summaryrefslogtreecommitdiffstats
path: root/userspace/ebtables2
diff options
context:
space:
mode:
Diffstat (limited to 'userspace/ebtables2')
-rw-r--r--userspace/ebtables2/ChangeLog2
-rw-r--r--userspace/ebtables2/extensions/ebt_mark.c121
-rw-r--r--userspace/ebtables2/extensions/ebt_mark_m.c115
3 files changed, 238 insertions, 0 deletions
diff --git a/userspace/ebtables2/ChangeLog b/userspace/ebtables2/ChangeLog
index 0e3e27a..20bb3f1 100644
--- a/userspace/ebtables2/ChangeLog
+++ b/userspace/ebtables2/ChangeLog
@@ -1,3 +1,5 @@
+20020720
+ * added mark target+match
20020714
* added --atomic options
20020710
diff --git a/userspace/ebtables2/extensions/ebt_mark.c b/userspace/ebtables2/extensions/ebt_mark.c
new file mode 100644
index 0000000..318e2b6
--- /dev/null
+++ b/userspace/ebtables2/extensions/ebt_mark.c
@@ -0,0 +1,121 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <getopt.h>
+#include "../include/ebtables_u.h"
+#include <linux/netfilter_bridge/ebt_mark_t.h>
+
+extern char *standard_targets[NUM_STANDARD_TARGETS];
+
+#define MARK_TARGET '1'
+#define MARK_SETMARK '2'
+static struct option opts[] =
+{
+ { "mark-target" , required_argument, 0, MARK_TARGET },
+ { "set-mark" , required_argument, 0, MARK_SETMARK },
+ { 0 }
+};
+
+static void print_help()
+{
+ printf(
+ "mark target options:\n"
+ " --set-mark value : Set nfmark value\n"
+ " --mark-target target : ACCEPT, DROP or CONTINUE\n");
+}
+
+static void init(struct ebt_entry_target *target)
+{
+ struct ebt_mark_t_info *markinfo =
+ (struct ebt_mark_t_info *)target->data;
+
+ markinfo->target = EBT_ACCEPT;
+ markinfo->mark = 0;
+ return;
+}
+
+#define OPT_MARK_TARGET 0x01
+#define OPT_MARK_SETMARK 0x02
+static int parse(int c, char **argv, int argc,
+ const struct ebt_u_entry *entry, unsigned int *flags,
+ struct ebt_entry_target **target)
+{
+ int i;
+ struct ebt_mark_t_info *markinfo =
+ (struct ebt_mark_t_info *)(*target)->data;
+ char *end;
+
+ switch (c) {
+ case MARK_TARGET:
+ check_option(flags, OPT_MARK_TARGET);
+ for (i = 0; i < NUM_STANDARD_TARGETS; i++)
+ if (!strcmp(optarg, standard_targets[i])) {
+ markinfo->target = -i - 1;
+ break;
+ }
+ if (i == NUM_STANDARD_TARGETS)
+ print_error("Illegal --mark-target target");
+ break;
+ case MARK_SETMARK:
+ check_option(flags, OPT_MARK_SETMARK);
+ markinfo->mark = strtoul(optarg, &end, 0);
+ if (*end != '\0' || end == optarg)
+ print_error("Bad MARK value `%s'", optarg);
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+static void final_check(const struct ebt_u_entry *entry,
+ const struct ebt_entry_target *target, const char *name,
+ unsigned int hook_mask, unsigned int time)
+{
+}
+
+static void print(const struct ebt_u_entry *entry,
+ const struct ebt_entry_target *target)
+{
+ struct ebt_mark_t_info *markinfo =
+ (struct ebt_mark_t_info *)target->data;
+
+ printf("--set-mark 0x%lx", markinfo->mark);
+ if (markinfo->target == EBT_ACCEPT)
+ return;
+ printf(" --mark-target %s",
+ standard_targets[-markinfo->target - 1]);
+}
+
+static int compare(const struct ebt_entry_target *t1,
+ const struct ebt_entry_target *t2)
+{
+ struct ebt_mark_t_info *markinfo1 =
+ (struct ebt_mark_t_info *)t1->data;
+ struct ebt_mark_t_info *markinfo2 =
+ (struct ebt_mark_t_info *)t2->data;
+
+ return (markinfo1->target == markinfo2->target &&
+ markinfo1->mark == markinfo2->mark);
+}
+
+static struct ebt_u_target mark_target =
+{
+ EBT_MARK_TARGET,
+ sizeof(struct ebt_mark_t_info),
+ print_help,
+ init,
+ parse,
+ final_check,
+ print,
+ compare,
+ opts,
+};
+
+static void _init(void) __attribute__ ((constructor));
+static void _init(void)
+{
+ register_target(&mark_target);
+}
diff --git a/userspace/ebtables2/extensions/ebt_mark_m.c b/userspace/ebtables2/extensions/ebt_mark_m.c
new file mode 100644
index 0000000..16caec5
--- /dev/null
+++ b/userspace/ebtables2/extensions/ebt_mark_m.c
@@ -0,0 +1,115 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <string.h>
+#include <getopt.h>
+#include "../include/ebtables_u.h"
+#include <linux/netfilter_bridge/ebt_mark_m.h>
+
+#define MARK '1'
+
+static struct option opts[] =
+{
+ { "mark" , required_argument, 0, MARK },
+ { 0 }
+};
+
+static void print_help()
+{
+ printf(
+"mark option:\n"
+"--mark [!] value[/mask]: Match nfmask value with optional mask\n");
+}
+
+static void init(struct ebt_entry_match *match)
+{
+ struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)match->data;
+
+ markinfo->mark = 0;
+ markinfo->mask = 0;
+ markinfo->invert = 0;
+}
+
+#define OPT_MARK 0x01
+static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
+ unsigned int *flags, struct ebt_entry_match **match)
+{
+ struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)
+ (*match)->data;
+ char *end;
+
+ switch (c) {
+ case MARK:
+ check_option(flags, MARK);
+ if (check_inverse(optarg))
+ markinfo->invert = 1;
+ if (optind > argc)
+ print_error("No mark specified");
+ markinfo->mark = strtoul(argv[optind - 1], &end, 0);
+ if (*end == '/')
+ markinfo->mask = strtoul(end+1, &end, 0);
+ else
+ markinfo->mask = 0xffffffff;
+ if ( *end != '\0' || end == argv[optind - 1])
+ print_error("Bad mark value '%s'", argv[optind - 1]);
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+static void final_check(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match, const char *name,
+ unsigned int hook_mask, unsigned int time)
+{
+}
+
+static void print(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match)
+{
+ struct ebt_mark_m_info *markinfo =
+ (struct ebt_mark_m_info *)match->data;
+
+ printf("--mark ");
+ if (markinfo->invert)
+ printf("! ");
+ if(markinfo->mask != 0xffffffff)
+ printf("0x%lx/0x%lx ", markinfo->mark, markinfo->mask);
+ else
+ printf("0x%lx ", markinfo->mark);
+}
+
+static int compare(const struct ebt_entry_match *m1,
+ const struct ebt_entry_match *m2)
+{
+ struct ebt_mark_m_info *markinfo1 = (struct ebt_mark_m_info *)m1->data;
+ struct ebt_mark_m_info *markinfo2 = (struct ebt_mark_m_info *)m2->data;
+
+ if (markinfo1->invert != markinfo2->invert)
+ return 0;
+ if (markinfo1->mark != markinfo2->mark)
+ return 0;
+ if (markinfo1->mask != markinfo2->mask)
+ return 0;
+ return 1;
+}
+
+static struct ebt_u_match mark_match =
+{
+ EBT_MARK_MATCH,
+ sizeof(struct ebt_mark_m_info),
+ print_help,
+ init,
+ parse,
+ final_check,
+ print,
+ compare,
+ opts,
+};
+
+static void _init(void) __attribute((constructor));
+static void _init(void)
+{
+ register_match(&mark_match);
+}