From b1cdae87f25021eb835872d86d6e7206bd421c3f Mon Sep 17 00:00:00 2001
From: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Date: Wed, 21 Mar 2018 15:42:29 +1300
Subject: extensions: Add string filter to ebtables

This patch is part of a proposal to add a string filter to
ebtables, which would be similar to the string filter in
iptables.

Like iptables, the ebtables filter uses the xt_string module,
however some modifications have been made for this to work
correctly.

Currently ebtables assumes that the revision number of all match
modules is 0. The xt_string module doesn't register a match with
revision 0 so the solution is to modify ebtables to allow
extensions to specify a revision number, similar to iptables.
This gets passed down to the kernel, which is then able to find
the match module correctly.

Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/ebtables.h   | 16 +++++++++++++---
 include/ebtables_u.h |  1 +
 2 files changed, 14 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/ebtables.h b/include/ebtables.h
index 8f520c6..9bbedbb 100644
--- a/include/ebtables.h
+++ b/include/ebtables.h
@@ -20,6 +20,7 @@
 #define EBT_TABLE_MAXNAMELEN 32
 #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
 #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+#define EBT_EXTENSION_MAXNAMELEN 31
 
 /* verdicts >0 are "branches" */
 #define EBT_ACCEPT   -1
@@ -113,7 +114,10 @@ struct ebt_entries {
 struct ebt_entry_match
 {
 	union {
-		char name[EBT_FUNCTION_MAXNAMELEN];
+		struct {
+			char name[EBT_EXTENSION_MAXNAMELEN];
+			uint8_t revision;
+		};
 		struct ebt_match *match;
 	} u;
 	/* size of data */
@@ -127,7 +131,10 @@ struct ebt_entry_match
 struct ebt_entry_watcher
 {
 	union {
-		char name[EBT_FUNCTION_MAXNAMELEN];
+		struct {
+			char name[EBT_EXTENSION_MAXNAMELEN];
+			uint8_t revision;
+		};
 		struct ebt_watcher *watcher;
 	} u;
 	/* size of data */
@@ -141,7 +148,10 @@ struct ebt_entry_watcher
 struct ebt_entry_target
 {
 	union {
-		char name[EBT_FUNCTION_MAXNAMELEN];
+		struct {
+			char name[EBT_EXTENSION_MAXNAMELEN];
+			uint8_t revision;
+		};
 		struct ebt_target *target;
 	} u;
 	/* size of data */
diff --git a/include/ebtables_u.h b/include/ebtables_u.h
index 17afa94..c858996 100644
--- a/include/ebtables_u.h
+++ b/include/ebtables_u.h
@@ -144,6 +144,7 @@ struct ebt_u_entry
 struct ebt_u_match
 {
 	char name[EBT_FUNCTION_MAXNAMELEN];
+	uint8_t revision;
 	/* size of the real match data */
 	unsigned int size;
 	void (*help)(void);
-- 
cgit v1.2.3