From ce251ce4227767051ab420e57c30f25df94162be Mon Sep 17 00:00:00 2001
From: Bart De Schuymer <bdschuym@pandora.be>
Date: Sat, 20 Jul 2002 16:15:39 +0000
Subject: *** empty log message ***

---
 .../include/linux/netfilter_bridge/ebt_mark_m.h    |  11 ++
 .../include/linux/netfilter_bridge/ebt_mark_t.h    |  12 ++
 kernel/linux/net/bridge/netfilter/ebt_mark.c       |  69 ++++++++++++
 kernel/linux/net/bridge/netfilter/ebt_mark_m.c     |  54 +++++++++
 userspace/ebtables2/ChangeLog                      |   2 +
 userspace/ebtables2/extensions/ebt_mark.c          | 121 +++++++++++++++++++++
 userspace/ebtables2/extensions/ebt_mark_m.c        | 115 ++++++++++++++++++++
 7 files changed, 384 insertions(+)
 create mode 100644 kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h
 create mode 100644 kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h
 create mode 100644 kernel/linux/net/bridge/netfilter/ebt_mark.c
 create mode 100644 kernel/linux/net/bridge/netfilter/ebt_mark_m.c
 create mode 100644 userspace/ebtables2/extensions/ebt_mark.c
 create mode 100644 userspace/ebtables2/extensions/ebt_mark_m.c

diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h
new file mode 100644
index 0000000..576d33b
--- /dev/null
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h
@@ -0,0 +1,11 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
+#define __LINUX_BRIDGE_EBT_MARK_M_H
+
+struct ebt_mark_m_info
+{
+	unsigned long mark, mask;
+	__u8 invert;
+};
+#define EBT_MARK_MATCH "mark_m"
+
+#endif
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h
new file mode 100644
index 0000000..f84d2ad
--- /dev/null
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h
@@ -0,0 +1,12 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
+#define __LINUX_BRIDGE_EBT_MARK_T_H
+
+struct ebt_mark_t_info
+{
+	unsigned long mark;
+	// EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
+	int target;
+};
+#define EBT_MARK_TARGET "mark"
+
+#endif
diff --git a/kernel/linux/net/bridge/netfilter/ebt_mark.c b/kernel/linux/net/bridge/netfilter/ebt_mark.c
new file mode 100644
index 0000000..1e4d98b
--- /dev/null
+++ b/kernel/linux/net/bridge/netfilter/ebt_mark.c
@@ -0,0 +1,69 @@
+/*
+ *  ebt_mark_t
+ *
+ *	Authors:
+ *	Bart De Schuymer <bart.de.schuymer@pandora.be>
+ *
+ *  July, 2002
+ *
+ */
+
+// The mark target can be used in any chain
+// I believe adding a mangle table just for marking is total overkill
+// Marking a frame doesn't really change anything in the frame anyway
+// The target member of the struct ebt_vlan_info provides the same
+// functionality as a separate table
+
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_mark_t.h>
+#include <linux/netfilter_bridge.h>
+#include <linux/skbuff.h>
+#include <linux/module.h>
+#include <net/sock.h>
+#include "../br_private.h"
+
+static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_mark_t_info *infostuff = (struct ebt_mark_t_info *) data;
+
+	if ((*pskb)->nfmark != infostuff->mark) {
+		(*pskb)->nfmark = infostuff->mark;
+		(*pskb)->nfcache |= NFC_ALTERED;
+	}
+	return infostuff->target;
+}
+
+static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
+   const struct ebt_entry *e, void *data, unsigned int datalen)
+{
+	struct ebt_mark_t_info *infostuff = (struct ebt_mark_t_info *) data;
+
+	if (datalen != sizeof(struct ebt_mark_t_info))
+		return -EINVAL;
+	if (infostuff->target < -NUM_STANDARD_TARGETS || infostuff->target >= 0)
+		return -EINVAL;
+	return 0;
+}
+
+static struct ebt_target mark_target =
+{
+	{NULL, NULL}, EBT_MARK_TARGET, ebt_target_mark,
+	ebt_target_mark_check, NULL, THIS_MODULE
+};
+
+static int __init init(void)
+{
+	return ebt_register_target(&mark_target);
+}
+
+static void __exit fini(void)
+{
+	ebt_unregister_target(&mark_target);
+}
+
+module_init(init);
+module_exit(fini);
+EXPORT_NO_SYMBOLS;
+MODULE_LICENSE("GPL");
diff --git a/kernel/linux/net/bridge/netfilter/ebt_mark_m.c b/kernel/linux/net/bridge/netfilter/ebt_mark_m.c
new file mode 100644
index 0000000..4972b09
--- /dev/null
+++ b/kernel/linux/net/bridge/netfilter/ebt_mark_m.c
@@ -0,0 +1,54 @@
+/*
+ *  ebt_mark_m
+ *
+ *	Authors:
+ *	Bart De Schuymer <bart.de.schuymer@pandora.be>
+ *
+ *  July, 2002
+ *
+ */
+
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_mark_m.h>
+#include <linux/module.h>
+
+static int ebt_filter_mark(const struct sk_buff *skb,
+	       const struct net_device *in,
+	       const struct net_device *out,
+	       const void *data,
+	       unsigned int datalen, const struct ebt_counter *c)
+{
+	struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data;
+
+	return !(((skb->nfmark & info->mask) == info->mark) ^ info->invert);
+}
+
+static int ebt_mark_check(const char *tablename, unsigned int hookmask,
+   const struct ebt_entry *e, void *data, unsigned int datalen)
+{
+	if (datalen != sizeof(struct ebt_mark_m_info)) {
+		return -EINVAL;
+	}
+	return 0;
+}
+
+static struct ebt_match filter_mark =
+{
+	{NULL, NULL}, EBT_MARK_MATCH, ebt_filter_mark, ebt_mark_check, NULL,
+	THIS_MODULE
+};
+
+static int __init init(void)
+{
+	return ebt_register_match(&filter_mark);
+}
+
+static void __exit fini(void)
+{
+	ebt_unregister_match(&filter_mark);
+}
+
+module_init(init);
+module_exit(fini);
+EXPORT_NO_SYMBOLS;
+MODULE_LICENSE("GPL");
diff --git a/userspace/ebtables2/ChangeLog b/userspace/ebtables2/ChangeLog
index 0e3e27a..20bb3f1 100644
--- a/userspace/ebtables2/ChangeLog
+++ b/userspace/ebtables2/ChangeLog
@@ -1,3 +1,5 @@
+20020720
+	* added mark target+match
 20020714
 	* added --atomic options
 20020710
diff --git a/userspace/ebtables2/extensions/ebt_mark.c b/userspace/ebtables2/extensions/ebt_mark.c
new file mode 100644
index 0000000..318e2b6
--- /dev/null
+++ b/userspace/ebtables2/extensions/ebt_mark.c
@@ -0,0 +1,121 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <getopt.h>
+#include "../include/ebtables_u.h"
+#include <linux/netfilter_bridge/ebt_mark_t.h>
+
+extern char *standard_targets[NUM_STANDARD_TARGETS];
+
+#define MARK_TARGET '1'
+#define MARK_SETMARK '2'
+static struct option opts[] =
+{
+	{ "mark-target"    , required_argument, 0, MARK_TARGET },
+	{ "set-mark"    , required_argument, 0, MARK_SETMARK },
+	{ 0 }
+};
+
+static void print_help()
+{
+	printf(
+	"mark target options:\n"
+	" --set-mark value   : Set nfmark value\n"
+	" --mark-target target   : ACCEPT, DROP or CONTINUE\n");
+}
+
+static void init(struct ebt_entry_target *target)
+{
+	struct ebt_mark_t_info *markinfo =
+	   (struct ebt_mark_t_info *)target->data;
+
+	markinfo->target = EBT_ACCEPT;
+	markinfo->mark = 0;
+	return;
+}
+
+#define OPT_MARK_TARGET  0x01
+#define OPT_MARK_SETMARK  0x02
+static int parse(int c, char **argv, int argc,
+   const struct ebt_u_entry *entry, unsigned int *flags,
+   struct ebt_entry_target **target)
+{
+	int i;
+	struct ebt_mark_t_info *markinfo =
+	   (struct ebt_mark_t_info *)(*target)->data;
+	char *end;
+
+	switch (c) {
+	case MARK_TARGET:
+		check_option(flags, OPT_MARK_TARGET);
+		for (i = 0; i < NUM_STANDARD_TARGETS; i++)
+			if (!strcmp(optarg, standard_targets[i])) {
+				markinfo->target = -i - 1;
+				break;
+			}
+		if (i == NUM_STANDARD_TARGETS)
+			print_error("Illegal --mark-target target");
+		break;
+	case MARK_SETMARK:
+		check_option(flags, OPT_MARK_SETMARK);
+		markinfo->mark = strtoul(optarg, &end, 0);
+		if (*end != '\0' || end == optarg)
+			print_error("Bad MARK value `%s'", optarg);
+                break;
+	 default:
+		return 0;
+	}
+	return 1;
+}
+
+static void final_check(const struct ebt_u_entry *entry,
+   const struct ebt_entry_target *target, const char *name,
+   unsigned int hook_mask, unsigned int time)
+{
+}
+
+static void print(const struct ebt_u_entry *entry,
+   const struct ebt_entry_target *target)
+{
+	struct ebt_mark_t_info *markinfo =
+	   (struct ebt_mark_t_info *)target->data;
+
+	printf("--set-mark 0x%lx", markinfo->mark);
+	if (markinfo->target == EBT_ACCEPT)
+		return;
+	printf(" --mark-target %s",
+	   standard_targets[-markinfo->target - 1]);
+}
+
+static int compare(const struct ebt_entry_target *t1,
+   const struct ebt_entry_target *t2)
+{
+	struct ebt_mark_t_info *markinfo1 =
+	   (struct ebt_mark_t_info *)t1->data;
+	struct ebt_mark_t_info *markinfo2 =
+	   (struct ebt_mark_t_info *)t2->data;
+
+	return (markinfo1->target == markinfo2->target && 
+	   markinfo1->mark == markinfo2->mark);
+}
+
+static struct ebt_u_target mark_target =
+{
+	EBT_MARK_TARGET,
+	sizeof(struct ebt_mark_t_info),
+	print_help,
+	init,
+	parse,
+	final_check,
+	print,
+	compare,
+	opts,
+};
+
+static void _init(void) __attribute__ ((constructor));
+static void _init(void)
+{
+	register_target(&mark_target);
+}
diff --git a/userspace/ebtables2/extensions/ebt_mark_m.c b/userspace/ebtables2/extensions/ebt_mark_m.c
new file mode 100644
index 0000000..16caec5
--- /dev/null
+++ b/userspace/ebtables2/extensions/ebt_mark_m.c
@@ -0,0 +1,115 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <string.h>
+#include <getopt.h>
+#include "../include/ebtables_u.h"
+#include <linux/netfilter_bridge/ebt_mark_m.h>
+
+#define MARK '1'
+
+static struct option opts[] =
+{
+	{ "mark"     , required_argument, 0, MARK },
+	{ 0 }
+};
+
+static void print_help()
+{
+	printf(
+"mark option:\n"
+"--mark    [!] value[/mask]: Match nfmask value with optional mask\n");
+}
+
+static void init(struct ebt_entry_match *match)
+{
+	struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)match->data;
+
+	markinfo->mark = 0;
+	markinfo->mask = 0;
+	markinfo->invert = 0;
+}
+
+#define OPT_MARK 0x01
+static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
+   unsigned int *flags, struct ebt_entry_match **match)
+{
+	struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)
+	   (*match)->data;
+	char *end;
+
+	switch (c) {
+	case MARK:
+		check_option(flags, MARK);
+		if (check_inverse(optarg))
+			markinfo->invert = 1;
+		if (optind > argc)
+			print_error("No mark specified");
+		markinfo->mark = strtoul(argv[optind - 1], &end, 0);
+		if (*end == '/')
+			markinfo->mask = strtoul(end+1, &end, 0);
+		else
+			markinfo->mask = 0xffffffff;
+		if ( *end != '\0' || end == argv[optind - 1])
+			print_error("Bad mark value '%s'", argv[optind - 1]);
+		break;
+	default:
+		return 0;
+	}
+	return 1;
+}
+
+static void final_check(const struct ebt_u_entry *entry,
+   const struct ebt_entry_match *match, const char *name,
+   unsigned int hook_mask, unsigned int time)
+{
+}
+
+static void print(const struct ebt_u_entry *entry,
+   const struct ebt_entry_match *match)
+{
+	struct ebt_mark_m_info *markinfo =
+	   (struct ebt_mark_m_info *)match->data;
+
+	printf("--mark ");
+	if (markinfo->invert)
+		printf("! ");
+	if(markinfo->mask != 0xffffffff)
+		printf("0x%lx/0x%lx ", markinfo->mark, markinfo->mask);
+	else
+		printf("0x%lx ", markinfo->mark);
+}
+
+static int compare(const struct ebt_entry_match *m1,
+   const struct ebt_entry_match *m2)
+{
+	struct ebt_mark_m_info *markinfo1 = (struct ebt_mark_m_info *)m1->data;
+	struct ebt_mark_m_info *markinfo2 = (struct ebt_mark_m_info *)m2->data;
+
+	if (markinfo1->invert != markinfo2->invert)
+		return 0;
+	if (markinfo1->mark != markinfo2->mark)
+		return 0;
+	if (markinfo1->mask != markinfo2->mask)
+		return 0;
+	return 1;
+}
+
+static struct ebt_u_match mark_match =
+{
+	EBT_MARK_MATCH,
+	sizeof(struct ebt_mark_m_info),
+	print_help,
+	init,
+	parse,
+	final_check,
+	print,
+	compare,
+	opts,
+};
+
+static void _init(void) __attribute((constructor));
+static void _init(void)
+{
+	register_match(&mark_match);
+}
-- 
cgit v1.2.3