diff options
| author | Bart De Schuymer <bdschuym@pandora.be> | 2002-08-31 09:42:08 +0000 |
|---|---|---|
| committer | Bart De Schuymer <bdschuym@pandora.be> | 2002-08-31 09:42:08 +0000 |
| commit | 067b471e5066755f981d1cccb242fb941dd48ff2 (patch) | |
| tree | 37b5928b1ff57134a2479f8f90132439b52d4732 /userspace/patches | |
| parent | a22e9991893eff9175703cce2b240a4837c1c7b1 (diff) | |
*** empty log message ***
Diffstat (limited to 'userspace/patches')
| -rw-r--r-- | userspace/patches/incremental-patches/ebtables-v2.0-rc2.001.diff | 1730 |
1 files changed, 1730 insertions, 0 deletions
diff --git a/userspace/patches/incremental-patches/ebtables-v2.0-rc2.001.diff b/userspace/patches/incremental-patches/ebtables-v2.0-rc2.001.diff new file mode 100644 index 0000000..d39d9ad --- /dev/null +++ b/userspace/patches/incremental-patches/ebtables-v2.0-rc2.001.diff @@ -0,0 +1,1730 @@ +--- ebtables-v2.0-rc1/Makefile Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/Makefile Sun Aug 11 17:28:10 2002 +@@ -2,7 +2,8 @@ + + KERNEL_DIR?=/usr/src/linux + PROGNAME:=ebtables +-PROGVERSION:="2.0-rc1 (July 2002)" ++PROGVERSION:="2.0-rc2" ++PROGDATE:="August 2002" + + MANDIR?=/usr/local/man + CFLAGS:=-Wall -Wunused +@@ -22,8 +23,6 @@ + mkdir -p /usr/include/linux/netfilter_bridge + cp -f $(KERNEL_DIR)/include/linux/netfilter_bridge/* \ + /usr/include/linux/netfilter_bridge/ +- cp -f $(KERNEL_DIR)/include/linux/br_db.h \ +- /usr/include/linux/br_db.h + cp -f $(KERNEL_DIR)/include/linux/netfilter_bridge.h \ + /usr/include/linux/netfilter_bridge.h + cp -f $(KERNEL_DIR)/include/linux/if_ether.h \ +@@ -35,11 +34,11 @@ + ln -fs $(KERNEL_DIR)/include/linux /usr/include/linux + + communication.o: communication.c include/ebtables_u.h +- $(CC) $(CFLAGS) -c -o $@ $< ++ $(CC) $(CFLAGS) -DPROGVERSION=\"$(PROGVERSION)\" -c -o $@ $< + + ebtables.o: ebtables.c include/ebtables_u.h + $(CC) $(CFLAGS) -DPROGVERSION=\"$(PROGVERSION)\" \ +- -DPROGNAME=\"$(PROGNAME)\" -c -o $@ $< ++ -DPROGNAME=\"$(PROGNAME)\" -DPROGDATE=\"$(PROGDATE)\" -c -o $@ $< + + ebtables: ebtables.o communication.o $(EXT_OBJS) + $(CC) $(CFLAGS) -o $@ $^ +--- ebtables-v2.0-rc1/ebtables.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/ebtables.c Sat Aug 24 20:32:04 2002 +@@ -23,20 +23,28 @@ + + #include <getopt.h> + #include <string.h> +-#include <errno.h> + #include <stdio.h> + #include <stdlib.h> +-#include <sys/socket.h> +-#include <sys/types.h> +-#include <linux/netfilter_bridge/ebtables.h> +-#include <linux/br_db.h> // the database +-#include <netinet/in.h> ++#include <stdarg.h> + #include <netinet/ether.h> + #include "include/ebtables_u.h" + #include <unistd.h> + #include <fcntl.h> + #include <sys/wait.h> + ++// Don't use this function, use print_bug() ++void __print_bug(char *file, int line, char *format, ...) ++{ ++ va_list l; ++ ++ va_start(l, format); ++ printf(PROGNAME" v"PROGVERSION":%s:%d:--BUG--: \n", file, line); ++ vprintf(format, l); ++ printf("\n"); ++ va_end(l); ++ exit (-1); ++} ++ + // here are the number-name correspondences kept for the Ethernet + // frame type field + #define PROTOCOLFILE "/etc/ethertypes" +@@ -45,11 +53,6 @@ + #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" + #endif + +-#define DATABASEHOOKNR -2 +-#define DATABASEHOOKNAME "DB" +- +-static char *prog_name = PROGNAME; +-static char *prog_version = PROGVERSION; + char *hooknames[NF_BR_NUMHOOKS] = + { + [NF_BR_PRE_ROUTING]"PREROUTING", +@@ -193,7 +196,7 @@ + // on CONTINUE + e->t = (struct ebt_entry_target *)find_target(EBT_STANDARD_TARGET); + if (!e->t) +- print_bug("Couldn't load standard target\n"); ++ print_bug("Couldn't load standard target"); + } + + // this doesn't free e, becoz the calling function might need e->next +@@ -432,6 +435,7 @@ + + // translate a hexadecimal number to a protocol name, parsing /etc/ethertypes + // returns 0 on success ++// this demands the name buffer to be of size at least 21 + int number_to_name(unsigned short proto, char *name) + { + FILE *ifp; +@@ -476,9 +480,9 @@ + printf("ebtables -t %s -P %s %s\n", replace.name, + entries->name, standard_targets[-entries->policy - 1]); + } else if (!(replace.flags & LIST_X)) { +- printf("\nBridge chain: %s\nPolicy: %s\n", entries->name, ++ printf("\nBridge chain: %s, entries: %d, policy: %s\n", ++ entries->name, entries->nentries, + standard_targets[-entries->policy - 1]); +- printf("nr. of entries: %d \n", entries->nentries); + } + + i = entries->nentries; +@@ -759,10 +763,6 @@ + int i; + struct ebt_u_chain_list *cl = replace.udc; + +- // database is special case (not really a chain) +- if (!strcmp(arg, DATABASEHOOKNAME)) +- return DATABASEHOOKNR; +- + for (i = 0; i < NF_BR_NUMHOOKS; i++) { + if (!(replace.valid_hooks & (1 << i))) + continue; +@@ -784,27 +784,25 @@ + struct ebt_u_match_list *m_l; + struct ebt_u_watcher_list *w_l; + +- printf( +-"%s v%s\n" ++ printf(PROGNAME" v"PROGVERSION" ("PROGDATE")\n" + "Usage:\n" + "ebtables -[ADI] chain rule-specification [options]\n" + "ebtables -P chain target\n" + "ebtables -[LFZ] [chain]\n" + "ebtables -[b] [y,n]\n" + "Commands:\n" +-"--append -A chain : Append to chain\n" +-"--delete -D chain : Delete matching rule from chain\n" +-"--delete -D chain rulenum : Delete rule at position rulenum from chain\n" ++"--append -A chain : append to chain\n" ++"--delete -D chain : delete matching rule from chain\n" ++"--delete -D chain rulenum : delete rule at position rulenum from chain\n" + "--insert -I chain rulenum : insert rule at position rulenum in chain\n" +-"--list -L [chain] : List the rules in a chain or in all chains\n" +-"--list -L "DATABASEHOOKNAME" : List the database (if present)\n" +-"--flush -F [chain] : Delete all rules in chain or in all chains\n" +-"--init-table : Replace the kernel table with the initial table\n" +-"--zero -Z [chain] : Put counters on zero in chain or in all chains\n" +-"--policy -P chain target : Change policy on chain to target\n" +-"--new-chain -N chain : Create a user defined chain\n" +-"--rename-chain -E old new : Rename a chain\n" +-"--delete-chain -X chain : Delete a user defined chain\n" ++"--list -L [chain] : list the rules in a chain or in all chains\n" ++"--flush -F [chain] : delete all rules in chain or in all chains\n" ++"--init-table : replace the kernel table with the initial table\n" ++"--zero -Z [chain] : put counters on zero in chain or in all chains\n" ++"--policy -P chain target : change policy on chain to target\n" ++"--new-chain -N chain : create a user defined chain\n" ++"--rename-chain -E old new : rename a chain\n" ++"--delete-chain -X chain : delete a user defined chain\n" + "--atomic-commit file : update the kernel w/ the table contained in file\n" + "--atomic-init file : put the initial kernel table into file\n" + "--atomic-save file : put the current kernel table into file\n" +@@ -819,9 +817,7 @@ + "--logical-out [!] name : logical bridge output interface name\n" + "--modprobe -M program : try to insert modules using this program\n" + "--version -V : print package version\n" +-"\n" , +- prog_name, +- prog_version); ++"\n"); + + m_l = new_entry->m_list; + while (m_l) { +@@ -1311,66 +1307,6 @@ + } + } + +-// list the database (optionally compiled into the kernel) +-static void list_db() +-{ +- struct brdb_dbinfo nr; +- struct brdb_dbentry *db; +- char name[21]; +- int i; +- +- get_dbinfo(&nr); +- +- // 0 : database disabled (-db n) +- if (!(nr.nentries)) +- print_error("Database not present" +- " (disabled), try ebtables --db y"); +- nr.nentries--; +- if (!nr.nentries) print_error("Database empty"); +- if ( !(db = (struct brdb_dbentry *) +- malloc(nr.nentries * sizeof(struct brdb_dbentry))) ) +- print_memory(); +- +- get_db(nr.nentries, db); +- printf("number of entries: %d\n", nr.nentries); +- for (i = 0; i < nr.nentries; i++) { +- printf( +- "%d:\n" +- "hook : %s\n" +- "in-if : %s\n" +- "out-if : %s\n" +- "protocol: ", i + 1, hooknames[db->hook], db->in, db->out); +- if (db->ethproto == IDENTIFY802_3) +- printf("802.2/802.3 STYLE LENGTH FIELD\n"); +- else { +- if (number_to_name(ntohs(db->ethproto), name)) +- printf("%x\n",ntohs(db->ethproto)); +- else +- printf("%s\n", name); +- } +- db++; +- } +- exit(0); +-} +- +-// handle db [dis,en]abling +-static void allowdb(char yorn) +-{ +- __u16 decision; +- +- if (yorn != 'y' && yorn != 'n') +- print_error("Option [y] or [n] needed"); +- +- if (yorn == 'y') +- decision = BRDB_DB; +- else +- decision = BRDB_NODB; +- +- deliver_allowdb(&decision); +- +- exit(0); +-} +- + // 0 == success + // 1 == success, but for the special 'protocol' LENGTH + // -1 == failure +@@ -1526,8 +1462,14 @@ + print_error("The kernel doesn't support the ebtables " + "%s table", replace.name); + } ++ // when listing a table contained in a file, we don't expect the user ++ // to know what the table's name is ++ if ( !(table = find_table(replace.name)) ) ++ print_error("Bad table name"); + } + ++#define print_if_l_error print_error("Interface name length must be less " \ ++ "than %d", IFNAMSIZ) + #define OPT_COMMAND 0x01 + #define OPT_TABLE 0x02 + #define OPT_IN 0x04 +@@ -1542,7 +1484,7 @@ + // the main thing + int main(int argc, char *argv[]) + { +- char *buffer, allowbc = 'n'; ++ char *buffer; + int c, i; + // this special one for the -Z option (we can have -Z <this> -L <that>) + int zerochain = -1; +@@ -1576,7 +1518,7 @@ + + // getopt saves the day + while ((c = getopt_long(argc, argv, +- "-A:D:I:N:E:X:L::Z::F::P:Vhi:o:j:p:b:s:d:t:M:", ebt_options, NULL)) != -1) { ++ "-A:D:I:N:E:X:L::Z::F::P:Vhi:o:j:p:s:d:t:M:", ebt_options, NULL)) != -1) { + switch (c) { + + case 'A': // add a rule +@@ -1738,7 +1680,7 @@ + replace.command = 'V'; + if (replace.flags & OPT_COMMAND) + print_error("Multiple commands not allowed"); +- printf("%s, %s\n", prog_name, prog_version); ++ printf(PROGNAME" v"PROGVERSION" ("PROGDATE")\n"); + exit(0); + + case 'M': // modprobe +@@ -1812,7 +1754,7 @@ + print_error("No in-interface " + "specified"); + if (strlen(argv[optind - 1]) >= IFNAMSIZ) +- print_error("Illegal interface length"); ++ print_if_l_error; + strcpy(new_entry->in, argv[optind - 1]); + break; + } +@@ -1830,7 +1772,7 @@ + print_error("No logical in-interface " + "specified"); + if (strlen(argv[optind - 1]) >= IFNAMSIZ) +- print_error("Illegal interface length"); ++ print_if_l_error; + strcpy(new_entry->logical_in, argv[optind - 1]); + break; + } +@@ -1848,8 +1790,7 @@ + "specified"); + + if (strlen(argv[optind - 1]) >= IFNAMSIZ) +- print_error("Illegal interface " +- "length"); ++ print_if_l_error; + strcpy(new_entry->out, argv[optind - 1]); + break; + } +@@ -1867,8 +1808,7 @@ + "specified"); + + if (strlen(argv[optind - 1]) >= IFNAMSIZ) +- print_error("Illegal interface " +- "length"); ++ print_if_l_error; + strcpy(new_entry->logical_out, + argv[optind - 1]); + break; +@@ -1972,18 +1912,8 @@ + " or equal to 0x0600"); + break; + +- case 'b': // allow database? +- if (replace.flags & OPT_COMMAND) +- print_error("Multiple commands not allowed"); +- replace.command = c; +- allowbc = *optarg; +- break; +- + case 4 : // Lc + check_option(&replace.flags, LIST_C); +- if (replace.selected_hook == DATABASEHOOKNR) +- print_error("--Lc not valid for listing" +- " the database"); + if (replace.command != 'L') + print_error("Use --Lc with -L"); + if (replace.flags & LIST_X) +@@ -1992,9 +1922,6 @@ + break; + case 5 : // Ln + check_option(&replace.flags, LIST_N); +- if (replace.selected_hook == DATABASEHOOKNR) +- print_error("--Ln not valid for listing" +- " the database"); + if (replace.command != 'L') + print_error("Use --Ln with -L"); + if (replace.flags & LIST_X) +@@ -2003,9 +1930,6 @@ + break; + case 6 : // Lx + check_option(&replace.flags, LIST_X); +- if (replace.selected_hook == DATABASEHOOKNR) +- print_error("--Lx not valid for listing" +- " the database"); + if (replace.command != 'L') + print_error("Use --Lx with -L"); + if (replace.flags & LIST_C) +@@ -2039,6 +1963,7 @@ + // make sure the table will be written to the kernel + free(replace.filename); + replace.filename = NULL; ++ ebtables_insmod("ebtables", modprobe); + break; + case 7 : // atomic-init + case 10: // atomic-save +@@ -2106,11 +2031,6 @@ + + if ( !table && !(table = find_table(replace.name)) ) + print_error("Bad table name"); +- // database stuff before ebtables stuff +- if (replace.command == 'b') +- allowdb(allowbc); +- if (replace.command == 'L' && replace.selected_hook == DATABASEHOOKNR) +- list_db(); + + if ( (replace.flags & OPT_COMMAND) && replace.command != 'L' && + replace.flags & OPT_ZERO ) +@@ -2148,9 +2068,13 @@ + // the kernel does not have to do this ofcourse + new_entry->ethproto = htons(new_entry->ethproto); + +- if (replace.command == 'P') ++ if (replace.command == 'P') { ++ if (replace.selected_hook < NF_BR_NUMHOOKS && ++ policy == EBT_RETURN) ++ print_error("Policy RETURN only allowed for user " ++ "defined chains"); + change_policy(policy); +- else if (replace.command == 'L') { ++ } else if (replace.command == 'L') { + list_rules(); + if (replace.flags & OPT_ZERO) + zero_counters(zerochain); +--- ebtables-v2.0-rc1/communication.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/communication.c Sat Aug 24 20:33:51 2002 +@@ -17,9 +17,6 @@ + #include <stdio.h> + #include <stdlib.h> + #include <sys/socket.h> +-#include <linux/netfilter_bridge/ebtables.h> +-#include <linux/br_db.h> +-#include <netinet/in.h> // IPPROTO_IP + #include "include/ebtables_u.h" + + extern char* hooknames[NF_BR_NUMHOOKS]; +@@ -32,7 +29,8 @@ + sockfd = socket(AF_INET, SOCK_RAW, PF_INET); + if (sockfd < 0) + print_error("Problem getting a socket, " +- "do you have the right permissions?"); ++ "you probably don't have the right " ++ "permissions"); + } + } + +@@ -556,7 +554,7 @@ + char command) + { + FILE *file; +- char *hlp; ++ char *hlp = NULL; + int size; + + if (!(file = fopen(filename, "r+b"))) +@@ -658,9 +656,11 @@ + struct ebt_u_entry **u_e; + + strcpy(repl.name, u_repl->name); +- if (u_repl->filename != NULL) ++ if (u_repl->filename != NULL) { + retrieve_from_file(u_repl->filename, &repl, u_repl->command); +- else if (retrieve_from_kernel(&repl, u_repl->command) == -1) ++ // -L with a wrong table name should be dealt with silently ++ strcpy(u_repl->name, repl.name); ++ } else if (retrieve_from_kernel(&repl, u_repl->command) == -1) + return -1; + + // translate the struct ebt_replace to a struct ebt_u_replace +@@ -682,38 +682,4 @@ + if (k != u_repl->nentries) + print_bug("Wrong total nentries"); + return 0; +-} +- +-void get_dbinfo(struct brdb_dbinfo *nr) +-{ +- socklen_t optlen = sizeof(struct brdb_dbinfo); +- +- get_sockfd(); +- +- if (getsockopt(sockfd, IPPROTO_IP, BRDB_SO_GET_DBINFO, nr, &optlen)) +- print_error("Sorry, br_db code probably not in kernel, " +- "try insmod br_db"); +-} +- +-void get_db(int len, struct brdb_dbentry *db) +-{ +- socklen_t optlen = len; +- +- get_sockfd(); +- +- if ( getsockopt(sockfd, IPPROTO_IP, BRDB_SO_GET_DB, db, &optlen) ) { +- print_bug("hmm, what is wrong??? bug#2"); +- } +-} +- +-void deliver_allowdb(__u16 *decision) +-{ +- socklen_t optlen = sizeof(__u16); +- +- get_sockfd(); +- +- if (setsockopt(sockfd, IPPROTO_IP, BRDB_SO_SET_ALLOWDB, +- decision, optlen)) +- print_error("Sorry, br_db code probably not in kernel, " +- "try insmod br_db"); + } +--- ebtables-v2.0-rc1/extensions/ebt_redirect.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_redirect.c Sat Aug 24 15:31:38 2002 +@@ -1,14 +1,10 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/socket.h> +-#include <netinet/in.h> + #include <getopt.h> + #include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_redirect.h> + +-extern char *standard_targets[NUM_STANDARD_TARGETS]; +- + #define REDIRECT_TARGET '1' + static struct option opts[] = + { +@@ -37,19 +33,13 @@ + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target) + { +- int i; + struct ebt_redirect_info *redirectinfo = + (struct ebt_redirect_info *)(*target)->data; + + switch (c) { + case REDIRECT_TARGET: + check_option(flags, OPT_REDIRECT_TARGET); +- for (i = 0; i < NUM_STANDARD_TARGETS; i++) +- if (!strcmp(optarg, standard_targets[i])) { +- redirectinfo->target = -i - 1; +- break; +- } +- if (i == NUM_STANDARD_TARGETS) ++ if (FILL_TARGET(optarg, redirectinfo->target)) + print_error("Illegal --redirect-target target"); + break; + default: +@@ -60,17 +50,17 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + struct ebt_redirect_info *redirectinfo = + (struct ebt_redirect_info *)target->data; + +- if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && +- redirectinfo->target == EBT_RETURN) +- print_error("--redirect-target RETURN not allowed on base chain"); +- hook_mask &= ~(1 << NF_BR_NUMHOOKS); +- if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) && +- ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) ) ++ if (BASE_CHAIN && redirectinfo->target == EBT_RETURN) ++ print_error("--redirect-target RETURN not allowed on " ++ "base chain"); ++ CLEAR_BASE_CHAIN_BIT; ++ if ( ((hookmask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) && ++ ((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) ) + print_error("Wrong chain for redirect"); + } + +@@ -82,8 +72,7 @@ + + if (redirectinfo->target == EBT_ACCEPT) + return; +- printf(" --redirect-target %s", +- standard_targets[-redirectinfo->target - 1]); ++ printf(" --redirect-target %s", TARGET_NAME(redirectinfo->target)); + } + + static int compare(const struct ebt_entry_target *t1, +@@ -107,7 +96,7 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + + static void _init(void) __attribute__ ((constructor)); +--- ebtables-v2.0-rc1/extensions/ebtable_broute.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/extensions/ebtable_broute.c Tue Aug 13 12:59:14 2002 +@@ -1,5 +1,4 @@ + #include <stdio.h> +-#include <sys/socket.h> + #include "../include/ebtables_u.h" + + +--- ebtables-v2.0-rc1/extensions/ebt_nat.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_nat.c Sat Aug 24 15:31:03 2002 +@@ -1,16 +1,12 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/socket.h> +-#include <netinet/in.h> + #include <netinet/ether.h> + #include <getopt.h> + #include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_nat.h> + +-extern char *standard_targets[NUM_STANDARD_TARGETS]; +- +-int to_source_supplied, to_dest_supplied; ++static int to_source_supplied, to_dest_supplied; + + #define NAT_S '1' + #define NAT_D '1' +@@ -20,7 +16,7 @@ + { + { "to-source" , required_argument, 0, NAT_S }, + { "to-src" , required_argument, 0, NAT_S }, +- { "snat-target" , required_argument, 0, NAT_S_TARGET }, ++ { "snat-target" , required_argument, 0, NAT_S_TARGET }, + { 0 } + }; + +@@ -28,7 +24,7 @@ + { + { "to-destination", required_argument, 0, NAT_D }, + { "to-dst" , required_argument, 0, NAT_D }, +- { "dnat-target" , required_argument, 0, NAT_D_TARGET }, ++ { "dnat-target" , required_argument, 0, NAT_D_TARGET }, + { 0 } + }; + +@@ -72,7 +68,6 @@ + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target) + { +- int i; + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; + struct ether_addr *addr; + +@@ -86,12 +81,7 @@ + break; + case NAT_S_TARGET: + check_option(flags, OPT_SNAT_TARGET); +- for (i = 0; i < NUM_STANDARD_TARGETS; i++) +- if (!strcmp(optarg, standard_targets[i])) { +- natinfo->target = -i - 1; +- break; +- } +- if (i == NUM_STANDARD_TARGETS) ++ if (FILL_TARGET(optarg, natinfo->target)) + print_error("Illegal --snat-target target"); + break; + default: +@@ -106,7 +96,6 @@ + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target) + { +- int i; + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; + struct ether_addr *addr; + +@@ -121,12 +110,7 @@ + break; + case NAT_D_TARGET: + check_option(flags, OPT_DNAT_TARGET); +- for (i = 0; i < NUM_STANDARD_TARGETS; i++) +- if (!strcmp(optarg, standard_targets[i])) { +- natinfo->target = -i - 1; +- break; +- } +- if (i == NUM_STANDARD_TARGETS) ++ if (FILL_TARGET(optarg, natinfo->target)) + print_error("Illegal --dnat-target target"); + break; + default: +@@ -137,14 +121,14 @@ + + static void final_check_s(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; + +- if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && natinfo->target == EBT_RETURN) ++ if (BASE_CHAIN && natinfo->target == EBT_RETURN) + print_error("--snat-target RETURN not allowed on base chain"); +- hook_mask &= ~(1 << NF_BR_NUMHOOKS); +- if (!(hook_mask & (1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) ++ CLEAR_BASE_CHAIN_BIT; ++ if ((hookmask & ~(1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) + print_error("Wrong chain for snat"); + if (time == 0 && to_source_supplied == 0) + print_error("No snat address supplied"); +@@ -152,16 +136,16 @@ + + static void final_check_d(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; + +- if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && natinfo->target == EBT_RETURN) ++ if (BASE_CHAIN && natinfo->target == EBT_RETURN) + print_error("--dnat-target RETURN not allowed on base chain"); +- hook_mask &= ~(1 << NF_BR_NUMHOOKS); +- if (((hook_mask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) || +- strcmp(name, "nat")) && +- ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) ++ CLEAR_BASE_CHAIN_BIT; ++ if (((hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) ++ || strcmp(name, "nat")) && ++ ((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) + print_error("Wrong chain for dnat"); + if (time == 0 && to_dest_supplied == 0) + print_error("No dnat address supplied"); +@@ -174,7 +158,7 @@ + + printf("--to-src "); + printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); +- printf(" --snat-target %s", standard_targets[-natinfo->target - 1]); ++ printf(" --snat-target %s", TARGET_NAME(natinfo->target)); + } + + static void print_d(const struct ebt_u_entry *entry, +@@ -184,7 +168,7 @@ + + printf("--to-dst "); + printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); +- printf(" --dnat-target %s", standard_targets[-natinfo->target - 1]); ++ printf(" --dnat-target %s", TARGET_NAME(natinfo->target)); + } + + static int compare(const struct ebt_entry_target *t1, +@@ -221,7 +205,7 @@ + final_check_d, + print_d, + compare, +- opts_d, ++ opts_d + }; + + static void _init(void) __attribute__ ((constructor)); +--- ebtables-v2.0-rc1/extensions/ebt_ip.c Thu Jun 27 18:53:55 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_ip.c Thu Aug 29 18:53:30 2002 +@@ -1,7 +1,5 @@ + #include <stdio.h> + #include <stdlib.h> +-#include <sys/socket.h> +-#include <netinet/in.h> + #include <string.h> + #include <getopt.h> + #include "../include/ebtables_u.h" +@@ -28,7 +26,8 @@ + static int undot_ip(char *ip, unsigned char *ip2) + { + char *p, *q, *end; +- int onebyte, i; ++ long int onebyte; ++ int i; + char buf[20]; + + strncpy(buf, ip, sizeof(buf) - 1); +@@ -46,7 +45,7 @@ + } + + onebyte = strtol(p, &end, 10); +- if (*end != '\0' || onebyte >255 || onebyte < 0) ++ if (*end != '\0' || onebyte > 255 || onebyte < 0) + return -1; + ip2[3] = (unsigned char)onebyte; + +@@ -57,8 +56,8 @@ + static int ip_mask(char *mask, unsigned char *mask2) + { + char *end; +- int bits; +- __u32 mask22; ++ long int bits; ++ uint32_t mask22; + + if (undot_ip(mask, mask2)) { + // not the /a.b.c.e format, maybe the /x format +@@ -77,39 +76,38 @@ + } + + // set the ip mask and ip address +-void parse_ip_address(char *address, __u32 *addr, __u32 *msk) ++void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk) + { + char *p; +- int i; + + // first the mask + if ((p = strrchr(address, '/')) != NULL) { + *p = '\0'; +- i = ip_mask(p + 1, (unsigned char *)msk); +- if (i) +- print_error("Problem with the ip mask"); ++ if (ip_mask(p + 1, (unsigned char *)msk)) ++ print_error("Problem with the IP mask"); + } + else + *msk = 0xFFFFFFFF; + +- i = undot_ip(address, (unsigned char *)addr); +- if (i) +- print_error("Problem with the ip address"); ++ if (undot_ip(address, (unsigned char *)addr)) ++ print_error("Problem with the IP address"); + *addr = *addr & *msk; + } + + // transform the ip mask into a string ready for output +-char *mask_to_dotted(__u32 mask) ++char *mask_to_dotted(uint32_t mask) + { + int i; + static char buf[20]; +- __u32 maskaddr, bits; ++ uint32_t maskaddr, bits; + + maskaddr = ntohl(mask); + + // don't print /32 +- if (mask == 0xFFFFFFFFL) +- return ""; ++ if (mask == 0xFFFFFFFFL) { ++ *buf = '\0'; ++ return buf; ++ } + + i = 32; + bits = 0xFFFFFFFEL; // case 0xFFFFFFFF has just been dealt with +@@ -156,7 +154,7 @@ + { + struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)(*match)->data; + char *end; +- int i; ++ long int i; + + switch (c) { + case IP_SOURCE: +@@ -176,7 +174,7 @@ + } + + if (optind > argc) +- print_error("Missing ip address argument"); ++ print_error("Missing IP address argument"); + if (c == IP_SOURCE) + parse_ip_address(argv[optind - 1], &ipinfo->saddr, + &ipinfo->smsk); +@@ -191,10 +189,10 @@ + ipinfo->invflags |= EBT_IP_TOS; + + if (optind > argc) +- print_error("Missing ip tos argument"); ++ print_error("Missing IP tos argument"); + i = strtol(argv[optind - 1], &end, 16); + if (i < 0 || i > 255 || *end != '\0') +- print_error("Problem with specified ip tos"); ++ print_error("Problem with specified IP tos"); + ipinfo->tos = i; + ipinfo->bitmask |= EBT_IP_TOS; + break; +@@ -204,10 +202,10 @@ + if (check_inverse(optarg)) + ipinfo->invflags |= EBT_IP_PROTO; + if (optind > argc) +- print_error("Missing ip protocol argument"); ++ print_error("Missing IP protocol argument"); + i = strtol(argv[optind - 1], &end, 10); + if (i < 0 || i > 255 || *end != '\0') +- print_error("Problem with specified ip protocol"); ++ print_error("Problem with specified IP protocol"); + ipinfo->protocol = i; + ipinfo->bitmask |= EBT_IP_PROTO; + break; +@@ -219,10 +217,9 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { +- if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || +- entry->ethproto != ETH_P_IP) ++ if (entry->ethproto != ETH_P_IP || entry->invflags & EBT_IPROTO) + print_error("For IP filtering the protocol must be " + "specified as IPv4"); + } +@@ -259,7 +256,7 @@ + } + if (ipinfo->bitmask & EBT_IP_PROTO) { + printf("--ip-proto "); +- if (ipinfo->invflags & EBT_IP_DEST) ++ if (ipinfo->invflags & EBT_IP_PROTO) + printf("! "); + printf("%d ", ipinfo->protocol); + } +@@ -308,7 +305,7 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + + static void _init(void) __attribute((constructor)); +--- ebtables-v2.0-rc1/extensions/ebt_arp.c Thu Jun 27 18:53:55 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_arp.c Thu Aug 29 18:54:13 2002 +@@ -1,8 +1,6 @@ + #include <stdio.h> + #include <string.h> + #include <stdlib.h> +-#include <sys/socket.h> +-#include <netinet/in.h> + #include <getopt.h> + #include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_arp.h> +@@ -23,40 +21,38 @@ + { 0 } + }; + ++#define NUMOPCODES 9 + // a few names + static char *opcodes[] = + { + "Request", + "Reply", +- "Request Reverse", +- "Reply Reverse", +- "DRARP Request", +- "DRARP Reply", +- "DRARP Error", +- "InARP Request", +- "ARP NAK", +- "" ++ "Request_Reverse", ++ "Reply_Reverse", ++ "DRARP_Request", ++ "DRARP_Reply", ++ "DRARP_Error", ++ "InARP_Request", ++ "ARP_NAK", + }; + + static void print_help() + { +- int i = 0; ++ int i; + + printf( + "arp options:\n" + "--arp-opcode opcode : ARP opcode (integer or string)\n" + "--arp-htype type : ARP hardware type (integer or string)\n" + "--arp-ptype type : ARP protocol type (hexadecimal or string)\n" +-"--arp-ip-src [!] address[/mask]: ARP ip source specification\n" +-"--arp-ip-dst [!] address[/mask]: ARP ip target specification\n" ++"--arp-ip-src [!] address[/mask]: ARP IP source specification\n" ++"--arp-ip-dst [!] address[/mask]: ARP IP target specification\n" + " opcode strings: \n"); +- while (strcmp(opcodes[i], "")) { ++ for (i = 0; i < NUMOPCODES; i++) + printf("%d = %s\n", i + 1, opcodes[i]); +- i++; +- } + printf( +-" hardware type string: \n 1 = Ethernet\n" +-" protocol type string: \n 0x0800 = IPv4\n"); ++" hardware type string: 1 = Ethernet\n" ++" protocol type string: see /etc/ethertypes\n"); + } + + static void init(struct ebt_entry_match *match) +@@ -68,7 +64,7 @@ + } + + // defined in ebt_ip.c +-void parse_ip_address(char *address, __u32 *addr, __u32 *msk); ++void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk); + + #define OPT_OPCODE 0x01 + #define OPT_HTYPE 0x02 +@@ -79,10 +75,10 @@ + unsigned int *flags, struct ebt_entry_match **match) + { + struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data; +- int i; ++ long int i; + char *end; +- __u32 *addr; +- __u32 *mask; ++ uint32_t *addr; ++ uint32_t *mask; + + switch (c) { + case ARP_OPCODE: +@@ -91,18 +87,16 @@ + arpinfo->invflags |= EBT_ARP_OPCODE; + + if (optind > argc) +- print_error("Missing arp opcode argument"); ++ print_error("Missing ARP opcode argument"); + i = strtol(argv[optind - 1], &end, 10); + if (i < 0 || i >= (0x1 << 16) || *end !='\0') { +- i = 0; +- while (strcmp(opcodes[i], "")) { ++ for (i = 0; i < NUMOPCODES; i++) + if (!strcasecmp(opcodes[i], optarg)) + break; +- i++; +- } +- if (!strcmp(opcodes[i], "")) ++ if (i == NUMOPCODES) + print_error("Problem with specified " +- "arp opcode"); ++ "ARP opcode"); ++ i++; + } + arpinfo->opcode = htons(i); + arpinfo->bitmask |= EBT_ARP_OPCODE; +@@ -114,13 +108,13 @@ + arpinfo->invflags |= EBT_ARP_HTYPE; + + if (optind > argc) +- print_error("Missing arp hardware type argument"); ++ print_error("Missing ARP hardware type argument"); + i = strtol(argv[optind - 1], &end, 10); + if (i < 0 || i >= (0x1 << 16) || *end !='\0') { + if (!strcasecmp("Ethernet", argv[optind - 1])) + i = 1; + else +- print_error("Problem with specified arp " ++ print_error("Problem with specified ARP " + "hardware type"); + } + arpinfo->htype = htons(i); +@@ -128,23 +122,26 @@ + break; + + case ARP_PTYPE: ++ { ++ uint16_t proto; ++ + check_option(flags, OPT_PTYPE); + if (check_inverse(optarg)) + arpinfo->invflags |= EBT_ARP_PTYPE; + + if (optind > argc) +- print_error("Missing arp protocol type argument"); ++ print_error("Missing ARP protocol type argument"); + i = strtol(argv[optind - 1], &end, 16); + if (i < 0 || i >= (0x1 << 16) || *end !='\0') { +- if (!strcasecmp("IPv4", argv[optind - 1])) +- i = 0x0800; +- else +- print_error("Problem with specified arp " ++ if (name_to_number (argv[optind - 1], &proto) == -1) ++ print_error("Problem with specified ARP " + "protocol type"); +- } +- arpinfo->ptype = htons(i); ++ } else ++ proto = i; ++ arpinfo->ptype = htons(proto); + arpinfo->bitmask |= EBT_ARP_PTYPE; + break; ++ } + + case ARP_IP_S: + case ARP_IP_D: +@@ -166,7 +163,7 @@ + arpinfo->invflags |= EBT_ARP_DST_IP; + } + if (optind > argc) +- print_error("Missing ip address argument"); ++ print_error("Missing ARP IP address argument"); + parse_ip_address(argv[optind - 1], addr, mask); + break; + default: +@@ -177,27 +174,33 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { +- if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || +- (entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP)) ++ if ((entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP) || ++ entry->invflags & EBT_IPROTO) + print_error("For (R)ARP filtering the protocol must be " + "specified as ARP or RARP"); + } + + // defined in the ebt_ip.c +-char *mask_to_dotted(__u32 mask); ++char *mask_to_dotted(uint32_t mask); ++ + static void print(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match) + { + struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data; + int i; ++ char name[21]; + + if (arpinfo->bitmask & EBT_ARP_OPCODE) { ++ int opcode = ntohs(arpinfo->opcode); + printf("--arp-op "); + if (arpinfo->invflags & EBT_ARP_OPCODE) + printf("! "); +- printf("%d ", ntohs(arpinfo->opcode)); ++ if (opcode > 0 && opcode <= NUMOPCODES) ++ printf("%s ", opcodes[opcode - 1]); ++ else ++ printf("%d ", opcode); + } + if (arpinfo->bitmask & EBT_ARP_HTYPE) { + printf("--arp-htype "); +@@ -209,7 +212,10 @@ + printf("--arp-ptype "); + if (arpinfo->invflags & EBT_ARP_PTYPE) + printf("! "); +- printf("0x%x ", ntohs(arpinfo->ptype)); ++ if (number_to_name(ntohs(arpinfo->ptype), name)) ++ printf("0x%x ", ntohs(arpinfo->ptype)); ++ else ++ printf("%s ", name); + } + if (arpinfo->bitmask & EBT_ARP_SRC_IP) { + printf("--arp-ip-src "); +@@ -278,7 +284,7 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + + static void _init(void) __attribute__ ((constructor)); +--- ebtables-v2.0-rc1/extensions/ebt_vlan.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_vlan.c Thu Aug 29 18:55:02 2002 +@@ -32,8 +32,6 @@ + + #include <stdio.h> + #include <stdlib.h> +-#include <sys/socket.h> +-#include <netinet/in.h> + #include <string.h> + #include <getopt.h> + #include "../include/ebtables_u.h" +@@ -106,7 +104,7 @@ + (struct ebt_vlan_info *) (*match)->data; + unsigned long i; + char *end; +- __u16 encap; ++ uint16_t encap; + switch (c) { + case VLAN_ID: + /* +@@ -128,7 +126,7 @@ + /* + * Convert argv to long int, + * set *end to end of argv string, +- * base set 10 for decimal only ++ * base set 10 for decimal only + */ + (unsigned short) i = strtol (argv[optind - 1], &end, 10); + /* +@@ -217,15 +215,16 @@ + static void + final_check (const struct ebt_u_entry *entry, + const struct ebt_entry_match *match, +- const char *name, unsigned int hook, unsigned int time) ++ const char *name, unsigned int hookmask, unsigned int time) + { + + struct ebt_vlan_info *vlaninfo = + (struct ebt_vlan_info *) match->data; + /* +- * Is any proto param specified there? Or specified proto isn't 802.1Q? ++ * Specified proto isn't 802.1Q? + */ +- if (entry->bitmask & EBT_NOPROTO || entry->ethproto != ETH_P_8021Q) ++ if (entry->ethproto != ETH_P_8021Q || ++ entry->invflags & EBT_IPROTO) + print_error + ("For use 802.1Q extension the protocol must be specified as 802_1Q"); + /* +@@ -334,7 +333,7 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + + static void _init (void) __attribute__ ((constructor)); +--- ebtables-v2.0-rc1/extensions/ebt_log.c Thu Jun 27 18:53:55 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_log.c Sat Aug 24 15:29:50 2002 +@@ -1,7 +1,6 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/socket.h> + #include <getopt.h> + #include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_log.h> +@@ -16,11 +15,12 @@ + #define LOG_NOTICE 5 // normal but significant condition + #define LOG_INFO 6 // informational + #define LOG_DEBUG 7 // debug-level messages ++ + #define LOG_DEFAULT_LEVEL LOG_INFO + + typedef struct _code { +- char *c_name; +- int c_val; ++ char *c_name; ++ int c_val; + } CODE; + + static CODE eight_priority[] = { +@@ -31,20 +31,16 @@ + { "warning", LOG_WARNING }, + { "notice", LOG_NOTICE }, + { "info", LOG_INFO }, +- { "debug", LOG_DEBUG }, +- { NULL, -1 } ++ { "debug", LOG_DEBUG } + }; + + static int name_to_loglevel(char* arg) + { +- int i = 0, c_val = eight_priority[0].c_val; ++ int i; + +- while (c_val != -1) { ++ for (i = 0; i < 8; i++) + if (!strcmp(arg, eight_priority[i].c_name)) +- return c_val; +- i++; +- c_val = eight_priority[i].c_val; +- } ++ return eight_priority[i].c_val; + // return bad loglevel + return 9; + } +@@ -100,7 +96,7 @@ + unsigned int *flags, struct ebt_entry_watcher **watcher) + { + struct ebt_log_info *loginfo = (struct ebt_log_info *)(*watcher)->data; +- int i; ++ long int i; + char *end; + + switch (c) { +@@ -143,7 +139,7 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_watcher *watcher, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + return; + } +@@ -186,10 +182,9 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + +-#undef _init + static void _init(void) __attribute__ ((constructor)); + static void _init(void) + { +--- ebtables-v2.0-rc1/extensions/ebt_standard.c Thu Jun 27 18:53:55 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_standard.c Sat Aug 24 15:31:50 2002 +@@ -1,6 +1,5 @@ + #include <stdio.h> + #include <stdlib.h> +-#include <sys/socket.h> + #include <getopt.h> + #include "../include/ebtables_u.h" + +@@ -11,7 +10,8 @@ + + static void print_help() + { +- printf("Standard targets: DROP, ACCEPT and CONTINUE\n"); ++ printf("Standard targets: DROP, ACCEPT, RETURN or CONTINUE;\n" ++ "The target can also be a user defined chain.\n"); + } + + static void init(struct ebt_entry_target *t) +@@ -27,11 +27,12 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + } + + struct ebt_u_entries *nr_to_chain(int nr); ++ + static void print(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target) + { +@@ -53,7 +54,7 @@ + else if (verdict == EBT_RETURN) + printf("RETURN "); + else +- print_error("BUG: Bad standard target"); // this is a bug ++ print_bug("Bad standard target"); + } + + static int compare(const struct ebt_entry_target *t1, +--- ebtables-v2.0-rc1/extensions/ebtable_filter.c Thu Jun 27 18:53:55 2002 ++++ ebtables-v2.0-rc2/extensions/ebtable_filter.c Tue Aug 13 13:00:12 2002 +@@ -1,6 +1,4 @@ + #include <stdio.h> +-#include <sys/socket.h> +-#include <linux/netfilter_bridge/ebtables.h> + #include "../include/ebtables_u.h" + + #define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \ +--- ebtables-v2.0-rc1/extensions/ebtable_nat.c Thu Jun 27 18:53:55 2002 ++++ ebtables-v2.0-rc2/extensions/ebtable_nat.c Tue Aug 13 12:59:14 2002 +@@ -1,5 +1,4 @@ + #include <stdio.h> +-#include <sys/socket.h> + #include "../include/ebtables_u.h" + + #define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \ +--- ebtables-v2.0-rc1/extensions/ebt_mark.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_mark.c Sat Aug 24 15:30:09 2002 +@@ -1,21 +1,17 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/socket.h> +-#include <netinet/in.h> + #include <getopt.h> + #include "../include/ebtables_u.h" + #include <linux/netfilter_bridge/ebt_mark_t.h> + +-extern char *standard_targets[NUM_STANDARD_TARGETS]; ++static int mark_supplied; + +-int mark_supplied; +- +-#define MARK_TARGET '1' ++#define MARK_TARGET '1' + #define MARK_SETMARK '2' + static struct option opts[] = + { +- { "mark-target" , required_argument, 0, MARK_TARGET }, ++ { "mark-target" , required_argument, 0, MARK_TARGET }, + { "set-mark" , required_argument, 0, MARK_SETMARK }, + { 0 } + }; +@@ -24,8 +20,8 @@ + { + printf( + "mark target options:\n" +- " --set-mark value : Set nfmark value\n" +- " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n"); ++ " --set-mark value : Set nfmark value\n" ++ " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n"); + } + + static void init(struct ebt_entry_target *target) +@@ -36,16 +32,14 @@ + markinfo->target = EBT_ACCEPT; + markinfo->mark = 0; + mark_supplied = 0; +- return; + } + +-#define OPT_MARK_TARGET 0x01 ++#define OPT_MARK_TARGET 0x01 + #define OPT_MARK_SETMARK 0x02 + static int parse(int c, char **argv, int argc, + const struct ebt_u_entry *entry, unsigned int *flags, + struct ebt_entry_target **target) + { +- int i; + struct ebt_mark_t_info *markinfo = + (struct ebt_mark_t_info *)(*target)->data; + char *end; +@@ -53,12 +47,7 @@ + switch (c) { + case MARK_TARGET: + check_option(flags, OPT_MARK_TARGET); +- for (i = 0; i < NUM_STANDARD_TARGETS; i++) +- if (!strcmp(optarg, standard_targets[i])) { +- markinfo->target = -i - 1; +- break; +- } +- if (i == NUM_STANDARD_TARGETS) ++ if (FILL_TARGET(optarg, markinfo->target)) + print_error("Illegal --mark-target target"); + break; + case MARK_SETMARK: +@@ -76,14 +65,14 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + struct ebt_mark_t_info *markinfo = + (struct ebt_mark_t_info *)target->data; + + if (time == 0 && mark_supplied == 0) + print_error("No mark value supplied"); +- if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && markinfo->target == EBT_RETURN) ++ if (BASE_CHAIN && markinfo->target == EBT_RETURN) + print_error("--mark-target RETURN not allowed on base chain"); + } + +@@ -96,8 +85,7 @@ + printf("--set-mark 0x%lx", markinfo->mark); + if (markinfo->target == EBT_ACCEPT) + return; +- printf(" --mark-target %s", +- standard_targets[-markinfo->target - 1]); ++ printf(" --mark-target %s", TARGET_NAME(markinfo->target)); + } + + static int compare(const struct ebt_entry_target *t1, +@@ -122,7 +110,7 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + + static void _init(void) __attribute__ ((constructor)); +--- ebtables-v2.0-rc1/extensions/ebt_mark_m.c Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/extensions/ebt_mark_m.c Sat Aug 24 15:30:26 2002 +@@ -1,6 +1,5 @@ + #include <stdio.h> + #include <stdlib.h> +-#include <sys/socket.h> + #include <string.h> + #include <getopt.h> + #include "../include/ebtables_u.h" +@@ -25,9 +24,9 @@ + { + struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)match->data; + +- markinfo->mark = 0; +- markinfo->mask = 0; +- markinfo->invert = 0; ++ markinfo->mark = 0; ++ markinfo->mask = 0; ++ markinfo->invert = 0; + markinfo->bitmask = 0; + } + +@@ -65,7 +64,7 @@ + + static void final_check(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match, const char *name, +- unsigned int hook_mask, unsigned int time) ++ unsigned int hookmask, unsigned int time) + { + } + +@@ -113,7 +112,7 @@ + final_check, + print, + compare, +- opts, ++ opts + }; + + static void _init(void) __attribute((constructor)); +--- ebtables-v2.0-rc1/ChangeLog Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/ChangeLog Fri Aug 30 22:40:11 2002 +@@ -1,3 +1,10 @@ ++20020830 ++ * updated the kernel files for 2.4.20-pre5 and 2.5.32 ++ * last big cleanup of kernel and userspace code just finished ++20020820 ++ * ARP module bugfix ++ * IP module bugfix ++ * nat module bugfix + 20020730 + * other things done before 2.0-rc1 that I can think of, + including kernel: +--- ebtables-v2.0-rc1/ebtables.8 Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/ebtables.8 Sun Aug 11 14:00:57 2002 +@@ -1,4 +1,4 @@ +-.TH EBTABLES 8 "23 July 2002" ++.TH EBTABLES 8 "11 August 2002" + .\" + .\" Man page written by Bart De Schuymer <bart.de.schuymer@pandora.be> + .\" It is based on the iptables man page. +@@ -21,7 +21,7 @@ + .\" + .\" + .SH NAME +-ebtables (v.2.0) \- Ethernet bridge packet table administration ++ebtables (v.2.0) \- Ethernet bridge frame table administration + .SH SYNOPSIS + .BR "ebtables -[ADI] " "chain rule-specification " [ options ] + .br +@@ -33,10 +33,6 @@ + .br + .BR "ebtables -E " "old-chain-name new-chain-name" + .br +-.B "ebtables -L DB" +-.br +-.BR "ebtables -[b] [" "y/n" "]" +-.br + .BR "ebtables --init-table" + .br + .BR "ebtables --atomic-init " file +@@ -147,18 +143,9 @@ + .TP + .B "-L, --list" + List all rules in the selected chain. If no chain is selected, all chains +-are listed. If the chainname equals +-.BR DB , +-.B ebtables +-will try to show the database. This database gives a survey of the kind of +-frames that pass the different bridge hooks. It uses the interfaces where +-the frame came in or will go out, the protocol field and the hook. This +-database is independent from the rest of +-.B ebtables +-and is in a different kernel module. ++are listed. + .br +-The following three options change the output when not listing the +-database: ++The following three options change the output: + .br + .B "--Ln" + .br +@@ -196,7 +183,8 @@ + .BR DROP . + .TP + .B "-N, --new-chain" +-Create a new user-defined chain by the given name. ++Create a new user-defined chain by the given name. The number of ++user-defined chains is unlimited. A chain name has max length of 31. + .TP + .B "-X, --delete-chain" + Delete the specified user-defined chain. There must be no references to the +@@ -335,16 +323,15 @@ + .B ebtables + will try to write help about those extensions. E.g. ebtables -h snat log ip arp. + .TP +-.BR "-b --db " [ "y/n" ] +-Enable (y) or disable (n) the database. +-.TP + .BR "-j, --jump " "\fItarget\fP" + The target of the rule. This is one of the following values: + .BR ACCEPT , + .BR DROP , + .BR CONTINUE , +-or a target extension, see +-.BR "TARGET EXTENSIONS" . ++.BR RETURN , ++a target extension (see ++.BR "TARGET EXTENSIONS" ")" ++or a user defined chain name. + .TP + .B --atomic file + Let the command operate on the specified file. The data of the table to +--- ebtables-v2.0-rc1/ethertypes Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/ethertypes Sun Aug 11 18:55:35 2002 +@@ -5,28 +5,28 @@ + # always put tabs or spaces between the name and the protocol number + # anything on a line after the protocol number is ignored + # programs using this file should not be case sensitive +-IPv4 0800 +-X25 0805 +-ARP 0806 +-802_1Q 8100 802.1Q Virtual LAN tagged frame +-IPX 8137 +-IPv6 86DD +-NetBEUI 8191 +-BPQ 08FF G8BPQ AX.25 Ethernet Packet +-DEC 6000 DEC Assigned proto +-DNA_DL 6001 DEC DNA Dump/Load +-DNA_RC 6002 DEC DNA Remote Console +-DNA_RT 6003 DEC DNA Routing +-LAT 6004 DEC LAT +-DIAG 6005 DEC Diagnostics +-CUST 6006 DEC Customer use +-SCA 6007 DEC Systems Comms Arch +-RARP 8035 Reverse Addr Res packet +-ATALK 809B Appletalk DDP +-AARP 80F3 Appletalk AARP +-IPX 8137 IPX over DIX ++IPv4 0800 ++X25 0805 ++ARP 0806 ++802_1Q 8100 802.1Q Virtual LAN tagged frame ++IPX 8137 ++IPv6 86DD ++NetBEUI 8191 ++BPQ 08FF G8BPQ AX.25 Ethernet Packet ++DEC 6000 DEC Assigned proto ++DNA_DL 6001 DEC DNA Dump/Load ++DNA_RC 6002 DEC DNA Remote Console ++DNA_RT 6003 DEC DNA Routing ++LAT 6004 DEC LAT ++DIAG 6005 DEC Diagnostics ++CUST 6006 DEC Customer use ++SCA 6007 DEC Systems Comms Arch ++RARP 8035 Reverse Addr Res packet ++ATALK 809B Appletalk DDP ++AARP 80F3 Appletalk AARP ++IPX 8137 IPX over DIX + PPP_DISC 8863 PPPoE discovery messages +-PPP_SES 8864 PPPoE session messages +-ATMMPOA 884C MultiProtocol over ATM +-ATMFATE 8884 Frame-based ATM Transport over Ethernet +-LOOP 9000 ++PPP_SES 8864 PPPoE session messages ++ATMMPOA 884C MultiProtocol over ATM ++ATMFATE 8884 Frame-based ATM Transport over Ethernet ++LOOP 9000 +--- ebtables-v2.0-rc1/include/ebtables_u.h Wed Jul 31 21:55:02 2002 ++++ ebtables-v2.0-rc2/include/ebtables_u.h Thu Aug 29 18:58:36 2002 +@@ -23,8 +23,8 @@ + + #ifndef EBTABLES_U_H + #define EBTABLES_U_H ++#include <netinet/in.h> + #include <linux/netfilter_bridge/ebtables.h> +-#include <linux/br_db.h> + + struct ebt_u_entries + { +@@ -75,7 +75,7 @@ + struct ebt_u_table + { + char name[EBT_TABLE_MAXNAMELEN]; +- int (*check)(struct ebt_u_replace *repl); ++ void (*check)(struct ebt_u_replace *repl); + void (*help)(char **); + struct ebt_u_table *next; + }; +@@ -96,7 +96,7 @@ + { + unsigned int bitmask; + unsigned int invflags; +- __u16 ethproto; ++ uint16_t ethproto; + char in[IFNAMSIZ]; + char logical_in[IFNAMSIZ]; + char out[IFNAMSIZ]; +@@ -114,7 +114,7 @@ + struct ebt_u_match + { + char name[EBT_FUNCTION_MAXNAMELEN]; +- // size of the real match data + sizeof struct ebt_match ++ // size of the real match data + unsigned int size; + void (*help)(void); + void (*init)(struct ebt_entry_match *m); +@@ -123,7 +123,7 @@ + struct ebt_entry_match **match); + void (*final_check)(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match, +- const char *name, unsigned int hook_mask, unsigned int time); ++ const char *name, unsigned int hookmask, unsigned int time); + void (*print)(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match); + int (*compare)(const struct ebt_entry_match *m1, +@@ -150,7 +150,7 @@ + struct ebt_entry_watcher **watcher); + void (*final_check)(const struct ebt_u_entry *entry, + const struct ebt_entry_watcher *watch, const char *name, +- unsigned int hook_mask, unsigned int time); ++ unsigned int hookmask, unsigned int time); + void (*print)(const struct ebt_u_entry *entry, + const struct ebt_entry_watcher *watcher); + int (*compare)(const struct ebt_entry_watcher *w1, +@@ -174,7 +174,7 @@ + struct ebt_entry_target **target); + void (*final_check)(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target, const char *name, +- unsigned int hook_mask, unsigned int time); ++ unsigned int hookmask, unsigned int time); + void (*print)(const struct ebt_u_entry *entry, + const struct ebt_entry_target *target); + int (*compare)(const struct ebt_entry_target *t1, +@@ -198,21 +198,17 @@ + struct ebt_u_table *find_table(char *name); + void deliver_counters(struct ebt_u_replace *repl); + void deliver_table(struct ebt_u_replace *repl); +-void get_dbinfo(struct brdb_dbinfo *nr); +-void get_db(int len, struct brdb_dbentry *db); +-void deliver_allowdb(__u16 *decision); +-int name_to_number(char *name, __u16 *proto); ++int name_to_number(char *name, uint16_t *proto); + int number_to_name(unsigned short proto, char *name); + void check_option(unsigned int *flags, unsigned int mask); + int check_inverse(const char option[]); ++void __print_bug(char *file, int line, char *format, ...); + #define print_bug(format, args...) \ +- {printf("BUG: "format".\n", ##args); exit(-1);} ++ __print_bug(__FILE__, __LINE__, format, ##args) + #define print_error(format, args...) {printf(format".\n", ##args); exit(-1);} + #define print_memory() {printf("Ebtables: " __FILE__ " " __FUNCTION__ \ + " %d :Out of memory.\n", __LINE__); exit(-1);} + +- +- + // used for keeping the rule counters right during rule adds or deletes + #define CNT_NORM 0 + #define CNT_DEL 1 +@@ -220,4 +216,27 @@ + #define CNT_END 3 + #define CNT_ZERO 4 + ++extern char *standard_targets[NUM_STANDARD_TARGETS]; ++// Transforms a target string into the right integer, ++// returns 0 on success. ++#define FILL_TARGET(_str, _pos) ({ \ ++ int _i, _ret = 0; \ ++ for (_i = 0; _i < NUM_STANDARD_TARGETS; _i++) \ ++ if (!strcmp(_str, standard_targets[_i])) {\ ++ _pos = -_i - 1; \ ++ break; \ ++ } \ ++ if (_i == NUM_STANDARD_TARGETS) \ ++ _ret = 1; \ ++ _ret; \ ++}) ++ ++// Transforms the target value to an index into standard_targets[] ++#define TARGET_INDEX(_value) (-_value - 1) ++// Returns a target string corresponding to the value ++#define TARGET_NAME(_value) (standard_targets[TARGET_INDEX(_value)]) ++// True if the hook mask denotes that the rule is in a base chain ++#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS)) ++// Clear the bit in the hook_mask that tells if the rule is on a base chain ++#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS)) + #endif /* EBTABLES_U_H */ |