From b1cdae87f25021eb835872d86d6e7206bd421c3f Mon Sep 17 00:00:00 2001 From: Bernie Harris Date: Wed, 21 Mar 2018 15:42:29 +1300 Subject: extensions: Add string filter to ebtables This patch is part of a proposal to add a string filter to ebtables, which would be similar to the string filter in iptables. Like iptables, the ebtables filter uses the xt_string module, however some modifications have been made for this to work correctly. Currently ebtables assumes that the revision number of all match modules is 0. The xt_string module doesn't register a match with revision 0 so the solution is to modify ebtables to allow extensions to specify a revision number, similar to iptables. This gets passed down to the kernel, which is then able to find the match module correctly. Signed-off-by: Bernie Harris Signed-off-by: Pablo Neira Ayuso --- libebtc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'libebtc.c') diff --git a/libebtc.c b/libebtc.c index d474248..92fd764 100644 --- a/libebtc.c +++ b/libebtc.c @@ -272,6 +272,7 @@ void ebt_reinit_extensions() if (!m->m) ebt_print_memory(); strcpy(m->m->u.name, m->name); + m->m->u.revision = m->revision; m->m->match_size = EBT_ALIGN(m->size); m->used = 0; } @@ -550,8 +551,10 @@ int ebt_check_rule_exists(struct ebt_u_replace *replace, while (m_l) { m = (struct ebt_u_match *)(m_l->m); m_l2 = u_e->m_list; - while (m_l2 && strcmp(m_l2->m->u.name, m->m->u.name)) + while (m_l2 && (strcmp(m_l2->m->u.name, m->m->u.name) || + m_l2->m->u.revision != m->m->u.revision)) { m_l2 = m_l2->next; + } if (!m_l2 || !m->compare(m->m, m_l2->m)) goto letscontinue; j++; @@ -1209,6 +1212,7 @@ void ebt_register_match(struct ebt_u_match *m) if (!m->m) ebt_print_memory(); strcpy(m->m->u.name, m->name); + m->m->u.revision = m->revision; m->m->match_size = EBT_ALIGN(m->size); m->init(m->m); -- cgit v1.2.3