From 199d31a20f95babd74d692beb89988e2fb851032 Mon Sep 17 00:00:00 2001 From: fnm3 Date: Fri, 14 Jun 2002 17:28:13 +0000 Subject: New parameter definitions addded Kernelspace changes for encapsulated protocol parameter Version changed Updated VLAN match extension section Removed empty lines at end of file Userspace changes - vlan encapsulated protocol match added --- userspace/ebtables2/Makefile | 2 +- userspace/ebtables2/ebtables.8 | 9 ++- userspace/ebtables2/ethertypes | 5 +- userspace/ebtables2/extensions/ebt_vlan.c | 119 ++++++++++++++++++++++++------ 4 files changed, 104 insertions(+), 31 deletions(-) (limited to 'userspace') diff --git a/userspace/ebtables2/Makefile b/userspace/ebtables2/Makefile index e82be17..8ebcd0f 100644 --- a/userspace/ebtables2/Makefile +++ b/userspace/ebtables2/Makefile @@ -2,7 +2,7 @@ KERNEL_DIR?=/usr/src/linux PROGNAME:=ebtables -PROGVERSION:="2.0pre6 (May 2002)" +PROGVERSION:="2.0pre8 (June 2002)" MANDIR?=/usr/local/man CFLAGS:=-Wall -Wunused diff --git a/userspace/ebtables2/ebtables.8 b/userspace/ebtables2/ebtables.8 index d0d7a18..b9d57c8 100644 --- a/userspace/ebtables2/ebtables.8 +++ b/userspace/ebtables2/ebtables.8 @@ -21,7 +21,7 @@ .\" .\" .SH NAME -ebtables(v.2.0) \- ethernet bridge packet table administration +ebtables (v.2.0) \- ethernet bridge packet table administration .SH SYNOPSIS .BR "ebtables -[ADI] " "chain rule-specification [options]" .br @@ -316,7 +316,7 @@ The ARP IP source address specification. .BR "--arp-ip-dst " "[!] \fIaddress\fP[/\fImask\fP]" The ARP IP destination address specification. .SS vlan -Specify 802.1Q VLAN specific fields. These will only work if the protocol equals +Specify 802.1Q Tag Control Information fields. These will only work if the protocol equals .BR 802_1Q . For more details see .BR "ebtables -h vlan" . @@ -325,7 +325,10 @@ For more details see The VLAN identifier (decimal number from 0 to 4095). .TP .BR "--vlan-prio " "[!] \fIprio\fP" -The VLAN priority type, this can be a decimal number from 0 to 7. The default value is 0. +The VLAN user priority type, this can be a decimal number from 0 to 7. The default value is 0. +.TP +.BR "--vlan-encap " "[!] \fIprotocol\fP" +The VLAN encapsulated protocol, this can be a hexadecimal number from 0000 to FFFF. The default value is 0. .SH WATCHER EXTENSION(S) Watchers are things that only look at frames passing by. These watchers only see the frame if the frame passes all the matches of the rule. diff --git a/userspace/ebtables2/ethertypes b/userspace/ebtables2/ethertypes index 0123bf3..e53d4f2 100644 --- a/userspace/ebtables2/ethertypes +++ b/userspace/ebtables2/ethertypes @@ -7,7 +7,7 @@ # programs using this file should not be case sensitive # that's all :-)) IPV4 0800 put your comments behind, on the same line, after a tab -X25 0800 or whitespace +X25 0805 or whitespace ARP 0806 802_1Q 8100 802.1Q Virtual LAN tagged frame IPX 8137 @@ -30,5 +30,4 @@ PPP_DISC 8863 PPPoE discovery messages PPP_SES 8864 PPPoE session messages ATMMPOA 884C MultiProtocol over ATM ATMFATE 8884 Frame-based ATM Transport over Ethernet - - +LOOP 9000 diff --git a/userspace/ebtables2/extensions/ebt_vlan.c b/userspace/ebtables2/extensions/ebt_vlan.c index ad3e6f7..580fa71 100644 --- a/userspace/ebtables2/extensions/ebt_vlan.c +++ b/userspace/ebtables2/extensions/ebt_vlan.c @@ -1,44 +1,49 @@ /* - * Summary: ebt_vlan userspace module - * - * Description: 802.1Q Virtual LAN match support module for ebtables project. - * Enable to match 802.1Q VLAN tagged frames by VLAN numeric - * identifier (12-bites field) and frame priority (3-bites field) + * Summary: ebt_vlan - 802.1 Q match extension module for userspace + * + * Description:802.1 Q Virtual LAN match support module for ebtables project. + * Enable to match 802.1 Q VLAN tagged frames by VLAN numeric + * identifier (12 - bits field) and user_priority (3 bits field) * * Authors: * Bart De Schuymer - * Nick Fedchik - * - * May, 2002 + * Nick Fedchik + * June, 2002 + * + * License: GPL + * */ - + +#include +#include #include -#include #include +#include #include -#include + #include -#include #include "../include/ebtables_u.h" -#include #define VLAN_ID '1' #define VLAN_PRIO '2' +#define VLAN_ENCAP '3' static struct option opts[] = { {"vlan-id", required_argument, 0, VLAN_ID}, {"vlan-prio", required_argument, 0, VLAN_PRIO}, + {"vlan-encap", required_argument, 0, VLAN_ENCAP}, {0} }; /* - * Print out help for ebtables -h vlan + * Print out local help by ebtables -h vlan */ static void print_help () { printf ("802.1Q VLAN options:\n" - "--vlan-id [!] id : VLAN ID 1-4095 (integer)\n" - "--vlan-prio [!] prio : VLAN Priority 0-7 (integer)\n"); + "--vlan-id [!] id : VLAN ID 1-4094 (integer)\n" + "--vlan-prio [!] prio : VLAN Priority 0-7 (integer)\n" + "--vlan-encap [!] proto : VLAN Encapsulated Protocol (integer or string as in /etc/ethertypes)\n"); } /* @@ -53,12 +58,18 @@ static void init (struct ebt_entry_match *match) */ vlaninfo->id = 0; vlaninfo->prio = 0; + vlaninfo->encap = 0; vlaninfo->invflags = 0; vlaninfo->bitmask = 0; } +/* + * option flags definition + */ #define OPT_VLAN_ID 0x01 #define OPT_VLAN_PRIO 0x02 +#define OPT_VLAN_ENCAP 0x04 + static int parse (int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, @@ -66,20 +77,24 @@ parse (int c, char **argv, int argc, { struct ebt_vlan_info *vlaninfo = (struct ebt_vlan_info *) (*match)->data; - unsigned short i; + unsigned long i; char *end; switch (c) { case VLAN_ID: + /* + * ebtables.c:check_option(unsigned int *flags, unsigned int mask) + * checking for multiple usage of same option + */ check_option (flags, OPT_VLAN_ID); /* - * Check If we got inversed arg for VID, + * Check If we got inversed arg for vlan-id option, * otherwise unset inversion flag */ if (check_inverse (optarg)) vlaninfo->invflags |= EBT_VLAN_ID; /* - * Check arg value presense + * Check arg value presence */ if (optind > argc) print_error ("Missing VLAN ID argument\n"); @@ -90,15 +105,21 @@ parse (int c, char **argv, int argc, */ (unsigned short) i = strtol (argv[optind - 1], &end, 10); /* - * Check arg val range + * Check arg val range */ - if (i < 1 || i >= 4096 || *end != '\0') { + if (i < 1 || i >= 4094 || *end != '\0') { i = 0; print_error ("Problem with specified VLAN ID range\n"); } + /* + * Set up parameter value + */ vlaninfo->id = i; - vlaninfo->bitmask|=EBT_VLAN_ID; + /* + * Set up parameter presence flag + */ + vlaninfo->bitmask |= EBT_VLAN_ID; break; case VLAN_PRIO: @@ -113,7 +134,7 @@ parse (int c, char **argv, int argc, * set *end to end of argv string, * base set 10 for decimal only */ - (unsigned short) i = strtol (argv[optind - 1], &end, 10); + (unsigned char) i = strtol (argv[optind - 1], &end, 10); /* * Check arg val range */ @@ -122,10 +143,45 @@ parse (int c, char **argv, int argc, print_error ("Problem with specified VLAN Priority range\n"); } + /* + * Set up parameter value + */ vlaninfo->prio = i; - vlaninfo->bitmask|=EBT_VLAN_PRIO; + /* + * Set up parameter presence flag + */ + vlaninfo->bitmask |= EBT_VLAN_PRIO; break; + case VLAN_ENCAP: + check_option (flags, OPT_VLAN_ENCAP); + if (check_inverse (optarg)) + vlaninfo->invflags |= EBT_VLAN_ENCAP; + if (optind > argc) + print_error + ("Missing VLAN Encapsulated Protocol argument\n"); + /* + * Parameter can be decimal, hexadecimal, or string. + * Check arg val range + */ + (unsigned short) i = strtol (argv[optind - 1], &end, 16); + if (*end == '\0' && (i < 0 || i > 0xFFFF)) + print_error + ("Problem with the specified encapsulated protocol"); + if (*end != '\0') + if (name_to_protocol (argv[optind - 1]) == -1) + print_error + ("Problem with the specified encapsulated" + "protocol"); + /* + * Set up parameter value (network notation) + */ + vlaninfo->encap = htons (i); + /* + * Set up parameter presence flag + */ + vlaninfo->bitmask |= EBT_VLAN_ENCAP; + break; default: return 0; } @@ -174,6 +230,14 @@ print (const struct ebt_u_entry *entry, vlaninfo->invflags & EBT_VLAN_PRIO ? "!" : "", vlaninfo->prio); } + /* + * Print VLAN encapsulated protocol if they are specified + */ + if (vlaninfo->bitmask & EBT_VLAN_ENCAP) { + printf ("vlan encap: %s%2.4X, ", + vlaninfo->invflags & EBT_VLAN_ENCAP ? "!" : "", + ntohs (vlaninfo->encap)); + } } @@ -209,6 +273,13 @@ compare (const struct ebt_entry_match *vlan1, if (vlaninfo1->prio != vlaninfo2->prio) return 0; }; + /* + * Compare VLAN Encap if they are present + */ + if (vlaninfo1->bitmask & EBT_VLAN_ENCAP) { + if (vlaninfo1->encap != vlaninfo2->encap) + return 0; + }; return 1; } -- cgit v1.2.3