Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
ffbd6a98
Commit
ffbd6a98
authored
Mar 02, 2003
by
Bart De Schuymer
Committed by
David S. Miller
Mar 02, 2003
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[EBTABLES]: Trivial changes and cleanups.
parent
b7461116
Changes
19
Hide whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
144 additions
and
126 deletions
+144
-126
include/linux/netfilter_bridge/ebt_ip.h
include/linux/netfilter_bridge/ebt_ip.h
+1
-1
include/linux/netfilter_bridge/ebt_log.h
include/linux/netfilter_bridge/ebt_log.h
+1
-1
include/linux/netfilter_bridge/ebt_mark_t.h
include/linux/netfilter_bridge/ebt_mark_t.h
+1
-1
include/linux/netfilter_bridge/ebt_nat.h
include/linux/netfilter_bridge/ebt_nat.h
+1
-1
include/linux/netfilter_bridge/ebt_redirect.h
include/linux/netfilter_bridge/ebt_redirect.h
+1
-1
include/linux/netfilter_bridge/ebtables.h
include/linux/netfilter_bridge/ebtables.h
+61
-60
net/bridge/netfilter/ebt_arp.c
net/bridge/netfilter/ebt_arp.c
+7
-5
net/bridge/netfilter/ebt_dnat.c
net/bridge/netfilter/ebt_dnat.c
+5
-3
net/bridge/netfilter/ebt_ip.c
net/bridge/netfilter/ebt_ip.c
+6
-4
net/bridge/netfilter/ebt_log.c
net/bridge/netfilter/ebt_log.c
+5
-3
net/bridge/netfilter/ebt_mark.c
net/bridge/netfilter/ebt_mark.c
+9
-6
net/bridge/netfilter/ebt_mark_m.c
net/bridge/netfilter/ebt_mark_m.c
+5
-3
net/bridge/netfilter/ebt_redirect.c
net/bridge/netfilter/ebt_redirect.c
+5
-3
net/bridge/netfilter/ebt_snat.c
net/bridge/netfilter/ebt_snat.c
+5
-3
net/bridge/netfilter/ebt_vlan.c
net/bridge/netfilter/ebt_vlan.c
+5
-7
net/bridge/netfilter/ebtable_broute.c
net/bridge/netfilter/ebtable_broute.c
+10
-9
net/bridge/netfilter/ebtable_filter.c
net/bridge/netfilter/ebtable_filter.c
+8
-8
net/bridge/netfilter/ebtable_nat.c
net/bridge/netfilter/ebtable_nat.c
+5
-5
net/bridge/netfilter/ebtables.c
net/bridge/netfilter/ebtables.c
+3
-2
No files found.
include/linux/netfilter_bridge/ebt_ip.h
View file @
ffbd6a98
...
...
@@ -25,7 +25,7 @@
EBT_IP_SPORT | EBT_IP_DPORT )
#define EBT_IP_MATCH "ip"
/
/ the same values are used for the invflags
/
* the same values are used for the invflags */
struct
ebt_ip_info
{
uint32_t
saddr
;
...
...
include/linux/netfilter_bridge/ebt_log.h
View file @
ffbd6a98
#ifndef __LINUX_BRIDGE_EBT_LOG_H
#define __LINUX_BRIDGE_EBT_LOG_H
#define EBT_LOG_IP 0x01 /
/ if the frame is made by ip, log the ip information
#define EBT_LOG_IP 0x01
/
* if the frame is made by ip, log the ip information */
#define EBT_LOG_ARP 0x02
#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP)
#define EBT_LOG_PREFIX_SIZE 30
...
...
include/linux/netfilter_bridge/ebt_mark_t.h
View file @
ffbd6a98
...
...
@@ -4,7 +4,7 @@
struct
ebt_mark_t_info
{
unsigned
long
mark
;
/
/ EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
/
* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int
target
;
};
#define EBT_MARK_TARGET "mark"
...
...
include/linux/netfilter_bridge/ebt_nat.h
View file @
ffbd6a98
...
...
@@ -4,7 +4,7 @@
struct
ebt_nat_info
{
unsigned
char
mac
[
ETH_ALEN
];
/
/ EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN
/
* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int
target
;
};
#define EBT_SNAT_TARGET "snat"
...
...
include/linux/netfilter_bridge/ebt_redirect.h
View file @
ffbd6a98
...
...
@@ -3,7 +3,7 @@
struct
ebt_redirect_info
{
/
/ EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
/
* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int
target
;
};
#define EBT_REDIRECT_TARGET "redirect"
...
...
include/linux/netfilter_bridge/ebtables.h
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebtables
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* ebtables.c,v 2.0, April, 2002
*
...
...
@@ -20,7 +20,7 @@
#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
/
/ verdicts >0 are "branches"
/
* verdicts >0 are "branches" */
#define EBT_ACCEPT -1
#define EBT_DROP -2
#define EBT_CONTINUE -3
...
...
@@ -34,33 +34,34 @@ struct ebt_counter
};
struct
ebt_entries
{
/
/
this field is always set to zero
//
See EBT_ENTRY_OR_ENTRIES.
// Must be same size as ebt_entry.bitmask
/
*
this field is always set to zero
*
See EBT_ENTRY_OR_ENTRIES.
* Must be same size as ebt_entry.bitmask */
unsigned
int
distinguisher
;
/
/ the chain name
/
* the chain name */
char
name
[
EBT_CHAIN_MAXNAMELEN
];
/
/ counter offset for this chain
/
* counter offset for this chain */
unsigned
int
counter_offset
;
/
/ one standard (accept, drop, return) per hook
/
* one standard (accept, drop, return) per hook */
int
policy
;
/
/ nr. of entries
/
* nr. of entries */
unsigned
int
nentries
;
/
/ entry list
/
* entry list */
char
data
[
0
];
};
/
/ used for the bitmask of struct ebt_entry
/
* used for the bitmask of struct ebt_entry */
// This is a hack to make a difference between an ebt_entry struct and an
// ebt_entries struct when traversing the entries from start to end.
// Using this simplifies the code alot, while still being able to use
// ebt_entries.
// Contrary, iptables doesn't use something like ebt_entries and therefore uses
// different techniques for naming the policy and such. So, iptables doesn't
// need a hack like this.
/* This is a hack to make a difference between an ebt_entry struct and an
* ebt_entries struct when traversing the entries from start to end.
* Using this simplifies the code alot, while still being able to use
* ebt_entries.
* Contrary, iptables doesn't use something like ebt_entries and therefore uses
* different techniques for naming the policy and such. So, iptables doesn't
* need a hack like this.
*/
#define EBT_ENTRY_OR_ENTRIES 0x01
/
/ these are the normal masks
/
* these are the normal masks */
#define EBT_NOPROTO 0x02
#define EBT_802_3 0x04
#define EBT_SOURCEMAC 0x08
...
...
@@ -84,7 +85,7 @@ struct ebt_entry_match
char
name
[
EBT_FUNCTION_MAXNAMELEN
];
struct
ebt_match
*
match
;
}
u
;
/
/ size of data
/
* size of data */
unsigned
int
match_size
;
unsigned
char
data
[
0
];
};
...
...
@@ -95,7 +96,7 @@ struct ebt_entry_watcher
char
name
[
EBT_FUNCTION_MAXNAMELEN
];
struct
ebt_watcher
*
watcher
;
}
u
;
/
/ size of data
/
* size of data */
unsigned
int
watcher_size
;
unsigned
char
data
[
0
];
};
...
...
@@ -106,7 +107,7 @@ struct ebt_entry_target
char
name
[
EBT_FUNCTION_MAXNAMELEN
];
struct
ebt_target
*
target
;
}
u
;
/
/ size of data
/
* size of data */
unsigned
int
target_size
;
unsigned
char
data
[
0
];
};
...
...
@@ -118,29 +119,29 @@ struct ebt_standard_target
int
verdict
;
};
/
/ one entry
/
* one entry */
struct
ebt_entry
{
/
/ this needs to be the first field
/
* this needs to be the first field */
unsigned
int
bitmask
;
unsigned
int
invflags
;
uint16_t
ethproto
;
/
/ the physical in-dev
/
* the physical in-dev */
char
in
[
IFNAMSIZ
];
/
/ the logical in-dev
/
* the logical in-dev */
char
logical_in
[
IFNAMSIZ
];
/
/ the physical out-dev
/
* the physical out-dev */
char
out
[
IFNAMSIZ
];
/
/ the logical out-dev
/
* the logical out-dev */
char
logical_out
[
IFNAMSIZ
];
unsigned
char
sourcemac
[
ETH_ALEN
];
unsigned
char
sourcemsk
[
ETH_ALEN
];
unsigned
char
destmac
[
ETH_ALEN
];
unsigned
char
destmsk
[
ETH_ALEN
];
/
/ sizeof ebt_entry + matches
/
* sizeof ebt_entry + matches */
unsigned
int
watchers_offset
;
/
/ sizeof ebt_entry + matches + watchers
/
* sizeof ebt_entry + matches + watchers */
unsigned
int
target_offset
;
/
/ sizeof ebt_entry + matches + watchers + target
/
* sizeof ebt_entry + matches + watchers + target */
unsigned
int
next_offset
;
unsigned
char
elems
[
0
];
};
...
...
@@ -149,20 +150,20 @@ struct ebt_replace
{
char
name
[
EBT_TABLE_MAXNAMELEN
];
unsigned
int
valid_hooks
;
/
/ nr of rules in the table
/
* nr of rules in the table */
unsigned
int
nentries
;
/
/ total size of the entries
/
* total size of the entries */
unsigned
int
entries_size
;
/
/ start of the chains
/
* start of the chains */
struct
ebt_entries
*
hook_entry
[
NF_BR_NUMHOOKS
];
/
/ nr of counters userspace expects back
/
* nr of counters userspace expects back */
unsigned
int
num_counters
;
/
/ where the kernel will put the old counters
/
* where the kernel will put the old counters */
struct
ebt_counter
*
counters
;
char
*
entries
;
};
/
/ [gs]etsockopt numbers
/
* {g,s}etsockopt numbers */
#define EBT_BASE_CTL 128
#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
...
...
@@ -177,7 +178,7 @@ struct ebt_replace
#ifdef __KERNEL__
/
/ return values for match() functions
/
* return values for match() functions */
#define EBT_MATCH 0
#define EBT_NOMATCH 1
...
...
@@ -185,11 +186,11 @@ struct ebt_match
{
struct
list_head
list
;
const
char
name
[
EBT_FUNCTION_MAXNAMELEN
];
/
/ 0 == it matches
/
* 0 == it matches */
int
(
*
match
)(
const
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
void
*
matchdata
,
unsigned
int
datalen
);
/
/ 0 == let it in
/
* 0 == let it in */
int
(
*
check
)(
const
char
*
tablename
,
unsigned
int
hookmask
,
const
struct
ebt_entry
*
e
,
void
*
matchdata
,
unsigned
int
datalen
);
void
(
*
destroy
)(
void
*
matchdata
,
unsigned
int
datalen
);
...
...
@@ -203,7 +204,7 @@ struct ebt_watcher
void
(
*
watcher
)(
const
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
void
*
watcherdata
,
unsigned
int
datalen
);
/
/ 0 == let it in
/
* 0 == let it in */
int
(
*
check
)(
const
char
*
tablename
,
unsigned
int
hookmask
,
const
struct
ebt_entry
*
e
,
void
*
watcherdata
,
unsigned
int
datalen
);
void
(
*
destroy
)(
void
*
watcherdata
,
unsigned
int
datalen
);
...
...
@@ -214,33 +215,33 @@ struct ebt_target
{
struct
list_head
list
;
const
char
name
[
EBT_FUNCTION_MAXNAMELEN
];
/
/ returns one of the standard verdicts
/
* returns one of the standard verdicts */
int
(
*
target
)(
struct
sk_buff
**
pskb
,
unsigned
int
hooknr
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
void
*
targetdata
,
unsigned
int
datalen
);
/
/ 0 == let it in
/
* 0 == let it in */
int
(
*
check
)(
const
char
*
tablename
,
unsigned
int
hookmask
,
const
struct
ebt_entry
*
e
,
void
*
targetdata
,
unsigned
int
datalen
);
void
(
*
destroy
)(
void
*
targetdata
,
unsigned
int
datalen
);
struct
module
*
me
;
};
/
/ used for jumping from and into user defined chains (udc)
/
* used for jumping from and into user defined chains (udc) */
struct
ebt_chainstack
{
struct
ebt_entries
*
chaininfo
;
/
/ pointer to chain data
struct
ebt_entry
*
e
;
/
/ pointer to entry data
unsigned
int
n
;
/
/ n'th entry
struct
ebt_entries
*
chaininfo
;
/
* pointer to chain data */
struct
ebt_entry
*
e
;
/
* pointer to entry data */
unsigned
int
n
;
/
* n'th entry */
};
struct
ebt_table_info
{
/
/ total size of the entries
/
* total size of the entries */
unsigned
int
entries_size
;
unsigned
int
nentries
;
/
/ pointers to the start of the chains
/
* pointers to the start of the chains */
struct
ebt_entries
*
hook_entry
[
NF_BR_NUMHOOKS
];
/
/ room to maintain the stack used for jumping from and into udc
/
* room to maintain the stack used for jumping from and into udc */
struct
ebt_chainstack
**
chainstack
;
char
*
entries
;
struct
ebt_counter
counters
[
0
]
____cacheline_aligned
;
...
...
@@ -253,11 +254,11 @@ struct ebt_table
struct
ebt_replace
*
table
;
unsigned
int
valid_hooks
;
rwlock_t
lock
;
/
/
e.g. could be the table explicitly only allows certain
// matches, targets, ... 0 == let it in
/
*
e.g. could be the table explicitly only allows certain
* matches, targets, ... 0 == let it in */
int
(
*
check
)(
const
struct
ebt_table_info
*
info
,
unsigned
int
valid_hooks
);
/
/ the data used by the kernel
/
* the data used by the kernel */
struct
ebt_table_info
*
private
;
};
...
...
@@ -273,20 +274,20 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
struct
ebt_table
*
table
);
// Used in the kernel match() functions
/* Used in the kernel match() functions */
#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))
/
/
True if the hook mask denotes that the rule is in a base chain,
// used in the check() functions
/
*
True if the hook mask denotes that the rule is in a base chain,
* used in the check() functions */
#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS))
/
/ Clear the bit in the hook mask that tells if the rule is on a base chain
/
* Clear the bit in the hook mask that tells if the rule is on a base chain */
#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS))
/
/ True if the target is not a standard target
/
* True if the target is not a standard target */
#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)
#endif
/* __KERNEL__ */
/
/
blatently stolen from ip_tables.h
// fn returns 0 to continue iteration
/
*
blatently stolen from ip_tables.h
* fn returns 0 to continue iteration */
#define EBT_MATCH_ITERATE(e, fn, args...) \
({ \
unsigned int __i; \
...
...
net/bridge/netfilter/ebt_arp.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_arp
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
* Tim Gardner <timg@tpi.com>
*
* April, 2002
...
...
@@ -37,10 +37,10 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
uint32_t
dst
;
uint32_t
src
;
/
/ Make sure the packet is long enough.
/
* Make sure the packet is long enough */
if
((((
*
skb
).
nh
.
raw
)
+
arp_len
)
>
(
*
skb
).
tail
)
return
EBT_NOMATCH
;
/
/ IPv4 addresses are always 4 bytes.
/
* IPv4 addresses are always 4 bytes */
if
(((
*
skb
).
nh
.
arph
)
->
ar_pln
!=
sizeof
(
uint32_t
))
return
EBT_NOMATCH
;
...
...
@@ -82,8 +82,10 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask,
static
struct
ebt_match
filter_arp
=
{
{
NULL
,
NULL
},
EBT_ARP_MATCH
,
ebt_filter_arp
,
ebt_arp_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_ARP_MATCH
,
.
match
=
ebt_filter_arp
,
.
check
=
ebt_arp_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_dnat.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_dnat
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* June, 2002
*
...
...
@@ -45,8 +45,10 @@ static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
static
struct
ebt_target
dnat
=
{
{
NULL
,
NULL
},
EBT_DNAT_TARGET
,
ebt_target_dnat
,
ebt_target_dnat_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_DNAT_TARGET
,
.
target
=
ebt_target_dnat
,
.
check
=
ebt_target_dnat_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_ip.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_ip
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* April, 2002
*
...
...
@@ -86,7 +86,7 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask,
if
(
info
->
bitmask
&
~
EBT_IP_MASK
||
info
->
invflags
&
~
EBT_IP_MASK
)
return
-
EINVAL
;
if
(
info
->
bitmask
&
(
EBT_IP_DPORT
|
EBT_IP_SPORT
))
{
if
(
!
info
->
bitmask
&
EBT_IPROTO
)
if
(
!
(
info
->
bitmask
&
EBT_IPROTO
)
)
return
-
EINVAL
;
if
(
info
->
protocol
!=
IPPROTO_TCP
&&
info
->
protocol
!=
IPPROTO_UDP
)
...
...
@@ -101,8 +101,10 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask,
static
struct
ebt_match
filter_ip
=
{
{
NULL
,
NULL
},
EBT_IP_MATCH
,
ebt_filter_ip
,
ebt_ip_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_IP_MATCH
,
.
match
=
ebt_filter_ip
,
.
check
=
ebt_ip_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_log.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_log
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* April, 2002
*
...
...
@@ -80,8 +80,10 @@ static void ebt_log(const struct sk_buff *skb, const struct net_device *in,
static
struct
ebt_watcher
log
=
{
{
NULL
,
NULL
},
EBT_LOG_WATCHER
,
ebt_log
,
ebt_log_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_LOG_WATCHER
,
.
watcher
=
ebt_log
,
.
check
=
ebt_log_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_mark.c
View file @
ffbd6a98
...
...
@@ -2,15 +2,16 @@
* ebt_mark
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* July, 2002
*
*/
// The mark target can be used in any chain
// I believe adding a mangle table just for marking is total overkill
// Marking a frame doesn't really change anything in the frame anyway
/* The mark target can be used in any chain,
* I believe adding a mangle table just for marking is total overkill.
* Marking a frame doesn't really change anything in the frame anyway.
*/
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_mark_t.h>
...
...
@@ -46,8 +47,10 @@ static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
static
struct
ebt_target
mark_target
=
{
{
NULL
,
NULL
},
EBT_MARK_TARGET
,
ebt_target_mark
,
ebt_target_mark_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_MARK_TARGET
,
.
target
=
ebt_target_mark
,
.
check
=
ebt_target_mark_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_mark_m.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_mark_m
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* July, 2002
*
...
...
@@ -41,8 +41,10 @@ static int ebt_mark_check(const char *tablename, unsigned int hookmask,
static
struct
ebt_match
filter_mark
=
{
{
NULL
,
NULL
},
EBT_MARK_MATCH
,
ebt_filter_mark
,
ebt_mark_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_MARK_MATCH
,
.
match
=
ebt_filter_mark
,
.
check
=
ebt_mark_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_redirect.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_redirect
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* April, 2002
*
...
...
@@ -51,8 +51,10 @@ static int ebt_target_redirect_check(const char *tablename, unsigned int hookmas
static
struct
ebt_target
redirect_target
=
{
{
NULL
,
NULL
},
EBT_REDIRECT_TARGET
,
ebt_target_redirect
,
ebt_target_redirect_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_REDIRECT_TARGET
,
.
target
=
ebt_target_redirect
,
.
check
=
ebt_target_redirect_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_snat.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebt_snat
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* June, 2002
*
...
...
@@ -44,8 +44,10 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask,
static
struct
ebt_target
snat
=
{
{
NULL
,
NULL
},
EBT_SNAT_TARGET
,
ebt_target_snat
,
ebt_target_snat_check
,
NULL
,
THIS_MODULE
.
name
=
EBT_SNAT_TARGET
,
.
target
=
ebt_target_snat
,
.
check
=
ebt_target_snat_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebt_vlan.c
View file @
ffbd6a98
/*
* Description: EBTables 802.1Q match extension kernelspace module.
* Authors: Nick Fedchik <nick@fedchik.org.ua>
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
...
...
@@ -226,12 +226,10 @@ ebt_check_vlan(const char *tablename,
}
static
struct
ebt_match
filter_vlan
=
{
{
NULL
,
NULL
},
EBT_VLAN_MATCH
,
ebt_filter_vlan
,
ebt_check_vlan
,
NULL
,
THIS_MODULE
.
name
=
EBT_VLAN_MATCH
,
.
match
=
ebt_filter_vlan
,
.
check
=
ebt_check_vlan
,
.
me
=
THIS_MODULE
,
};
/*
...
...
net/bridge/netfilter/ebtable_broute.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebtable_broute
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* April, 2002
*
...
...
@@ -16,11 +16,12 @@
#include <linux/if_bridge.h>
#include <linux/brlock.h>
// EBT_ACCEPT means the frame will be bridged
// EBT_DROP means the frame will be routed
/* EBT_ACCEPT means the frame will be bridged
* EBT_DROP means the frame will be routed
*/
static
struct
ebt_entries
initial_chain
=
{
.
name
=
"BROUTING"
,
.
policy
=
EBT_ACCEPT
,
.
name
=
"BROUTING"
,
.
policy
=
EBT_ACCEPT
,
};
static
struct
ebt_replace
initial_table
=
...
...
@@ -31,7 +32,7 @@ static struct ebt_replace initial_table =
.
hook_entry
=
{
[
NF_BR_BROUTING
]
=
&
initial_chain
,
},
.
entries
=
(
char
*
)
&
initial_chain
.
entries
=
(
char
*
)
&
initial_chain
,
};
static
int
check
(
const
struct
ebt_table_info
*
info
,
unsigned
int
valid_hooks
)
...
...
@@ -57,8 +58,8 @@ static int ebt_broute(struct sk_buff **pskb)
ret
=
ebt_do_table
(
NF_BR_BROUTING
,
pskb
,
(
*
pskb
)
->
dev
,
NULL
,
&
broute_table
);
if
(
ret
==
NF_DROP
)
return
1
;
/
/ route it
return
0
;
/
/ bridge it
return
1
;
/
* route it */
return
0
;
/
* bridge it */
}
static
int
__init
init
(
void
)
...
...
@@ -69,7 +70,7 @@ static int __init init(void)
if
(
ret
<
0
)
return
ret
;
br_write_lock_bh
(
BR_NETPROTO_LOCK
);
/
/ see br_input.c
/
* see br_input.c */
br_should_route_hook
=
ebt_broute
;
br_write_unlock_bh
(
BR_NETPROTO_LOCK
);
return
ret
;
...
...
net/bridge/netfilter/ebtable_filter.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebtable_filter
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* April, 2002
*
...
...
@@ -27,7 +27,7 @@ static struct ebt_entries initial_chains[] =
{
.
name
=
"OUTPUT"
,
.
policy
=
EBT_ACCEPT
,
}
}
,
};
static
struct
ebt_replace
initial_table
=
...
...
@@ -35,12 +35,12 @@ static struct ebt_replace initial_table =
.
name
=
"filter"
,
.
valid_hooks
=
FILTER_VALID_HOOKS
,
.
entries_size
=
3
*
sizeof
(
struct
ebt_entries
),
.
hook_entry
=
{
.
hook_entry
=
{
[
NF_BR_LOCAL_IN
]
=
&
initial_chains
[
0
],
[
NF_BR_FORWARD
]
=
&
initial_chains
[
1
],
[
NF_BR_LOCAL_OUT
]
=
&
initial_chains
[
2
],
[
NF_BR_LOCAL_OUT
]
=
&
initial_chains
[
2
],
},
.
entries
=
(
char
*
)
initial_chains
.
entries
=
(
char
*
)
initial_chains
,
};
static
int
check
(
const
struct
ebt_table_info
*
info
,
unsigned
int
valid_hooks
)
...
...
@@ -77,14 +77,14 @@ static struct nf_hook_ops ebt_ops_filter[] = {
.
hook
=
ebt_hook
,
.
pf
=
PF_BRIDGE
,
.
hooknum
=
NF_BR_FORWARD
,
.
priority
=
NF_BR_PRI_FILTER_BRIDGED
.
priority
=
NF_BR_PRI_FILTER_BRIDGED
,
},
{
.
hook
=
ebt_hook
,
.
pf
=
PF_BRIDGE
,
.
hooknum
=
NF_BR_LOCAL_OUT
,
.
priority
=
NF_BR_PRI_FILTER_OTHER
}
.
priority
=
NF_BR_PRI_FILTER_OTHER
,
}
,
};
static
int
__init
init
(
void
)
...
...
net/bridge/netfilter/ebtable_nat.c
View file @
ffbd6a98
...
...
@@ -2,7 +2,7 @@
* ebtable_nat
*
* Authors:
* Bart De Schuymer <b
art.de.schuymer
@pandora.be>
* Bart De Schuymer <b
dschuym
@pandora.be>
*
* April, 2002
*
...
...
@@ -39,7 +39,7 @@ static struct ebt_replace initial_table =
[
NF_BR_LOCAL_OUT
]
=
&
initial_chains
[
1
],
[
NF_BR_POST_ROUTING
]
=
&
initial_chains
[
2
],
},
.
entries
=
(
char
*
)
initial_chains
.
entries
=
(
char
*
)
initial_chains
,
};
static
int
check
(
const
struct
ebt_table_info
*
info
,
unsigned
int
valid_hooks
)
...
...
@@ -77,19 +77,19 @@ static struct nf_hook_ops ebt_ops_nat[] = {
.
hook
=
ebt_nat_dst
,
.
pf
=
PF_BRIDGE
,
.
hooknum
=
NF_BR_LOCAL_OUT
,
.
priority
=
NF_BR_PRI_NAT_DST_OTHER
.
priority
=
NF_BR_PRI_NAT_DST_OTHER
,
},
{
.
hook
=
ebt_nat_src
,
.
pf
=
PF_BRIDGE
,
.
hooknum
=
NF_BR_POST_ROUTING
,
.
priority
=
NF_BR_PRI_NAT_SRC
.
priority
=
NF_BR_PRI_NAT_SRC
,
},
{
.
hook
=
ebt_nat_dst
,
.
pf
=
PF_BRIDGE
,
.
hooknum
=
NF_BR_PRE_ROUTING
,
.
priority
=
NF_BR_PRI_NAT_DST_BRIDGED
.
priority
=
NF_BR_PRI_NAT_DST_BRIDGED
,
},
};
...
...
net/bridge/netfilter/ebtables.c
View file @
ffbd6a98
...
...
@@ -365,7 +365,7 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
m
->
u
.
match
=
match
;
if
(
!
try_module_get
(
match
->
me
))
{
up
(
&
ebt_mutex
);
return
-
E
INVAL
;
return
-
E
NOENT
;
}
up
(
&
ebt_mutex
);
if
(
match
->
check
&&
...
...
@@ -394,7 +394,7 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
w
->
u
.
watcher
=
watcher
;
if
(
!
try_module_get
(
watcher
->
me
))
{
up
(
&
ebt_mutex
);
return
-
E
INVAL
;
return
-
E
NOENT
;
}
up
(
&
ebt_mutex
);
if
(
watcher
->
check
&&
...
...
@@ -634,6 +634,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
goto
cleanup_watchers
;
if
(
!
try_module_get
(
target
->
me
))
{
up
(
&
ebt_mutex
);
ret
=
-
ENOENT
;
goto
cleanup_watchers
;
}
up
(
&
ebt_mutex
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment