
+
++ case IP_SPORT:
++ case IP_DPORT:
++ if (c == IP_SPORT) {
++ check_option(flags, OPT_SPORT);
++ ipinfo->bitmask |= EBT_IP_SPORT;
++ if (check_inverse(optarg))
++ ipinfo->invflags |= EBT_IP_SPORT;
++ } else {
++ check_option(flags, OPT_DPORT);
++ ipinfo->bitmask |= EBT_IP_DPORT;
++ if (check_inverse(optarg))
++ ipinfo->invflags |= EBT_IP_DPORT;
++ }
++ if (optind > argc)
++ print_error("Missing port argument");
++ if (c == IP_SPORT)
++ parse_port_range(NULL, argv[optind - 1], ipinfo->sport);
++ else
++ parse_port_range(NULL, argv[optind - 1], ipinfo->dport);
++ break;
++
+ case IP_myTOS:
+ check_option(flags, OPT_TOS);
+ if (check_inverse(optarg))
+@@ -219,9 +329,19 @@
+ const struct ebt_entry_match *match, const char *name,
+ unsigned int hookmask, unsigned int time)
+ {
++ struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)match->data;
++
+ if (entry->ethproto != ETH_P_IP || entry->invflags & EBT_IPROTO)
+ print_error("For IP filtering the protocol must be "
+ "specified as IPv4");
++
++ if (ipinfo->bitmask & (EBT_IP_SPORT|EBT_IP_DPORT) &&
++ (!ipinfo->bitmask & EBT_IP_PROTO ||
++ ipinfo->invflags & EBT_IP_PROTO ||
++ (ipinfo->protocol!=IPPROTO_TCP &&
++ ipinfo->protocol!=IPPROTO_UDP)))
++ print_error("For port filtering the IP protocol must be "
++ "either 6 (tcp) or 17 (udp)");
+ }
+
+ static void print(const struct ebt_u_entry *entry,
+@@ -260,6 +380,20 @@
+ printf("! ");
+ printf("%d ", ipinfo->protocol);
+ }
++ if (ipinfo->bitmask & EBT_IP_SPORT) {
++ printf("--ip-sport ");
++ if (ipinfo->invflags & EBT_IP_SPORT) {
++ printf("! ");
++ }
++ print_port_range(ipinfo->sport);
++ }
++ if (ipinfo->bitmask & EBT_IP_DPORT) {
++ printf("--ip-dport ");
++ if (ipinfo->invflags & EBT_IP_DPORT) {
++ printf("! ");
++ }
++ print_port_range(ipinfo->dport);
++ }
+ }
+
+ static int compare(const struct ebt_entry_match *m1,
+@@ -290,6 +424,14 @@
+ }
+ if (ipinfo1->bitmask & EBT_IP_PROTO) {
+ if (ipinfo1->protocol != ipinfo2->protocol)
++ return 0;
++ }
++ if (ipinfo1->bitmask & EBT_IP_SPORT) {
++ if (ipinfo1->sport != ipinfo2->sport)
++ return 0;
++ }
++ if (ipinfo1->bitmask & EBT_IP_DPORT) {
++ if (ipinfo1->dport != ipinfo2->dport)
+ return 0;
+ }
+ return 1;
+--- ebtables-v2.0/ebtables.8 Sun Aug 11 13:58:05 2002
++++ ebtables-v2.0.1/ebtables.8 Thu Oct 17 23:20:57 2002
+@@ -153,7 +153,8 @@
+ .br
+ .B "--Lc"
+ .br
+-Puts the counter value at the end of every rule.
++Shows the counters at the end of every rule, there is a frame counter
++(pcnt) and a byte counter (bcnt).
+ .br
+ .B "--Lx"
+ .br
+@@ -371,6 +372,19 @@
+ The ip protocol.
+ The flag
+ .B --ip-proto
++is an alias for this option.
++.TP
++.BR "--ip-source-port " "[!] \fIport\fP[:\fIport\fP]"
++The source port or port range for the ip protocols 6 (TCP) and 17
++(UDP). If the first port is omitted, "0" is assumed; if the last
++is omitted, "65535" is assumed. The flag
++.B --ip-sport
++is an alias for this option.
++.TP
++.BR "--ip-destination-port " "[!] \fIport\fP[:\fIport\fP]"
++The destination port or port range for ip protocols 6 (TCP) and
++17 (UDP). The flag
++.B --ip-dport
+ is an alias for this option.
+ .SS arp
+ Specify arp specific fields. These will only work if the protocol equals