Gitiles
Code Review Sign In
gerrit-public.fairphone.software / external / ebtables / cc02d5675e448c68ac14960a9d225dde8bd695e5 / . / kernel / patches / incremental-patches / ebtables-v2.0_vs_2.4.18.pre7.001.diff
blob: edfe98365c65f1c407deba1376f8809e42ab135c [file] [log] [blame]
diff -Naur linux-2.4.18-br-nf-ebt/include/linux/netfilter_bridge/ebt_vlan.h linux/include/linux/netfilter_bridge/ebt_vlan.h
--- linux-2.4.18-br-nf-ebt/include/linux/netfilter_bridge/ebt_vlan.h Thu Jan 1 03:00:00 1970
+++ linux/include/linux/netfilter_bridge/ebt_vlan.h Tue May 21 21:04:15 2002
@@ -0,0 +1,18 @@
+#ifndef __LINUX_BRIDGE_EBT_VLAN_H
+#define __LINUX_BRIDGE_EBT_VLAN_H
+
+#define EBT_VLAN_ID 0x01
+#define EBT_VLAN_PRIO 0x02
+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO)
+#define EBT_VLAN_MATCH "vlan"
+
+struct ebt_vlan_info {
+ __u16 id; /* VLAN ID {1-4095} */
+ __u16 prio; /* VLAN Priority {0-7} */
+ __u8 bitmask; /* Args bitmask bit 1=1 - ID arg,
+ bit 2=1 - Pirority arg */
+ __u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
+ bit 2=1 - inversed Pirority arg */
+};
+
+#endif
diff -Naur linux-2.4.18-br-nf-ebt/net/bridge/netfilter/Config.in linux/net/bridge/netfilter/Config.in
--- linux-2.4.18-br-nf-ebt/net/bridge/netfilter/Config.in Tue May 28 19:20:41 2002
+++ linux/net/bridge/netfilter/Config.in Tue May 28 19:22:22 2002
@@ -8,6 +8,7 @@
dep_tristate ' ebt: LOG support' CONFIG_BRIDGE_EBT_LOG $CONFIG_BRIDGE_EBT
dep_tristate ' ebt: IP filter support' CONFIG_BRIDGE_EBT_IPF $CONFIG_BRIDGE_EBT
dep_tristate ' ebt: ARP filter support' CONFIG_BRIDGE_EBT_ARPF $CONFIG_BRIDGE_EBT
+dep_tristate ' ebt: 802.1Q VLAN filter support (EXPERIMENTAL)' CONFIG_BRIDGE_EBT_VLANF $CONFIG_BRIDGE_EBT
dep_tristate ' ebt: nat target support' CONFIG_BRIDGE_EBT_NAT $CONFIG_BRIDGE_EBT
dep_tristate ' ebt: redirect target support' CONFIG_BRIDGE_EBT_REDIRECT $CONFIG_BRIDGE_EBT
dep_tristate ' Bridge: ethernet database' CONFIG_BRIDGE_DB $CONFIG_BRIDGE
diff -Naur linux-2.4.18-br-nf-ebt/net/bridge/netfilter/Makefile linux/net/bridge/netfilter/Makefile
--- linux-2.4.18-br-nf-ebt/net/bridge/netfilter/Makefile Tue May 28 19:20:41 2002
+++ linux/net/bridge/netfilter/Makefile Thu May 30 11:21:10 2002
@@ -18,6 +18,7 @@
obj-$(CONFIG_BRIDGE_DB) += br_db.o
obj-$(CONFIG_BRIDGE_EBT_IPF) += ebt_ip.o
obj-$(CONFIG_BRIDGE_EBT_ARPF) += ebt_arp.o
+obj-$(CONFIG_BRIDGE_EBT_VLANF) += ebt_vlan.o
obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o
obj-$(CONFIG_BRIDGE_EBT_NAT) += ebt_nat.o
obj-$(CONFIG_BRIDGE_EBT_REDIRECT) += ebt_redirect.o
diff -Naur linux-2.4.18-br-nf-ebt/net/bridge/netfilter/ebt_vlan.c linux/net/bridge/netfilter/ebt_vlan.c
--- linux-2.4.18-br-nf-ebt/net/bridge/netfilter/ebt_vlan.c Thu Jan 1 03:00:00 1970
+++ linux/net/bridge/netfilter/ebt_vlan.c Wed May 29 11:48:38 2002
@@ -0,0 +1,124 @@
+/*
+ * ebt_vlan kernelspace
+ *
+ * Authors:
+ * Bart De Schuymer <bart.de.schuymer@pandora.be>
+ * Nick Fedchik <nick@fedchik.org.ua>
+ *
+ * May, 2002
+ */
+
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_vlan.h>
+#include <linux/if_vlan.h>
+#include <linux/if_ether.h>
+#include <linux/module.h>
+
+static unsigned char debug;
+MODULE_PARM (debug, "0-1b");
+MODULE_PARM_DESC (debug, "debug=1 is turn on debug messages");
+
+static int ebt_filter_vlan (const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *data,
+ unsigned int datalen,
+ const struct ebt_counter *c)
+{
+ struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data;
+ struct vlan_ethhdr *vlanethhdr =
+ (struct vlan_ethhdr *) skb->mac.raw;
+ unsigned short v_id;
+ unsigned short v_prio;
+
+ /*
+ * Calculate 802.1Q VLAN ID and Priority
+ * Reserved one bit (13) for CFI
+ */
+ v_id = ntohs ((unsigned short) vlanethhdr->h_vlan_TCI) & 0xFFF;
+ v_prio = ntohs ((unsigned short) vlanethhdr->h_vlan_TCI) >> 13;
+
+ /*
+ * Checking VLANs
+ */
+ if (infostuff->bitmask & EBT_VLAN_ID) { /* Is VLAN ID parsed? */
+ if (!((infostuff->id == v_id)
+ ^ !!(infostuff->invflags & EBT_VLAN_ID)))
+ return 1;
+ if (debug)
+ printk (KERN_DEBUG
+ "ebt_vlan: matched ID=%s%d (mask=%X)\n",
+ (infostuff->invflags & EBT_VLAN_ID) ? "!" : "",
+ infostuff->id,
+ (unsigned char) infostuff->bitmask);
+ }
+ /*
+ * Checking Priority
+ */
+ if (infostuff->bitmask & EBT_VLAN_PRIO) { /* Is VLAN Prio parsed? */
+ if (!( (infostuff->prio == v_prio)
+ ^ !!(infostuff->invflags & EBT_VLAN_PRIO)))
+ return 1; /* missed */
+ if (debug)
+ printk (KERN_DEBUG
+ "ebt_vlan: matched Prio=%s%d (mask=%X)\n",
+ (infostuff->invflags & EBT_VLAN_PRIO) ? "!" : "",
+ infostuff->prio,
+ (unsigned char) infostuff->bitmask);
+ }
+ /*
+ * rule matched
+ */
+ return 0;
+}
+
+/*
+ * ebt_vlan_check() is called when userspace delivers the table to the kernel,
+ * * it is called to check that userspace doesn't give a bad table.
+ */
+static int ebt_vlan_check (const char *tablename, unsigned int hooknr,
+ const struct ebt_entry *e, void *data,
+ unsigned int datalen)
+{
+ struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data;
+
+ if (datalen != sizeof (struct ebt_vlan_info))
+ return -EINVAL;
+
+ if (e->ethproto != __constant_htons (ETH_P_8021Q))
+ return -EINVAL;
+
+ if (infostuff->bitmask & ~EBT_VLAN_MASK) {
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static struct ebt_match filter_vlan = {
+ {NULL, NULL}, EBT_VLAN_MATCH, ebt_filter_vlan, ebt_vlan_check,
+ NULL,
+ THIS_MODULE
+};
+
+static int __init init (void)
+{
+ printk (KERN_INFO
+ "ebt_vlan: 802.1Q VLAN matching module for EBTables\n");
+ if (debug)
+ printk (KERN_DEBUG
+ "ebt_vlan: 802.1Q matching debug is on\n");
+ return ebt_register_match (&filter_vlan);
+}
+
+static void __exit fini (void)
+{
+ ebt_unregister_match (&filter_vlan);
+}
+
+module_init (init);
+module_exit (fini);
+EXPORT_NO_SYMBOLS;
+MODULE_AUTHOR ("Nick Fedchik <nick@fedchik.org.ua>");
+MODULE_DESCRIPTION ("802.1Q VLAN matching module for ebtables, v0.1");
+MODULE_LICENSE ("GPL");