--- ebtables-v2.0-rc1/Makefile Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/Makefile Sun Aug 11 17:28:10 2002 @@ -2,7 +2,8 @@ KERNEL_DIR?=/usr/src/linux PROGNAME:=ebtables -PROGVERSION:="2.0-rc1 (July 2002)" +PROGVERSION:="2.0-rc2" +PROGDATE:="August 2002" MANDIR?=/usr/local/man CFLAGS:=-Wall -Wunused @@ -22,8 +23,6 @@ mkdir -p /usr/include/linux/netfilter_bridge cp -f $(KERNEL_DIR)/include/linux/netfilter_bridge/* \ /usr/include/linux/netfilter_bridge/ - cp -f $(KERNEL_DIR)/include/linux/br_db.h \ - /usr/include/linux/br_db.h cp -f $(KERNEL_DIR)/include/linux/netfilter_bridge.h \ /usr/include/linux/netfilter_bridge.h cp -f $(KERNEL_DIR)/include/linux/if_ether.h \ @@ -35,11 +34,11 @@ ln -fs $(KERNEL_DIR)/include/linux /usr/include/linux communication.o: communication.c include/ebtables_u.h - $(CC) $(CFLAGS) -c -o $@ $< + $(CC) $(CFLAGS) -DPROGVERSION=\"$(PROGVERSION)\" -c -o $@ $< ebtables.o: ebtables.c include/ebtables_u.h $(CC) $(CFLAGS) -DPROGVERSION=\"$(PROGVERSION)\" \ - -DPROGNAME=\"$(PROGNAME)\" -c -o $@ $< + -DPROGNAME=\"$(PROGNAME)\" -DPROGDATE=\"$(PROGDATE)\" -c -o $@ $< ebtables: ebtables.o communication.o $(EXT_OBJS) $(CC) $(CFLAGS) -o $@ $^ --- ebtables-v2.0-rc1/ebtables.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/ebtables.c Sat Aug 24 20:32:04 2002 @@ -23,20 +23,28 @@ #include #include -#include #include #include -#include -#include -#include -#include // the database -#include +#include #include #include "include/ebtables_u.h" #include #include #include +// Don't use this function, use print_bug() +void __print_bug(char *file, int line, char *format, ...) +{ + va_list l; + + va_start(l, format); + printf(PROGNAME" v"PROGVERSION":%s:%d:--BUG--: \n", file, line); + vprintf(format, l); + printf("\n"); + va_end(l); + exit (-1); +} + // here are the number-name correspondences kept for the Ethernet // frame type field #define PROTOCOLFILE "/etc/ethertypes" @@ -45,11 +53,6 @@ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" #endif -#define DATABASEHOOKNR -2 -#define DATABASEHOOKNAME "DB" - -static char *prog_name = PROGNAME; -static char *prog_version = PROGVERSION; char *hooknames[NF_BR_NUMHOOKS] = { [NF_BR_PRE_ROUTING]"PREROUTING", @@ -193,7 +196,7 @@ // on CONTINUE e->t = (struct ebt_entry_target *)find_target(EBT_STANDARD_TARGET); if (!e->t) - print_bug("Couldn't load standard target\n"); + print_bug("Couldn't load standard target"); } // this doesn't free e, becoz the calling function might need e->next @@ -432,6 +435,7 @@ // translate a hexadecimal number to a protocol name, parsing /etc/ethertypes // returns 0 on success +// this demands the name buffer to be of size at least 21 int number_to_name(unsigned short proto, char *name) { FILE *ifp; @@ -476,9 +480,9 @@ printf("ebtables -t %s -P %s %s\n", replace.name, entries->name, standard_targets[-entries->policy - 1]); } else if (!(replace.flags & LIST_X)) { - printf("\nBridge chain: %s\nPolicy: %s\n", entries->name, + printf("\nBridge chain: %s, entries: %d, policy: %s\n", + entries->name, entries->nentries, standard_targets[-entries->policy - 1]); - printf("nr. of entries: %d \n", entries->nentries); } i = entries->nentries; @@ -759,10 +763,6 @@ int i; struct ebt_u_chain_list *cl = replace.udc; - // database is special case (not really a chain) - if (!strcmp(arg, DATABASEHOOKNAME)) - return DATABASEHOOKNR; - for (i = 0; i < NF_BR_NUMHOOKS; i++) { if (!(replace.valid_hooks & (1 << i))) continue; @@ -784,27 +784,25 @@ struct ebt_u_match_list *m_l; struct ebt_u_watcher_list *w_l; - printf( -"%s v%s\n" + printf(PROGNAME" v"PROGVERSION" ("PROGDATE")\n" "Usage:\n" "ebtables -[ADI] chain rule-specification [options]\n" "ebtables -P chain target\n" "ebtables -[LFZ] [chain]\n" "ebtables -[b] [y,n]\n" "Commands:\n" -"--append -A chain : Append to chain\n" -"--delete -D chain : Delete matching rule from chain\n" -"--delete -D chain rulenum : Delete rule at position rulenum from chain\n" +"--append -A chain : append to chain\n" +"--delete -D chain : delete matching rule from chain\n" +"--delete -D chain rulenum : delete rule at position rulenum from chain\n" "--insert -I chain rulenum : insert rule at position rulenum in chain\n" -"--list -L [chain] : List the rules in a chain or in all chains\n" -"--list -L "DATABASEHOOKNAME" : List the database (if present)\n" -"--flush -F [chain] : Delete all rules in chain or in all chains\n" -"--init-table : Replace the kernel table with the initial table\n" -"--zero -Z [chain] : Put counters on zero in chain or in all chains\n" -"--policy -P chain target : Change policy on chain to target\n" -"--new-chain -N chain : Create a user defined chain\n" -"--rename-chain -E old new : Rename a chain\n" -"--delete-chain -X chain : Delete a user defined chain\n" +"--list -L [chain] : list the rules in a chain or in all chains\n" +"--flush -F [chain] : delete all rules in chain or in all chains\n" +"--init-table : replace the kernel table with the initial table\n" +"--zero -Z [chain] : put counters on zero in chain or in all chains\n" +"--policy -P chain target : change policy on chain to target\n" +"--new-chain -N chain : create a user defined chain\n" +"--rename-chain -E old new : rename a chain\n" +"--delete-chain -X chain : delete a user defined chain\n" "--atomic-commit file : update the kernel w/ the table contained in file\n" "--atomic-init file : put the initial kernel table into file\n" "--atomic-save file : put the current kernel table into file\n" @@ -819,9 +817,7 @@ "--logical-out [!] name : logical bridge output interface name\n" "--modprobe -M program : try to insert modules using this program\n" "--version -V : print package version\n" -"\n" , - prog_name, - prog_version); +"\n"); m_l = new_entry->m_list; while (m_l) { @@ -1311,66 +1307,6 @@ } } -// list the database (optionally compiled into the kernel) -static void list_db() -{ - struct brdb_dbinfo nr; - struct brdb_dbentry *db; - char name[21]; - int i; - - get_dbinfo(&nr); - - // 0 : database disabled (-db n) - if (!(nr.nentries)) - print_error("Database not present" - " (disabled), try ebtables --db y"); - nr.nentries--; - if (!nr.nentries) print_error("Database empty"); - if ( !(db = (struct brdb_dbentry *) - malloc(nr.nentries * sizeof(struct brdb_dbentry))) ) - print_memory(); - - get_db(nr.nentries, db); - printf("number of entries: %d\n", nr.nentries); - for (i = 0; i < nr.nentries; i++) { - printf( - "%d:\n" - "hook : %s\n" - "in-if : %s\n" - "out-if : %s\n" - "protocol: ", i + 1, hooknames[db->hook], db->in, db->out); - if (db->ethproto == IDENTIFY802_3) - printf("802.2/802.3 STYLE LENGTH FIELD\n"); - else { - if (number_to_name(ntohs(db->ethproto), name)) - printf("%x\n",ntohs(db->ethproto)); - else - printf("%s\n", name); - } - db++; - } - exit(0); -} - -// handle db [dis,en]abling -static void allowdb(char yorn) -{ - __u16 decision; - - if (yorn != 'y' && yorn != 'n') - print_error("Option [y] or [n] needed"); - - if (yorn == 'y') - decision = BRDB_DB; - else - decision = BRDB_NODB; - - deliver_allowdb(&decision); - - exit(0); -} - // 0 == success // 1 == success, but for the special 'protocol' LENGTH // -1 == failure @@ -1526,8 +1462,14 @@ print_error("The kernel doesn't support the ebtables " "%s table", replace.name); } + // when listing a table contained in a file, we don't expect the user + // to know what the table's name is + if ( !(table = find_table(replace.name)) ) + print_error("Bad table name"); } +#define print_if_l_error print_error("Interface name length must be less " \ + "than %d", IFNAMSIZ) #define OPT_COMMAND 0x01 #define OPT_TABLE 0x02 #define OPT_IN 0x04 @@ -1542,7 +1484,7 @@ // the main thing int main(int argc, char *argv[]) { - char *buffer, allowbc = 'n'; + char *buffer; int c, i; // this special one for the -Z option (we can have -Z -L ) int zerochain = -1; @@ -1576,7 +1518,7 @@ // getopt saves the day while ((c = getopt_long(argc, argv, - "-A:D:I:N:E:X:L::Z::F::P:Vhi:o:j:p:b:s:d:t:M:", ebt_options, NULL)) != -1) { + "-A:D:I:N:E:X:L::Z::F::P:Vhi:o:j:p:s:d:t:M:", ebt_options, NULL)) != -1) { switch (c) { case 'A': // add a rule @@ -1738,7 +1680,7 @@ replace.command = 'V'; if (replace.flags & OPT_COMMAND) print_error("Multiple commands not allowed"); - printf("%s, %s\n", prog_name, prog_version); + printf(PROGNAME" v"PROGVERSION" ("PROGDATE")\n"); exit(0); case 'M': // modprobe @@ -1812,7 +1754,7 @@ print_error("No in-interface " "specified"); if (strlen(argv[optind - 1]) >= IFNAMSIZ) - print_error("Illegal interface length"); + print_if_l_error; strcpy(new_entry->in, argv[optind - 1]); break; } @@ -1830,7 +1772,7 @@ print_error("No logical in-interface " "specified"); if (strlen(argv[optind - 1]) >= IFNAMSIZ) - print_error("Illegal interface length"); + print_if_l_error; strcpy(new_entry->logical_in, argv[optind - 1]); break; } @@ -1848,8 +1790,7 @@ "specified"); if (strlen(argv[optind - 1]) >= IFNAMSIZ) - print_error("Illegal interface " - "length"); + print_if_l_error; strcpy(new_entry->out, argv[optind - 1]); break; } @@ -1867,8 +1808,7 @@ "specified"); if (strlen(argv[optind - 1]) >= IFNAMSIZ) - print_error("Illegal interface " - "length"); + print_if_l_error; strcpy(new_entry->logical_out, argv[optind - 1]); break; @@ -1972,18 +1912,8 @@ " or equal to 0x0600"); break; - case 'b': // allow database? - if (replace.flags & OPT_COMMAND) - print_error("Multiple commands not allowed"); - replace.command = c; - allowbc = *optarg; - break; - case 4 : // Lc check_option(&replace.flags, LIST_C); - if (replace.selected_hook == DATABASEHOOKNR) - print_error("--Lc not valid for listing" - " the database"); if (replace.command != 'L') print_error("Use --Lc with -L"); if (replace.flags & LIST_X) @@ -1992,9 +1922,6 @@ break; case 5 : // Ln check_option(&replace.flags, LIST_N); - if (replace.selected_hook == DATABASEHOOKNR) - print_error("--Ln not valid for listing" - " the database"); if (replace.command != 'L') print_error("Use --Ln with -L"); if (replace.flags & LIST_X) @@ -2003,9 +1930,6 @@ break; case 6 : // Lx check_option(&replace.flags, LIST_X); - if (replace.selected_hook == DATABASEHOOKNR) - print_error("--Lx not valid for listing" - " the database"); if (replace.command != 'L') print_error("Use --Lx with -L"); if (replace.flags & LIST_C) @@ -2039,6 +1963,7 @@ // make sure the table will be written to the kernel free(replace.filename); replace.filename = NULL; + ebtables_insmod("ebtables", modprobe); break; case 7 : // atomic-init case 10: // atomic-save @@ -2106,11 +2031,6 @@ if ( !table && !(table = find_table(replace.name)) ) print_error("Bad table name"); - // database stuff before ebtables stuff - if (replace.command == 'b') - allowdb(allowbc); - if (replace.command == 'L' && replace.selected_hook == DATABASEHOOKNR) - list_db(); if ( (replace.flags & OPT_COMMAND) && replace.command != 'L' && replace.flags & OPT_ZERO ) @@ -2148,9 +2068,13 @@ // the kernel does not have to do this ofcourse new_entry->ethproto = htons(new_entry->ethproto); - if (replace.command == 'P') + if (replace.command == 'P') { + if (replace.selected_hook < NF_BR_NUMHOOKS && + policy == EBT_RETURN) + print_error("Policy RETURN only allowed for user " + "defined chains"); change_policy(policy); - else if (replace.command == 'L') { + } else if (replace.command == 'L') { list_rules(); if (replace.flags & OPT_ZERO) zero_counters(zerochain); --- ebtables-v2.0-rc1/communication.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/communication.c Sat Aug 24 20:33:51 2002 @@ -17,9 +17,6 @@ #include #include #include -#include -#include -#include // IPPROTO_IP #include "include/ebtables_u.h" extern char* hooknames[NF_BR_NUMHOOKS]; @@ -32,7 +29,8 @@ sockfd = socket(AF_INET, SOCK_RAW, PF_INET); if (sockfd < 0) print_error("Problem getting a socket, " - "do you have the right permissions?"); + "you probably don't have the right " + "permissions"); } } @@ -556,7 +554,7 @@ char command) { FILE *file; - char *hlp; + char *hlp = NULL; int size; if (!(file = fopen(filename, "r+b"))) @@ -658,9 +656,11 @@ struct ebt_u_entry **u_e; strcpy(repl.name, u_repl->name); - if (u_repl->filename != NULL) + if (u_repl->filename != NULL) { retrieve_from_file(u_repl->filename, &repl, u_repl->command); - else if (retrieve_from_kernel(&repl, u_repl->command) == -1) + // -L with a wrong table name should be dealt with silently + strcpy(u_repl->name, repl.name); + } else if (retrieve_from_kernel(&repl, u_repl->command) == -1) return -1; // translate the struct ebt_replace to a struct ebt_u_replace @@ -682,38 +682,4 @@ if (k != u_repl->nentries) print_bug("Wrong total nentries"); return 0; -} - -void get_dbinfo(struct brdb_dbinfo *nr) -{ - socklen_t optlen = sizeof(struct brdb_dbinfo); - - get_sockfd(); - - if (getsockopt(sockfd, IPPROTO_IP, BRDB_SO_GET_DBINFO, nr, &optlen)) - print_error("Sorry, br_db code probably not in kernel, " - "try insmod br_db"); -} - -void get_db(int len, struct brdb_dbentry *db) -{ - socklen_t optlen = len; - - get_sockfd(); - - if ( getsockopt(sockfd, IPPROTO_IP, BRDB_SO_GET_DB, db, &optlen) ) { - print_bug("hmm, what is wrong??? bug#2"); - } -} - -void deliver_allowdb(__u16 *decision) -{ - socklen_t optlen = sizeof(__u16); - - get_sockfd(); - - if (setsockopt(sockfd, IPPROTO_IP, BRDB_SO_SET_ALLOWDB, - decision, optlen)) - print_error("Sorry, br_db code probably not in kernel, " - "try insmod br_db"); } --- ebtables-v2.0-rc1/extensions/ebt_redirect.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/extensions/ebt_redirect.c Sat Aug 24 15:31:38 2002 @@ -1,14 +1,10 @@ #include #include #include -#include -#include #include #include "../include/ebtables_u.h" #include -extern char *standard_targets[NUM_STANDARD_TARGETS]; - #define REDIRECT_TARGET '1' static struct option opts[] = { @@ -37,19 +33,13 @@ const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_redirect_info *redirectinfo = (struct ebt_redirect_info *)(*target)->data; switch (c) { case REDIRECT_TARGET: check_option(flags, OPT_REDIRECT_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - redirectinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, redirectinfo->target)) print_error("Illegal --redirect-target target"); break; default: @@ -60,17 +50,17 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { struct ebt_redirect_info *redirectinfo = (struct ebt_redirect_info *)target->data; - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && - redirectinfo->target == EBT_RETURN) - print_error("--redirect-target RETURN not allowed on base chain"); - hook_mask &= ~(1 << NF_BR_NUMHOOKS); - if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) && - ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) ) + if (BASE_CHAIN && redirectinfo->target == EBT_RETURN) + print_error("--redirect-target RETURN not allowed on " + "base chain"); + CLEAR_BASE_CHAIN_BIT; + if ( ((hookmask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) && + ((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) ) print_error("Wrong chain for redirect"); } @@ -82,8 +72,7 @@ if (redirectinfo->target == EBT_ACCEPT) return; - printf(" --redirect-target %s", - standard_targets[-redirectinfo->target - 1]); + printf(" --redirect-target %s", TARGET_NAME(redirectinfo->target)); } static int compare(const struct ebt_entry_target *t1, @@ -107,7 +96,7 @@ final_check, print, compare, - opts, + opts }; static void _init(void) __attribute__ ((constructor)); --- ebtables-v2.0-rc1/extensions/ebtable_broute.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/extensions/ebtable_broute.c Tue Aug 13 12:59:14 2002 @@ -1,5 +1,4 @@ #include -#include #include "../include/ebtables_u.h" --- ebtables-v2.0-rc1/extensions/ebt_nat.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/extensions/ebt_nat.c Sat Aug 24 15:31:03 2002 @@ -1,16 +1,12 @@ #include #include #include -#include -#include #include #include #include "../include/ebtables_u.h" #include -extern char *standard_targets[NUM_STANDARD_TARGETS]; - -int to_source_supplied, to_dest_supplied; +static int to_source_supplied, to_dest_supplied; #define NAT_S '1' #define NAT_D '1' @@ -20,7 +16,7 @@ { { "to-source" , required_argument, 0, NAT_S }, { "to-src" , required_argument, 0, NAT_S }, - { "snat-target" , required_argument, 0, NAT_S_TARGET }, + { "snat-target" , required_argument, 0, NAT_S_TARGET }, { 0 } }; @@ -28,7 +24,7 @@ { { "to-destination", required_argument, 0, NAT_D }, { "to-dst" , required_argument, 0, NAT_D }, - { "dnat-target" , required_argument, 0, NAT_D_TARGET }, + { "dnat-target" , required_argument, 0, NAT_D_TARGET }, { 0 } }; @@ -72,7 +68,6 @@ const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; struct ether_addr *addr; @@ -86,12 +81,7 @@ break; case NAT_S_TARGET: check_option(flags, OPT_SNAT_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - natinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, natinfo->target)) print_error("Illegal --snat-target target"); break; default: @@ -106,7 +96,6 @@ const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; struct ether_addr *addr; @@ -121,12 +110,7 @@ break; case NAT_D_TARGET: check_option(flags, OPT_DNAT_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - natinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, natinfo->target)) print_error("Illegal --dnat-target target"); break; default: @@ -137,14 +121,14 @@ static void final_check_s(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && natinfo->target == EBT_RETURN) + if (BASE_CHAIN && natinfo->target == EBT_RETURN) print_error("--snat-target RETURN not allowed on base chain"); - hook_mask &= ~(1 << NF_BR_NUMHOOKS); - if (!(hook_mask & (1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) + CLEAR_BASE_CHAIN_BIT; + if ((hookmask & ~(1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) print_error("Wrong chain for snat"); if (time == 0 && to_source_supplied == 0) print_error("No snat address supplied"); @@ -152,16 +136,16 @@ static void final_check_d(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && natinfo->target == EBT_RETURN) + if (BASE_CHAIN && natinfo->target == EBT_RETURN) print_error("--dnat-target RETURN not allowed on base chain"); - hook_mask &= ~(1 << NF_BR_NUMHOOKS); - if (((hook_mask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) || - strcmp(name, "nat")) && - ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) + CLEAR_BASE_CHAIN_BIT; + if (((hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) + || strcmp(name, "nat")) && + ((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) print_error("Wrong chain for dnat"); if (time == 0 && to_dest_supplied == 0) print_error("No dnat address supplied"); @@ -174,7 +158,7 @@ printf("--to-src "); printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); - printf(" --snat-target %s", standard_targets[-natinfo->target - 1]); + printf(" --snat-target %s", TARGET_NAME(natinfo->target)); } static void print_d(const struct ebt_u_entry *entry, @@ -184,7 +168,7 @@ printf("--to-dst "); printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); - printf(" --dnat-target %s", standard_targets[-natinfo->target - 1]); + printf(" --dnat-target %s", TARGET_NAME(natinfo->target)); } static int compare(const struct ebt_entry_target *t1, @@ -221,7 +205,7 @@ final_check_d, print_d, compare, - opts_d, + opts_d }; static void _init(void) __attribute__ ((constructor)); --- ebtables-v2.0-rc1/extensions/ebt_ip.c Thu Jun 27 18:53:55 2002 +++ ebtables-v2.0-rc2/extensions/ebt_ip.c Thu Aug 29 18:53:30 2002 @@ -1,7 +1,5 @@ #include #include -#include -#include #include #include #include "../include/ebtables_u.h" @@ -28,7 +26,8 @@ static int undot_ip(char *ip, unsigned char *ip2) { char *p, *q, *end; - int onebyte, i; + long int onebyte; + int i; char buf[20]; strncpy(buf, ip, sizeof(buf) - 1); @@ -46,7 +45,7 @@ } onebyte = strtol(p, &end, 10); - if (*end != '\0' || onebyte >255 || onebyte < 0) + if (*end != '\0' || onebyte > 255 || onebyte < 0) return -1; ip2[3] = (unsigned char)onebyte; @@ -57,8 +56,8 @@ static int ip_mask(char *mask, unsigned char *mask2) { char *end; - int bits; - __u32 mask22; + long int bits; + uint32_t mask22; if (undot_ip(mask, mask2)) { // not the /a.b.c.e format, maybe the /x format @@ -77,39 +76,38 @@ } // set the ip mask and ip address -void parse_ip_address(char *address, __u32 *addr, __u32 *msk) +void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk) { char *p; - int i; // first the mask if ((p = strrchr(address, '/')) != NULL) { *p = '\0'; - i = ip_mask(p + 1, (unsigned char *)msk); - if (i) - print_error("Problem with the ip mask"); + if (ip_mask(p + 1, (unsigned char *)msk)) + print_error("Problem with the IP mask"); } else *msk = 0xFFFFFFFF; - i = undot_ip(address, (unsigned char *)addr); - if (i) - print_error("Problem with the ip address"); + if (undot_ip(address, (unsigned char *)addr)) + print_error("Problem with the IP address"); *addr = *addr & *msk; } // transform the ip mask into a string ready for output -char *mask_to_dotted(__u32 mask) +char *mask_to_dotted(uint32_t mask) { int i; static char buf[20]; - __u32 maskaddr, bits; + uint32_t maskaddr, bits; maskaddr = ntohl(mask); // don't print /32 - if (mask == 0xFFFFFFFFL) - return ""; + if (mask == 0xFFFFFFFFL) { + *buf = '\0'; + return buf; + } i = 32; bits = 0xFFFFFFFEL; // case 0xFFFFFFFF has just been dealt with @@ -156,7 +154,7 @@ { struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)(*match)->data; char *end; - int i; + long int i; switch (c) { case IP_SOURCE: @@ -176,7 +174,7 @@ } if (optind > argc) - print_error("Missing ip address argument"); + print_error("Missing IP address argument"); if (c == IP_SOURCE) parse_ip_address(argv[optind - 1], &ipinfo->saddr, &ipinfo->smsk); @@ -191,10 +189,10 @@ ipinfo->invflags |= EBT_IP_TOS; if (optind > argc) - print_error("Missing ip tos argument"); + print_error("Missing IP tos argument"); i = strtol(argv[optind - 1], &end, 16); if (i < 0 || i > 255 || *end != '\0') - print_error("Problem with specified ip tos"); + print_error("Problem with specified IP tos"); ipinfo->tos = i; ipinfo->bitmask |= EBT_IP_TOS; break; @@ -204,10 +202,10 @@ if (check_inverse(optarg)) ipinfo->invflags |= EBT_IP_PROTO; if (optind > argc) - print_error("Missing ip protocol argument"); + print_error("Missing IP protocol argument"); i = strtol(argv[optind - 1], &end, 10); if (i < 0 || i > 255 || *end != '\0') - print_error("Problem with specified ip protocol"); + print_error("Problem with specified IP protocol"); ipinfo->protocol = i; ipinfo->bitmask |= EBT_IP_PROTO; break; @@ -219,10 +217,9 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { - if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || - entry->ethproto != ETH_P_IP) + if (entry->ethproto != ETH_P_IP || entry->invflags & EBT_IPROTO) print_error("For IP filtering the protocol must be " "specified as IPv4"); } @@ -259,7 +256,7 @@ } if (ipinfo->bitmask & EBT_IP_PROTO) { printf("--ip-proto "); - if (ipinfo->invflags & EBT_IP_DEST) + if (ipinfo->invflags & EBT_IP_PROTO) printf("! "); printf("%d ", ipinfo->protocol); } @@ -308,7 +305,7 @@ final_check, print, compare, - opts, + opts }; static void _init(void) __attribute((constructor)); --- ebtables-v2.0-rc1/extensions/ebt_arp.c Thu Jun 27 18:53:55 2002 +++ ebtables-v2.0-rc2/extensions/ebt_arp.c Thu Aug 29 18:54:13 2002 @@ -1,8 +1,6 @@ #include #include #include -#include -#include #include #include "../include/ebtables_u.h" #include @@ -23,40 +21,38 @@ { 0 } }; +#define NUMOPCODES 9 // a few names static char *opcodes[] = { "Request", "Reply", - "Request Reverse", - "Reply Reverse", - "DRARP Request", - "DRARP Reply", - "DRARP Error", - "InARP Request", - "ARP NAK", - "" + "Request_Reverse", + "Reply_Reverse", + "DRARP_Request", + "DRARP_Reply", + "DRARP_Error", + "InARP_Request", + "ARP_NAK", }; static void print_help() { - int i = 0; + int i; printf( "arp options:\n" "--arp-opcode opcode : ARP opcode (integer or string)\n" "--arp-htype type : ARP hardware type (integer or string)\n" "--arp-ptype type : ARP protocol type (hexadecimal or string)\n" -"--arp-ip-src [!] address[/mask]: ARP ip source specification\n" -"--arp-ip-dst [!] address[/mask]: ARP ip target specification\n" +"--arp-ip-src [!] address[/mask]: ARP IP source specification\n" +"--arp-ip-dst [!] address[/mask]: ARP IP target specification\n" " opcode strings: \n"); - while (strcmp(opcodes[i], "")) { + for (i = 0; i < NUMOPCODES; i++) printf("%d = %s\n", i + 1, opcodes[i]); - i++; - } printf( -" hardware type string: \n 1 = Ethernet\n" -" protocol type string: \n 0x0800 = IPv4\n"); +" hardware type string: 1 = Ethernet\n" +" protocol type string: see /etc/ethertypes\n"); } static void init(struct ebt_entry_match *match) @@ -68,7 +64,7 @@ } // defined in ebt_ip.c -void parse_ip_address(char *address, __u32 *addr, __u32 *msk); +void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk); #define OPT_OPCODE 0x01 #define OPT_HTYPE 0x02 @@ -79,10 +75,10 @@ unsigned int *flags, struct ebt_entry_match **match) { struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data; - int i; + long int i; char *end; - __u32 *addr; - __u32 *mask; + uint32_t *addr; + uint32_t *mask; switch (c) { case ARP_OPCODE: @@ -91,18 +87,16 @@ arpinfo->invflags |= EBT_ARP_OPCODE; if (optind > argc) - print_error("Missing arp opcode argument"); + print_error("Missing ARP opcode argument"); i = strtol(argv[optind - 1], &end, 10); if (i < 0 || i >= (0x1 << 16) || *end !='\0') { - i = 0; - while (strcmp(opcodes[i], "")) { + for (i = 0; i < NUMOPCODES; i++) if (!strcasecmp(opcodes[i], optarg)) break; - i++; - } - if (!strcmp(opcodes[i], "")) + if (i == NUMOPCODES) print_error("Problem with specified " - "arp opcode"); + "ARP opcode"); + i++; } arpinfo->opcode = htons(i); arpinfo->bitmask |= EBT_ARP_OPCODE; @@ -114,13 +108,13 @@ arpinfo->invflags |= EBT_ARP_HTYPE; if (optind > argc) - print_error("Missing arp hardware type argument"); + print_error("Missing ARP hardware type argument"); i = strtol(argv[optind - 1], &end, 10); if (i < 0 || i >= (0x1 << 16) || *end !='\0') { if (!strcasecmp("Ethernet", argv[optind - 1])) i = 1; else - print_error("Problem with specified arp " + print_error("Problem with specified ARP " "hardware type"); } arpinfo->htype = htons(i); @@ -128,23 +122,26 @@ break; case ARP_PTYPE: + { + uint16_t proto; + check_option(flags, OPT_PTYPE); if (check_inverse(optarg)) arpinfo->invflags |= EBT_ARP_PTYPE; if (optind > argc) - print_error("Missing arp protocol type argument"); + print_error("Missing ARP protocol type argument"); i = strtol(argv[optind - 1], &end, 16); if (i < 0 || i >= (0x1 << 16) || *end !='\0') { - if (!strcasecmp("IPv4", argv[optind - 1])) - i = 0x0800; - else - print_error("Problem with specified arp " + if (name_to_number (argv[optind - 1], &proto) == -1) + print_error("Problem with specified ARP " "protocol type"); - } - arpinfo->ptype = htons(i); + } else + proto = i; + arpinfo->ptype = htons(proto); arpinfo->bitmask |= EBT_ARP_PTYPE; break; + } case ARP_IP_S: case ARP_IP_D: @@ -166,7 +163,7 @@ arpinfo->invflags |= EBT_ARP_DST_IP; } if (optind > argc) - print_error("Missing ip address argument"); + print_error("Missing ARP IP address argument"); parse_ip_address(argv[optind - 1], addr, mask); break; default: @@ -177,27 +174,33 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { - if (entry->bitmask & EBT_NOPROTO || entry->bitmask & EBT_802_3 || - (entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP)) + if ((entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP) || + entry->invflags & EBT_IPROTO) print_error("For (R)ARP filtering the protocol must be " "specified as ARP or RARP"); } // defined in the ebt_ip.c -char *mask_to_dotted(__u32 mask); +char *mask_to_dotted(uint32_t mask); + static void print(const struct ebt_u_entry *entry, const struct ebt_entry_match *match) { struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data; int i; + char name[21]; if (arpinfo->bitmask & EBT_ARP_OPCODE) { + int opcode = ntohs(arpinfo->opcode); printf("--arp-op "); if (arpinfo->invflags & EBT_ARP_OPCODE) printf("! "); - printf("%d ", ntohs(arpinfo->opcode)); + if (opcode > 0 && opcode <= NUMOPCODES) + printf("%s ", opcodes[opcode - 1]); + else + printf("%d ", opcode); } if (arpinfo->bitmask & EBT_ARP_HTYPE) { printf("--arp-htype "); @@ -209,7 +212,10 @@ printf("--arp-ptype "); if (arpinfo->invflags & EBT_ARP_PTYPE) printf("! "); - printf("0x%x ", ntohs(arpinfo->ptype)); + if (number_to_name(ntohs(arpinfo->ptype), name)) + printf("0x%x ", ntohs(arpinfo->ptype)); + else + printf("%s ", name); } if (arpinfo->bitmask & EBT_ARP_SRC_IP) { printf("--arp-ip-src "); @@ -278,7 +284,7 @@ final_check, print, compare, - opts, + opts }; static void _init(void) __attribute__ ((constructor)); --- ebtables-v2.0-rc1/extensions/ebt_vlan.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/extensions/ebt_vlan.c Thu Aug 29 18:55:02 2002 @@ -32,8 +32,6 @@ #include #include -#include -#include #include #include #include "../include/ebtables_u.h" @@ -106,7 +104,7 @@ (struct ebt_vlan_info *) (*match)->data; unsigned long i; char *end; - __u16 encap; + uint16_t encap; switch (c) { case VLAN_ID: /* @@ -128,7 +126,7 @@ /* * Convert argv to long int, * set *end to end of argv string, - * base set 10 for decimal only + * base set 10 for decimal only */ (unsigned short) i = strtol (argv[optind - 1], &end, 10); /* @@ -217,15 +215,16 @@ static void final_check (const struct ebt_u_entry *entry, const struct ebt_entry_match *match, - const char *name, unsigned int hook, unsigned int time) + const char *name, unsigned int hookmask, unsigned int time) { struct ebt_vlan_info *vlaninfo = (struct ebt_vlan_info *) match->data; /* - * Is any proto param specified there? Or specified proto isn't 802.1Q? + * Specified proto isn't 802.1Q? */ - if (entry->bitmask & EBT_NOPROTO || entry->ethproto != ETH_P_8021Q) + if (entry->ethproto != ETH_P_8021Q || + entry->invflags & EBT_IPROTO) print_error ("For use 802.1Q extension the protocol must be specified as 802_1Q"); /* @@ -334,7 +333,7 @@ final_check, print, compare, - opts, + opts }; static void _init (void) __attribute__ ((constructor)); --- ebtables-v2.0-rc1/extensions/ebt_log.c Thu Jun 27 18:53:55 2002 +++ ebtables-v2.0-rc2/extensions/ebt_log.c Sat Aug 24 15:29:50 2002 @@ -1,7 +1,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -16,11 +15,12 @@ #define LOG_NOTICE 5 // normal but significant condition #define LOG_INFO 6 // informational #define LOG_DEBUG 7 // debug-level messages + #define LOG_DEFAULT_LEVEL LOG_INFO typedef struct _code { - char *c_name; - int c_val; + char *c_name; + int c_val; } CODE; static CODE eight_priority[] = { @@ -31,20 +31,16 @@ { "warning", LOG_WARNING }, { "notice", LOG_NOTICE }, { "info", LOG_INFO }, - { "debug", LOG_DEBUG }, - { NULL, -1 } + { "debug", LOG_DEBUG } }; static int name_to_loglevel(char* arg) { - int i = 0, c_val = eight_priority[0].c_val; + int i; - while (c_val != -1) { + for (i = 0; i < 8; i++) if (!strcmp(arg, eight_priority[i].c_name)) - return c_val; - i++; - c_val = eight_priority[i].c_val; - } + return eight_priority[i].c_val; // return bad loglevel return 9; } @@ -100,7 +96,7 @@ unsigned int *flags, struct ebt_entry_watcher **watcher) { struct ebt_log_info *loginfo = (struct ebt_log_info *)(*watcher)->data; - int i; + long int i; char *end; switch (c) { @@ -143,7 +139,7 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watcher, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { return; } @@ -186,10 +182,9 @@ final_check, print, compare, - opts, + opts }; -#undef _init static void _init(void) __attribute__ ((constructor)); static void _init(void) { --- ebtables-v2.0-rc1/extensions/ebt_standard.c Thu Jun 27 18:53:55 2002 +++ ebtables-v2.0-rc2/extensions/ebt_standard.c Sat Aug 24 15:31:50 2002 @@ -1,6 +1,5 @@ #include #include -#include #include #include "../include/ebtables_u.h" @@ -11,7 +10,8 @@ static void print_help() { - printf("Standard targets: DROP, ACCEPT and CONTINUE\n"); + printf("Standard targets: DROP, ACCEPT, RETURN or CONTINUE;\n" + "The target can also be a user defined chain.\n"); } static void init(struct ebt_entry_target *t) @@ -27,11 +27,12 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { } struct ebt_u_entries *nr_to_chain(int nr); + static void print(const struct ebt_u_entry *entry, const struct ebt_entry_target *target) { @@ -53,7 +54,7 @@ else if (verdict == EBT_RETURN) printf("RETURN "); else - print_error("BUG: Bad standard target"); // this is a bug + print_bug("Bad standard target"); } static int compare(const struct ebt_entry_target *t1, --- ebtables-v2.0-rc1/extensions/ebtable_filter.c Thu Jun 27 18:53:55 2002 +++ ebtables-v2.0-rc2/extensions/ebtable_filter.c Tue Aug 13 13:00:12 2002 @@ -1,6 +1,4 @@ #include -#include -#include #include "../include/ebtables_u.h" #define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \ --- ebtables-v2.0-rc1/extensions/ebtable_nat.c Thu Jun 27 18:53:55 2002 +++ ebtables-v2.0-rc2/extensions/ebtable_nat.c Tue Aug 13 12:59:14 2002 @@ -1,5 +1,4 @@ #include -#include #include "../include/ebtables_u.h" #define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \ --- ebtables-v2.0-rc1/extensions/ebt_mark.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/extensions/ebt_mark.c Sat Aug 24 15:30:09 2002 @@ -1,21 +1,17 @@ #include #include #include -#include -#include #include #include "../include/ebtables_u.h" #include -extern char *standard_targets[NUM_STANDARD_TARGETS]; +static int mark_supplied; -int mark_supplied; - -#define MARK_TARGET '1' +#define MARK_TARGET '1' #define MARK_SETMARK '2' static struct option opts[] = { - { "mark-target" , required_argument, 0, MARK_TARGET }, + { "mark-target" , required_argument, 0, MARK_TARGET }, { "set-mark" , required_argument, 0, MARK_SETMARK }, { 0 } }; @@ -24,8 +20,8 @@ { printf( "mark target options:\n" - " --set-mark value : Set nfmark value\n" - " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n"); + " --set-mark value : Set nfmark value\n" + " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n"); } static void init(struct ebt_entry_target *target) @@ -36,16 +32,14 @@ markinfo->target = EBT_ACCEPT; markinfo->mark = 0; mark_supplied = 0; - return; } -#define OPT_MARK_TARGET 0x01 +#define OPT_MARK_TARGET 0x01 #define OPT_MARK_SETMARK 0x02 static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_mark_t_info *markinfo = (struct ebt_mark_t_info *)(*target)->data; char *end; @@ -53,12 +47,7 @@ switch (c) { case MARK_TARGET: check_option(flags, OPT_MARK_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - markinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, markinfo->target)) print_error("Illegal --mark-target target"); break; case MARK_SETMARK: @@ -76,14 +65,14 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { struct ebt_mark_t_info *markinfo = (struct ebt_mark_t_info *)target->data; if (time == 0 && mark_supplied == 0) print_error("No mark value supplied"); - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && markinfo->target == EBT_RETURN) + if (BASE_CHAIN && markinfo->target == EBT_RETURN) print_error("--mark-target RETURN not allowed on base chain"); } @@ -96,8 +85,7 @@ printf("--set-mark 0x%lx", markinfo->mark); if (markinfo->target == EBT_ACCEPT) return; - printf(" --mark-target %s", - standard_targets[-markinfo->target - 1]); + printf(" --mark-target %s", TARGET_NAME(markinfo->target)); } static int compare(const struct ebt_entry_target *t1, @@ -122,7 +110,7 @@ final_check, print, compare, - opts, + opts }; static void _init(void) __attribute__ ((constructor)); --- ebtables-v2.0-rc1/extensions/ebt_mark_m.c Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/extensions/ebt_mark_m.c Sat Aug 24 15:30:26 2002 @@ -1,6 +1,5 @@ #include #include -#include #include #include #include "../include/ebtables_u.h" @@ -25,9 +24,9 @@ { struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)match->data; - markinfo->mark = 0; - markinfo->mask = 0; - markinfo->invert = 0; + markinfo->mark = 0; + markinfo->mask = 0; + markinfo->invert = 0; markinfo->bitmask = 0; } @@ -65,7 +64,7 @@ static void final_check(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, const char *name, - unsigned int hook_mask, unsigned int time) + unsigned int hookmask, unsigned int time) { } @@ -113,7 +112,7 @@ final_check, print, compare, - opts, + opts }; static void _init(void) __attribute((constructor)); --- ebtables-v2.0-rc1/ChangeLog Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/ChangeLog Fri Aug 30 22:40:11 2002 @@ -1,3 +1,10 @@ +20020830 + * updated the kernel files for 2.4.20-pre5 and 2.5.32 + * last big cleanup of kernel and userspace code just finished +20020820 + * ARP module bugfix + * IP module bugfix + * nat module bugfix 20020730 * other things done before 2.0-rc1 that I can think of, including kernel: --- ebtables-v2.0-rc1/ebtables.8 Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/ebtables.8 Sun Aug 11 14:00:57 2002 @@ -1,4 +1,4 @@ -.TH EBTABLES 8 "23 July 2002" +.TH EBTABLES 8 "11 August 2002" .\" .\" Man page written by Bart De Schuymer .\" It is based on the iptables man page. @@ -21,7 +21,7 @@ .\" .\" .SH NAME -ebtables (v.2.0) \- Ethernet bridge packet table administration +ebtables (v.2.0) \- Ethernet bridge frame table administration .SH SYNOPSIS .BR "ebtables -[ADI] " "chain rule-specification " [ options ] .br @@ -33,10 +33,6 @@ .br .BR "ebtables -E " "old-chain-name new-chain-name" .br -.B "ebtables -L DB" -.br -.BR "ebtables -[b] [" "y/n" "]" -.br .BR "ebtables --init-table" .br .BR "ebtables --atomic-init " file @@ -147,18 +143,9 @@ .TP .B "-L, --list" List all rules in the selected chain. If no chain is selected, all chains -are listed. If the chainname equals -.BR DB , -.B ebtables -will try to show the database. This database gives a survey of the kind of -frames that pass the different bridge hooks. It uses the interfaces where -the frame came in or will go out, the protocol field and the hook. This -database is independent from the rest of -.B ebtables -and is in a different kernel module. +are listed. .br -The following three options change the output when not listing the -database: +The following three options change the output: .br .B "--Ln" .br @@ -196,7 +183,8 @@ .BR DROP . .TP .B "-N, --new-chain" -Create a new user-defined chain by the given name. +Create a new user-defined chain by the given name. The number of +user-defined chains is unlimited. A chain name has max length of 31. .TP .B "-X, --delete-chain" Delete the specified user-defined chain. There must be no references to the @@ -335,16 +323,15 @@ .B ebtables will try to write help about those extensions. E.g. ebtables -h snat log ip arp. .TP -.BR "-b --db " [ "y/n" ] -Enable (y) or disable (n) the database. -.TP .BR "-j, --jump " "\fItarget\fP" The target of the rule. This is one of the following values: .BR ACCEPT , .BR DROP , .BR CONTINUE , -or a target extension, see -.BR "TARGET EXTENSIONS" . +.BR RETURN , +a target extension (see +.BR "TARGET EXTENSIONS" ")" +or a user defined chain name. .TP .B --atomic file Let the command operate on the specified file. The data of the table to --- ebtables-v2.0-rc1/ethertypes Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/ethertypes Sun Aug 11 18:55:35 2002 @@ -5,28 +5,28 @@ # always put tabs or spaces between the name and the protocol number # anything on a line after the protocol number is ignored # programs using this file should not be case sensitive -IPv4 0800 -X25 0805 -ARP 0806 -802_1Q 8100 802.1Q Virtual LAN tagged frame -IPX 8137 -IPv6 86DD -NetBEUI 8191 -BPQ 08FF G8BPQ AX.25 Ethernet Packet -DEC 6000 DEC Assigned proto -DNA_DL 6001 DEC DNA Dump/Load -DNA_RC 6002 DEC DNA Remote Console -DNA_RT 6003 DEC DNA Routing -LAT 6004 DEC LAT -DIAG 6005 DEC Diagnostics -CUST 6006 DEC Customer use -SCA 6007 DEC Systems Comms Arch -RARP 8035 Reverse Addr Res packet -ATALK 809B Appletalk DDP -AARP 80F3 Appletalk AARP -IPX 8137 IPX over DIX +IPv4 0800 +X25 0805 +ARP 0806 +802_1Q 8100 802.1Q Virtual LAN tagged frame +IPX 8137 +IPv6 86DD +NetBEUI 8191 +BPQ 08FF G8BPQ AX.25 Ethernet Packet +DEC 6000 DEC Assigned proto +DNA_DL 6001 DEC DNA Dump/Load +DNA_RC 6002 DEC DNA Remote Console +DNA_RT 6003 DEC DNA Routing +LAT 6004 DEC LAT +DIAG 6005 DEC Diagnostics +CUST 6006 DEC Customer use +SCA 6007 DEC Systems Comms Arch +RARP 8035 Reverse Addr Res packet +ATALK 809B Appletalk DDP +AARP 80F3 Appletalk AARP +IPX 8137 IPX over DIX PPP_DISC 8863 PPPoE discovery messages -PPP_SES 8864 PPPoE session messages -ATMMPOA 884C MultiProtocol over ATM -ATMFATE 8884 Frame-based ATM Transport over Ethernet -LOOP 9000 +PPP_SES 8864 PPPoE session messages +ATMMPOA 884C MultiProtocol over ATM +ATMFATE 8884 Frame-based ATM Transport over Ethernet +LOOP 9000 --- ebtables-v2.0-rc1/include/ebtables_u.h Wed Jul 31 21:55:02 2002 +++ ebtables-v2.0-rc2/include/ebtables_u.h Thu Aug 29 18:58:36 2002 @@ -23,8 +23,8 @@ #ifndef EBTABLES_U_H #define EBTABLES_U_H +#include #include -#include struct ebt_u_entries { @@ -75,7 +75,7 @@ struct ebt_u_table { char name[EBT_TABLE_MAXNAMELEN]; - int (*check)(struct ebt_u_replace *repl); + void (*check)(struct ebt_u_replace *repl); void (*help)(char **); struct ebt_u_table *next; }; @@ -96,7 +96,7 @@ { unsigned int bitmask; unsigned int invflags; - __u16 ethproto; + uint16_t ethproto; char in[IFNAMSIZ]; char logical_in[IFNAMSIZ]; char out[IFNAMSIZ]; @@ -114,7 +114,7 @@ struct ebt_u_match { char name[EBT_FUNCTION_MAXNAMELEN]; - // size of the real match data + sizeof struct ebt_match + // size of the real match data unsigned int size; void (*help)(void); void (*init)(struct ebt_entry_match *m); @@ -123,7 +123,7 @@ struct ebt_entry_match **match); void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_match *match, - const char *name, unsigned int hook_mask, unsigned int time); + const char *name, unsigned int hookmask, unsigned int time); void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_match *match); int (*compare)(const struct ebt_entry_match *m1, @@ -150,7 +150,7 @@ struct ebt_entry_watcher **watcher); void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watch, const char *name, - unsigned int hook_mask, unsigned int time); + unsigned int hookmask, unsigned int time); void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_watcher *watcher); int (*compare)(const struct ebt_entry_watcher *w1, @@ -174,7 +174,7 @@ struct ebt_entry_target **target); void (*final_check)(const struct ebt_u_entry *entry, const struct ebt_entry_target *target, const char *name, - unsigned int hook_mask, unsigned int time); + unsigned int hookmask, unsigned int time); void (*print)(const struct ebt_u_entry *entry, const struct ebt_entry_target *target); int (*compare)(const struct ebt_entry_target *t1, @@ -198,21 +198,17 @@ struct ebt_u_table *find_table(char *name); void deliver_counters(struct ebt_u_replace *repl); void deliver_table(struct ebt_u_replace *repl); -void get_dbinfo(struct brdb_dbinfo *nr); -void get_db(int len, struct brdb_dbentry *db); -void deliver_allowdb(__u16 *decision); -int name_to_number(char *name, __u16 *proto); +int name_to_number(char *name, uint16_t *proto); int number_to_name(unsigned short proto, char *name); void check_option(unsigned int *flags, unsigned int mask); int check_inverse(const char option[]); +void __print_bug(char *file, int line, char *format, ...); #define print_bug(format, args...) \ - {printf("BUG: "format".\n", ##args); exit(-1);} + __print_bug(__FILE__, __LINE__, format, ##args) #define print_error(format, args...) {printf(format".\n", ##args); exit(-1);} #define print_memory() {printf("Ebtables: " __FILE__ " " __FUNCTION__ \ " %d :Out of memory.\n", __LINE__); exit(-1);} - - // used for keeping the rule counters right during rule adds or deletes #define CNT_NORM 0 #define CNT_DEL 1 @@ -220,4 +216,27 @@ #define CNT_END 3 #define CNT_ZERO 4 +extern char *standard_targets[NUM_STANDARD_TARGETS]; +// Transforms a target string into the right integer, +// returns 0 on success. +#define FILL_TARGET(_str, _pos) ({ \ + int _i, _ret = 0; \ + for (_i = 0; _i < NUM_STANDARD_TARGETS; _i++) \ + if (!strcmp(_str, standard_targets[_i])) {\ + _pos = -_i - 1; \ + break; \ + } \ + if (_i == NUM_STANDARD_TARGETS) \ + _ret = 1; \ + _ret; \ +}) + +// Transforms the target value to an index into standard_targets[] +#define TARGET_INDEX(_value) (-_value - 1) +// Returns a target string corresponding to the value +#define TARGET_NAME(_value) (standard_targets[TARGET_INDEX(_value)]) +// True if the hook mask denotes that the rule is in a base chain +#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS)) +// Clear the bit in the hook_mask that tells if the rule is on a base chain +#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS)) #endif /* EBTABLES_U_H */