Gitiles
Code Review Sign In
gerrit-public.fairphone.software / external / ebtables / cc02d5675e448c68ac14960a9d225dde8bd695e5 / . / userspace / patches / incremental-patches / ebtables-v2.0pre3.004.diff
blob: 9a3bc671ced0a3be5d4f0e137861a43edb0dcb9a [file] [log] [blame]
--- ebtables-v2.0pre3.003/ebtables.c Sat Apr 27 16:57:47 2002
+++ ebtables-v2.0pre3.004/ebtables.c Wed Apr 24 19:47:02 2002
@@ -63,8 +63,8 @@
{ "policy" , required_argument, 0, 'P' },
{ "in-interface" , required_argument, 0, 'i' },
{ "in-if" , required_argument, 0, 'i' },
- { "logical-in" , required_argument, 0, 1 },
- { "logical-out" , required_argument, 0, 2 },
+ { "logical-in" , required_argument, 0, 2 },
+ { "logical-out" , required_argument, 0, 3 },
{ "out-interface" , required_argument, 0, 'o' },
{ "out-if" , required_argument, 0, 'o' },
{ "version" , no_argument , 0, 'V' },
@@ -155,6 +155,8 @@
e->ethproto = 0;
strcpy(e->in, "");
strcpy(e->out, "");
+ strcpy(e->logical_in, "");
+ strcpy(e->logical_out, "");
e->m_list = NULL;
e->w_list = NULL;
// the init function of the standard target should have put the verdict
@@ -1278,9 +1280,9 @@
break;
case 'i': // input interface
- case 1 : // logical input interface
+ case 2 : // logical input interface
case 'o': // output interface
- case 2 : // logical output interface
+ case 3 : // logical output interface
case 'j': // target
case 'p': // net family protocol
case 's': // source mac
@@ -1306,7 +1308,7 @@
strcpy(new_entry->in, argv[optind - 1]);
break;
}
- if (c == 1) {
+ if (c == 2) {
check_option(&replace.flags, OPT_LOGICALIN);
if (replace.selected_hook > 2)
print_error("Use logical in-interface "
@@ -1342,7 +1344,7 @@
strcpy(new_entry->out, argv[optind - 1]);
break;
}
- if (c == 2) {
+ if (c == 3) {
check_option(&replace.flags, OPT_LOGICALOUT);
if (replace.selected_hook < 2)
print_error("Use logical out-interface "
--- /dev/null Thu Aug 24 11:00:32 2000
+++ ebtables-v2.0pre3.004/extensions/ebt_redirect.c Sat Apr 27 17:18:16 2002
@@ -0,0 +1,109 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <linux/netfilter_bridge/ebtables.h>
+#include <getopt.h>
+#include "../include/ebtables_u.h"
+#include <linux/netfilter_bridge/ebt_redirect.h>
+
+extern char *standard_targets[NUM_STANDARD_TARGETS];
+
+#define REDIRECT_TARGET '1'
+static struct option opts[] =
+{
+ { "redirect-target" , required_argument, 0, REDIRECT_TARGET },
+ { 0 }
+};
+
+static void print_help()
+{
+ printf(
+ "redirect option:\n"
+ " --redirect-target target : ACCEPT, DROP or CONTINUE\n");
+}
+
+static void init(struct ebt_entry_target *target)
+{
+ struct ebt_redirect_info *redirectinfo =
+ (struct ebt_redirect_info *)target->data;
+
+ redirectinfo->target = EBT_ACCEPT;
+ return;
+}
+
+
+#define OPT_REDIRECT_TARGET 0x01
+static int parse(int c, char **argv, int argc,
+ const struct ebt_u_entry *entry, unsigned int *flags,
+ struct ebt_entry_target **target)
+{
+ int i;
+ struct ebt_redirect_info *redirectinfo =
+ (struct ebt_redirect_info *)(*target)->data;
+
+ switch (c) {
+ case REDIRECT_TARGET:
+ check_option(flags, OPT_REDIRECT_TARGET);
+ for (i = 0; i < NUM_STANDARD_TARGETS; i++)
+ if (!strcmp(optarg, standard_targets[i])) {
+ redirectinfo->target = i;
+ break;
+ }
+ if (i == NUM_STANDARD_TARGETS)
+ print_error("Illegal --redirect-target target");
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+static void final_check(const struct ebt_u_entry *entry,
+ const struct ebt_entry_target *target, const char *name, unsigned int hook)
+{
+ if ( (hook != NF_BR_PRE_ROUTING || strcmp(name, "nat")) &&
+ (hook != NF_BR_BROUTING || strcmp(name, "broute")) )
+ print_error("Wrong chain for redirect");
+}
+
+static void print(const struct ebt_u_entry *entry,
+ const struct ebt_entry_target *target)
+{
+ struct ebt_redirect_info *redirectinfo =
+ (struct ebt_redirect_info *)target->data;
+
+ printf("redirect");
+ printf(" --redirect-target %s", standard_targets[redirectinfo->target]);
+}
+
+static int compare(const struct ebt_entry_target *t1,
+ const struct ebt_entry_target *t2)
+{
+ struct ebt_redirect_info *redirectinfo1 =
+ (struct ebt_redirect_info *)t1->data;
+ struct ebt_redirect_info *redirectinfo2 =
+ (struct ebt_redirect_info *)t2->data;
+
+ return redirectinfo1->target == redirectinfo2->target;
+}
+
+static struct ebt_u_target redirect_target =
+{
+ EBT_REDIRECT_TARGET,
+ sizeof(struct ebt_redirect_info),
+ print_help,
+ init,
+ parse,
+ final_check,
+ print,
+ compare,
+ opts,
+};
+
+static void _init(void) __attribute__ ((constructor));
+static void _init(void)
+{
+ register_target(&redirect_target);
+}
--- ebtables-v2.0pre3.003/extensions/ebt_nat.c Sat Apr 27 16:57:41 2002
+++ ebtables-v2.0pre3.004/extensions/ebt_nat.c Sat Apr 27 17:16:19 2002
@@ -8,54 +8,71 @@
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_nat.h>
+extern char *standard_targets[NUM_STANDARD_TARGETS];
+
int to_source_supplied, to_dest_supplied;
#define NAT_S '1'
#define NAT_D '1'
+#define NAT_S_TARGET '2'
+#define NAT_D_TARGET '2'
static struct option opts_s[] =
{
{ "to-source" , required_argument, 0, NAT_S },
{ "to-src" , required_argument, 0, NAT_S },
- { 0 },
+ { "snat-target" , required_argument, 0, NAT_S_TARGET },
+ { 0 }
};
static struct option opts_d[] =
{
{ "to-destination", required_argument, 0, NAT_D },
{ "to-dst" , required_argument, 0, NAT_D },
+ { "dnat-target" , required_argument, 0, NAT_D_TARGET },
{ 0 }
};
static void print_help_s()
{
printf(
- "snat option:\n"
- " --to-src address : MAC address to map source to\n");
+ "snat options:\n"
+ " --to-src address : MAC address to map source to\n"
+ " --snat-target target : ACCEPT, DROP or CONTINUE\n");
}
static void print_help_d()
{
printf(
- "dnat option:\n"
- " --to-dst address : MAC address to map destination to\n");
+ "dnat options:\n"
+ " --to-dst address : MAC address to map destination to\n"
+ " --dnat-target target : ACCEPT, DROP or CONTINUE\n");
}
static void init_s(struct ebt_entry_target *target)
{
+ struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
+
to_source_supplied = 0;
+ natinfo->target = EBT_ACCEPT;
return;
}
static void init_d(struct ebt_entry_target *target)
{
+ struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
+
to_dest_supplied = 0;
+ natinfo->target = EBT_ACCEPT;
+ return;
}
-#define OPT_SNAT 0x01
+#define OPT_SNAT 0x01
+#define OPT_SNAT_TARGET 0x02
static int parse_s(int c, char **argv, int argc,
const struct ebt_u_entry *entry, unsigned int *flags,
struct ebt_entry_target **target)
{
+ int i;
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data;
switch (c) {
@@ -65,17 +82,29 @@
if (getmac(optarg, natinfo->mac))
print_error("Problem with specified to-source mac");
break;
+ case NAT_S_TARGET:
+ check_option(flags, OPT_SNAT_TARGET);
+ for (i = 0; i < NUM_STANDARD_TARGETS; i++)
+ if (!strcmp(optarg, standard_targets[i])) {
+ natinfo->target = i;
+ break;
+ }
+ if (i == NUM_STANDARD_TARGETS)
+ print_error("Illegal --snat-target target");
+ break;
default:
- return 0;
+ return 0;
}
return 1;
}
-#define OPT_DNAT 0x01
+#define OPT_DNAT 0x01
+#define OPT_DNAT_TARGET 0x02
static int parse_d(int c, char **argv, int argc,
const struct ebt_u_entry *entry, unsigned int *flags,
struct ebt_entry_target **target)
{
+ int i;
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data;
switch (c) {
@@ -86,8 +115,18 @@
print_error("Problem with specified "
"to-destination mac");
break;
+ case NAT_D_TARGET:
+ check_option(flags, OPT_DNAT_TARGET);
+ for (i = 0; i < NUM_STANDARD_TARGETS; i++)
+ if (!strcmp(optarg, standard_targets[i])) {
+ natinfo->target = i;
+ break;
+ }
+ if (i == NUM_STANDARD_TARGETS)
+ print_error("Illegal --dnat-target target");
+ break;
default:
- return 0;
+ return 0;
}
return 1;
}
@@ -96,18 +135,18 @@
const struct ebt_entry_target *target, const char *name, unsigned int hook)
{
if (hook != NF_BR_POST_ROUTING || strcmp(name, "nat"))
- print_error("Wrong chain for SNAT");
+ print_error("Wrong chain for snat");
if (to_source_supplied == 0)
print_error("No snat address supplied");
-
}
static void final_check_d(const struct ebt_u_entry *entry,
const struct ebt_entry_target *target, const char *name, unsigned int hook)
{
- if ( (hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) ||
- strcmp(name, "nat") )
- print_error("Wrong chain for DNAT");
+ if ( ((hook != NF_BR_PRE_ROUTING && hook != NF_BR_LOCAL_OUT) ||
+ strcmp(name, "nat")) &&
+ (hook != NF_BR_BROUTING || strcmp(name, "broute")) )
+ print_error("Wrong chain for dnat");
if (to_dest_supplied == 0)
print_error("No dnat address supplied");
}
@@ -122,6 +161,7 @@
for (i = 0; i < ETH_ALEN; i++)
printf("%02x%s",
natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":");
+ printf(" --snat-target %s", standard_targets[natinfo->target]);
}
static void print_d(const struct ebt_u_entry *entry,
@@ -134,6 +174,7 @@
for (i = 0; i < ETH_ALEN; i++)
printf("%02x%s",
natinfo->mac[i], (i == ETH_ALEN - 1) ? "" : ":");
+ printf(" --dnat-target %s", standard_targets[natinfo->target]);
}
static int compare(const struct ebt_entry_target *t1,
@@ -142,13 +183,15 @@
struct ebt_nat_info *natinfo1 = (struct ebt_nat_info *)t1->data;
struct ebt_nat_info *natinfo2 = (struct ebt_nat_info *)t2->data;
- return !memcmp(natinfo1->mac, natinfo2->mac, sizeof(natinfo1->mac));
+
+ return !memcmp(natinfo1->mac, natinfo2->mac, sizeof(natinfo1->mac)) &&
+ natinfo1->target == natinfo2->target;
}
static struct ebt_u_target snat_target =
{
EBT_SNAT_TARGET,
- sizeof(struct ebt_nat_info) + sizeof(struct ebt_entry_target),
+ sizeof(struct ebt_nat_info),
print_help_s,
init_s,
parse_s,
--- ebtables-v2.0pre3.003/extensions/Makefile Sat Apr 6 21:56:53 2002
+++ ebtables-v2.0pre3.004/extensions/Makefile Tue Apr 23 22:46:21 2002
@@ -1,7 +1,7 @@
#! /usr/bin/make
-EXT_FUNC+=nat arp ip standard log
-EXT_TABLES+=filter nat
+EXT_FUNC+=nat arp ip standard log redirect
+EXT_TABLES+=filter nat broute
EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o)
EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o)
--- ebtables-v2.0pre3.003/ChangeLog Sun Apr 14 14:15:59 2002
+++ ebtables-v2.0pre3.004/ChangeLog Sat Apr 27 17:24:26 2002
@@ -1,3 +1,9 @@
+20020427
+ * added broute table.
+ * added redirect target.
+ * added --redirect-target, --snat-target and --dnat-target options.
+ * added logical_out and logical_in
+ * snat bugfix (->size)
20020414
* fixed some things in the manual.
* fixed -P problem.
--- ebtables-v2.0pre3.003/ebtables.8 Sat Apr 27 16:57:44 2002
+++ ebtables-v2.0pre3.004/ebtables.8 Sat Apr 27 13:33:37 2002
@@ -1,4 +1,4 @@
-.TH EBTABLES 8 "14 April 2002"
+.TH EBTABLES 8 "27 April 2002"
.\"
.\" Man page written by Bart De Schuymer <bart.de.schuymer@pandora.be>
.\" It is based on the iptables man page.
@@ -40,7 +40,7 @@
complicated. This man page is written with the man page of iptables
next to it, so don't be surprised to see copied sentences and structure.
-There are two tables with each three built-in chains. Each chain is a list
+There are three tables with built-in chains. Each chain is a list
of rules which can match frames: each rule specifies what to do with a
frame which matches. This is called a 'target'. The tables are used to
divide functionality into different sets of chains.
@@ -66,7 +66,7 @@
.B "TARGET EXTENSIONS"
section.
.SS TABLES
-There are two tables.
+There are three tables.
.TP
.B "-t, --table"
This option specifies the frame matching table which the command should
@@ -90,6 +90,22 @@
of chains POSTROUTING and PREROUTING: it would be more accurate to call them
PREFORWARDING and POSTFORWARDING, but for all those who come from the iptables
world to ebtables it is easier to have the same names.
+.BR broute ,
+this table is used to make a brouter, it has one chain:
+.BR BROUTING .
+The targets
+.BR DROP and ACCEPT
+have special meaning in this table.
+.B DROP
+actually means the frame has to be routed, while
+.B ACCEPT
+means the frame has to be bridged. The
+.B BROUTING
+chain is traversed very early. It is only traversed by frames entering on
+a bridge enslaved nic that is in forwarding state. Normally those frames
+would be bridged, but you can decide otherwise here. The
+.B redirect
+target is very handy here.
.SH OPTIONS
The options can be divided into several different groups.
.SS COMMANDS
@@ -334,13 +350,21 @@
The flag
.B --to-src
is an alias for this option.
+.br
+.BR "--snat-target " "\fItarget\fP"
+.br
+Specifies the standard target. After doing the snat, the rule still has
+to give a standard target so ebtables knows what to do.
+The default target is ACCEPT. Making it CONTINUE could let you use
+multiple target extensions on the same frame. Making it DROP doesn't
+make sense, but you could do that too.
.TP
.B dnat
The
.B dnat
target can only be used in the
-.BR PREROUTING " and the
-.BR OUTPUT " chains of the " nat " table."
+.BR BROUTING " chain of the " broute " table and the "
+.BR PREROUTING " and " OUTPUT " chains of the " nat " table."
It specifies that the destination mac address has to be changed.
.br
.BR "--to-destination " "\fIaddress\fP"
@@ -348,6 +372,31 @@
The flag
.B --to-dst
is an alias for this option.
+.br
+.BR "--dnat-target " "\fItarget\fP"
+.br
+Specifies the standard target. After doing the dnat, the rule still has to
+give a standard target so ebtables knows what to do.
+The default target is ACCEPT. Making it CONTINUE could let you use
+multiple target extensions on the same frame. Making it DROP only makes
+sense in the BROUTING chain but using the redirect target is more logical
+there.
+.TP
+.B redirect
+The
+.B redirect
+target will change the MAC target address to that of the physical nic the
+frame arrived on. This target can only be used in the
+.BR BROUTING " chain of the " broute " table and the "
+.BR PREROUTING " chain of the " nat " table."
+.br
+.BR "--redirect-target " "\fItarget\fP"
+.br
+Specifies the standard target. After doing the MAC redirect, the rule
+still has to give a standard target so ebtables knows what to do.
+The default target is ACCEPT. Making it CONTINUE could let you use
+multiple target extensions on the same frame. Making it DROP in the
+BROUTING chain will let the frames be routed.
.SH FILES
.I /etc/etherproto
.SH BUGS