summaryrefslogtreecommitdiffstats
path: root/userspace
diff options
context:
space:
mode:
authorBart De Schuymer <bdschuym@pandora.be>2002-06-23 08:03:12 +0000
committerBart De Schuymer <bdschuym@pandora.be>2002-06-23 08:03:12 +0000
commit0ceadf9abe94b3774b0b1fa7af9d9d932af8c9c3 (patch)
tree961ede8e4ce64048528844c5526b8a6040340c23 /userspace
parentcd54b43d64f35286514cd7742dde0f1e1e2b8843 (diff)
*** empty log message ***
Diffstat (limited to 'userspace')
-rw-r--r--userspace/ebtables2/ChangeLog9
-rw-r--r--userspace/ebtables2/extensions/ebt_arp.c17
-rw-r--r--userspace/ebtables2/extensions/ebt_ip.c19
-rw-r--r--userspace/ebtables2/extensions/ebt_log.c9
-rw-r--r--userspace/ebtables2/extensions/ebt_nat.c15
-rw-r--r--userspace/ebtables2/extensions/ebt_redirect.c14
-rw-r--r--userspace/ebtables2/extensions/ebt_standard.c18
-rw-r--r--userspace/ebtables2/extensions/ebt_vlan.c9
8 files changed, 59 insertions, 51 deletions
diff --git a/userspace/ebtables2/ChangeLog b/userspace/ebtables2/ChangeLog
index 3a58b07..0c584b1 100644
--- a/userspace/ebtables2/ChangeLog
+++ b/userspace/ebtables2/ChangeLog
@@ -1,3 +1,12 @@
+20020621
+ * some unlogged changes (due to lazyness)
+ * change the output for -L to make it look like it would look when
+ the user inputs the command.
+ * try to autoload modules
+ * some minor bugfixes
+ * add user defined chains support (without new commands yet,
+ deliberately)
+ * comparing rules didn't take the logical devices into account
20020520
* update help for -s and -d
* add VLAN in ethertypes
diff --git a/userspace/ebtables2/extensions/ebt_arp.c b/userspace/ebtables2/extensions/ebt_arp.c
index 0e22b0b..d094b68 100644
--- a/userspace/ebtables2/extensions/ebt_arp.c
+++ b/userspace/ebtables2/extensions/ebt_arp.c
@@ -3,7 +3,6 @@
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_arp.h>
@@ -178,7 +177,7 @@ static int parse(int c, char **argv, int argc,
}
static void final_check(const struct ebt_u_entry *entry,
-const struct ebt_entry_match *match, const char *name, unsigned int hook)
+const struct ebt_entry_match *match, const char *name, unsigned int hook_mask)
{
if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 ||
(entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP))
@@ -195,40 +194,40 @@ static void print(const struct ebt_u_entry *entry,
int i;
if (arpinfo->bitmask & EBT_ARP_OPCODE) {
- printf("arp opcode: ");
+ printf("--arp-op ");
if (arpinfo->invflags & EBT_ARP_OPCODE)
printf("! ");
printf("%d ", ntohs(arpinfo->opcode));
}
if (arpinfo->bitmask & EBT_ARP_HTYPE) {
- printf("arp htype: ");
+ printf("--arp-htype ");
if (arpinfo->invflags & EBT_ARP_HTYPE)
printf("! ");
printf("%d ", ntohs(arpinfo->htype));
}
if (arpinfo->bitmask & EBT_ARP_PTYPE) {
- printf("arp ptype: ");
+ printf("--arp-ptype ");
if (arpinfo->invflags & EBT_ARP_PTYPE)
printf("! ");
printf("0x%x ", ntohs(arpinfo->ptype));
}
if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
- printf("arp src IP ");
+ printf("--arp-ip-src ");
if (arpinfo->invflags & EBT_ARP_SRC_IP)
printf("! ");
for (i = 0; i < 4; i++)
printf("%d%s", ((unsigned char *)&arpinfo->saddr)[i],
(i == 3) ? "" : ".");
- printf("%s, ", mask_to_dotted(arpinfo->smsk));
+ printf("%s ", mask_to_dotted(arpinfo->smsk));
}
if (arpinfo->bitmask & EBT_ARP_DST_IP) {
- printf("arp dst IP ");
+ printf("--arp-ip-dst ");
if (arpinfo->invflags & EBT_ARP_DST_IP)
printf("! ");
for (i = 0; i < 4; i++)
printf("%d%s", ((unsigned char *)&arpinfo->daddr)[i],
(i == 3) ? "" : ".");
- printf("%s, ", mask_to_dotted(arpinfo->dmsk));
+ printf("%s ", mask_to_dotted(arpinfo->dmsk));
}
}
diff --git a/userspace/ebtables2/extensions/ebt_ip.c b/userspace/ebtables2/extensions/ebt_ip.c
index 5d62d3a..cb425f9 100644
--- a/userspace/ebtables2/extensions/ebt_ip.c
+++ b/userspace/ebtables2/extensions/ebt_ip.c
@@ -3,7 +3,6 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_ip.h>
@@ -219,7 +218,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
}
static void final_check(const struct ebt_u_entry *entry,
- const struct ebt_entry_match *match, const char *name, unsigned int hook)
+ const struct ebt_entry_match *match, const char *name, unsigned int hook_mask)
{
if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 ||
entry->ethproto != ETH_P_IP)
@@ -234,34 +233,34 @@ static void print(const struct ebt_u_entry *entry,
int j;
if (ipinfo->bitmask & EBT_IP_SOURCE) {
- printf("source ip: ");
+ printf("--ip-src ");
if (ipinfo->invflags & EBT_IP_SOURCE)
printf("! ");
for (j = 0; j < 4; j++)
printf("%d%s",((unsigned char *)&ipinfo->saddr)[j],
(j == 3) ? "" : ".");
- printf("%s, ", mask_to_dotted(ipinfo->smsk));
+ printf("%s ", mask_to_dotted(ipinfo->smsk));
}
if (ipinfo->bitmask & EBT_IP_DEST) {
- printf("dest ip: ");
+ printf("--ip-dst ");
if (ipinfo->invflags & EBT_IP_DEST)
printf("! ");
for (j = 0; j < 4; j++)
printf("%d%s", ((unsigned char *)&ipinfo->daddr)[j],
(j == 3) ? "" : ".");
- printf("%s, ", mask_to_dotted(ipinfo->dmsk));
+ printf("%s ", mask_to_dotted(ipinfo->dmsk));
}
if (ipinfo->bitmask & EBT_IP_TOS) {
- printf("ip TOS: ");
+ printf("--ip-tos ");
if (ipinfo->invflags & EBT_IP_TOS)
printf("! ");
- printf("0x%02X, ", ipinfo->tos);
+ printf("0x%02X ", ipinfo->tos);
}
if (ipinfo->bitmask & EBT_IP_PROTO) {
- printf("ip proto: ");
+ printf("--ip-proto ");
if (ipinfo->invflags & EBT_IP_DEST)
printf("! ");
- printf("%d, ", ipinfo->protocol);
+ printf("%d ", ipinfo->protocol);
}
}
diff --git a/userspace/ebtables2/extensions/ebt_log.c b/userspace/ebtables2/extensions/ebt_log.c
index 6dff952..1dca3ad 100644
--- a/userspace/ebtables2/extensions/ebt_log.c
+++ b/userspace/ebtables2/extensions/ebt_log.c
@@ -2,7 +2,6 @@
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_log.h>
@@ -143,7 +142,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
}
static void final_check(const struct ebt_u_entry *entry,
- const struct ebt_entry_watcher *watcher, const char *name, unsigned int hook)
+ const struct ebt_entry_watcher *watcher, const char *name, unsigned int hook_mask)
{
return;
}
@@ -153,13 +152,13 @@ static void print(const struct ebt_u_entry *entry,
{
struct ebt_log_info *loginfo = (struct ebt_log_info *)watcher->data;
- printf("log: log-level = %s - log-prefix = \"%s\"",
+ printf("--log-level %s --log-prefix \"%s\"",
eight_priority[loginfo->loglevel].c_name,
loginfo->prefix);
if (loginfo->bitmask & EBT_LOG_IP)
- printf(" - log-ip");
+ printf(" --log-ip");
if (loginfo->bitmask & EBT_LOG_ARP)
- printf(" - log-arp");
+ printf(" --log-arp");
printf(" ");
}
diff --git a/userspace/ebtables2/extensions/ebt_nat.c b/userspace/ebtables2/extensions/ebt_nat.c
index 1f88ae2..06414cf 100644
--- a/userspace/ebtables2/extensions/ebt_nat.c
+++ b/userspace/ebtables2/extensions/ebt_nat.c
@@ -4,7 +4,6 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ether.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_nat.h>
@@ -137,20 +136,20 @@ static int parse_d(int c, char **argv, int argc,
}
static void final_check_s(const struct ebt_u_entry *entry,
- const struct ebt_entry_target *target, const char *name, unsigned int hook)
+ const struct ebt_entry_target *target, const char *name, unsigned int hook_mask)
{
- if (hook != NF_BR_POST_ROUTING || strcmp(name, "nat"))
+ if (!(hook_mask & (1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat"))
print_error("Wrong chain for snat");
if (to_source_supplied == 0)
print_error("No snat address supplied");
}
static void final_check_d(const struct ebt_u_entry *entry,
- const struct ebt_entry_target *target, const char *name, unsigned int hook)
+ const struct ebt_entry_target *target, const char *name, unsigned int hook_mask)
{
- if ( ((hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) ||
+ if (((hook_mask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) ||
strcmp(name, "nat")) &&
- (hook != NF_BR_BROUTING || strcmp(name, "broute")) )
+ ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")))
print_error("Wrong chain for dnat");
if (to_dest_supplied == 0)
print_error("No dnat address supplied");
@@ -161,7 +160,7 @@ static void print_s(const struct ebt_u_entry *entry,
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
- printf("snat - to: ");
+ printf("--to-src ");
printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac));
printf(" --snat-target %s", standard_targets[natinfo->target]);
}
@@ -171,7 +170,7 @@ static void print_d(const struct ebt_u_entry *entry,
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
- printf("dnat - to: ");
+ printf("--to-dst ");
printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac));
printf(" --dnat-target %s", standard_targets[natinfo->target]);
}
diff --git a/userspace/ebtables2/extensions/ebt_redirect.c b/userspace/ebtables2/extensions/ebt_redirect.c
index 3dff790..1fc7fd8 100644
--- a/userspace/ebtables2/extensions/ebt_redirect.c
+++ b/userspace/ebtables2/extensions/ebt_redirect.c
@@ -3,7 +3,6 @@
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_redirect.h>
@@ -33,7 +32,6 @@ static void init(struct ebt_entry_target *target)
return;
}
-
#define OPT_REDIRECT_TARGET 0x01
static int parse(int c, char **argv, int argc,
const struct ebt_u_entry *entry, unsigned int *flags,
@@ -61,10 +59,10 @@ static int parse(int c, char **argv, int argc,
}
static void final_check(const struct ebt_u_entry *entry,
- const struct ebt_entry_target *target, const char *name, unsigned int hook)
+ const struct ebt_entry_target *target, const char *name, unsigned int hook_mask)
{
- if ( (hook != NF_BR_PRE_ROUTING || strcmp(name, "nat")) &&
- (hook != NF_BR_BROUTING || strcmp(name, "broute")) )
+ if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) &&
+ ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) )
print_error("Wrong chain for redirect");
}
@@ -74,8 +72,10 @@ static void print(const struct ebt_u_entry *entry,
struct ebt_redirect_info *redirectinfo =
(struct ebt_redirect_info *)target->data;
- printf("redirect");
- printf(" --redirect-target %s", standard_targets[redirectinfo->target]);
+ if (redirectinfo->target == EBT_ACCEPT)
+ return;
+ printf(" --redirect-target %s",
+ standard_targets[-redirectinfo->target - 1]);
}
static int compare(const struct ebt_entry_target *t1,
diff --git a/userspace/ebtables2/extensions/ebt_standard.c b/userspace/ebtables2/extensions/ebt_standard.c
index 983d055..9ca1fed 100644
--- a/userspace/ebtables2/extensions/ebt_standard.c
+++ b/userspace/ebtables2/extensions/ebt_standard.c
@@ -1,6 +1,6 @@
#include <stdio.h>
+#include <stdlib.h>
#include <sys/socket.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
@@ -26,21 +26,25 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
}
static void final_check(const struct ebt_u_entry *entry,
- const struct ebt_entry_target *target, const char *name, unsigned int hook)
+ const struct ebt_entry_target *target, const char *name, unsigned int hook_mask)
{
}
static void print(const struct ebt_u_entry *entry,
const struct ebt_entry_target *target)
{
- __u8 verdict = ((struct ebt_standard_target *)target)->verdict;
+ int verdict = ((struct ebt_standard_target *)target)->verdict;
if (verdict == EBT_CONTINUE)
- printf("Continue ");
- else if (verdict == EBT_ACCEPT)
- printf("Accept ");
+ printf("CONTINUE ");
+ else if (verdict == EBT_ACCEPT)
+ printf("ACCEPT ");
+ else if (verdict == EBT_DROP)
+ printf("DROP ");
+ else if (verdict == EBT_RETURN)
+ printf("RETURN ");
else
- printf("Drop ");
+ print_error("BUG: Bad standard target"); // this is a bug
}
static int compare(const struct ebt_entry_target *t1,
diff --git a/userspace/ebtables2/extensions/ebt_vlan.c b/userspace/ebtables2/extensions/ebt_vlan.c
index 2379f97..06708da 100644
--- a/userspace/ebtables2/extensions/ebt_vlan.c
+++ b/userspace/ebtables2/extensions/ebt_vlan.c
@@ -19,7 +19,6 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
-#include <linux/netfilter_bridge/ebtables.h>
#include <getopt.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_vlan.h>
@@ -194,7 +193,7 @@ parse (int c, char **argv, int argc,
static void
final_check (const struct ebt_u_entry *entry,
const struct ebt_entry_match *match,
- const char *name, unsigned int hook)
+ const char *name, unsigned int hook_mask)
{
/*
* Is any proto supplied there? Or specified proto isn't 802.1Q?
@@ -218,7 +217,7 @@ print (const struct ebt_u_entry *entry,
* Print VLAN ID if they are specified
*/
if (vlaninfo->bitmask & EBT_VLAN_ID) {
- printf ("vlan id: %s%d, ",
+ printf ("--vlan-id %s %d, ",
vlaninfo->invflags & EBT_VLAN_ID ? "!" : "",
vlaninfo->id);
}
@@ -226,7 +225,7 @@ print (const struct ebt_u_entry *entry,
* Print VLAN priority if they are specified
*/
if (vlaninfo->bitmask & EBT_VLAN_PRIO) {
- printf ("vlan prio: %s%d, ",
+ printf ("--vlan-prio %s %d, ",
vlaninfo->invflags & EBT_VLAN_PRIO ? "!" : "",
vlaninfo->prio);
}
@@ -234,7 +233,7 @@ print (const struct ebt_u_entry *entry,
* Print VLAN encapsulated protocol if they are specified
*/
if (vlaninfo->bitmask & EBT_VLAN_ENCAP) {
- printf ("vlan encap: %s%2.4X, ",
+ printf ("--vlan-encap %s %2.4X, ",
vlaninfo->invflags & EBT_VLAN_ENCAP ? "!" : "",
ntohs (vlaninfo->encap));
}