[-]
[+]
|
Changed |
arptables.changes
|
|
[-]
[+]
|
Changed |
arptables.spec
^
|
|
[-]
[+]
|
Deleted |
arptables-install.diff
^
|
@@ -1,36 +0,0 @@
----
- Makefile | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-Index: arptables-v0.0.3-4/Makefile
-===================================================================
---- arptables-v0.0.3-4.orig/Makefile
-+++ arptables-v0.0.3-4/Makefile
-@@ -35,22 +35,22 @@ arptables: arptables-standalone.o arptab
-
- $(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8
- mkdir -p $(@D)
-- install -m 0644 -o root -g root $< $@
-+ install -m 0644 $< $@
-
- $(DESTDIR)$(BINDIR)/arptables: arptables
- mkdir -p $(DESTDIR)$(BINDIR)
-- install -m 0755 -o root -g root $< $@
-+ install -m 0755 $< $@
-
- tmp1:=$(shell printf $(BINDIR) | sed 's/\//\\\//g')
- tmp2:=$(shell printf $(SYSCONFIGDIR) | sed 's/\//\\\//g')
- .PHONY: scripts
- scripts: arptables-save arptables-restore arptables.sysv
- cat arptables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-save_
-- install -m 0755 -o root -g root arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save
-+ install -m 0755 arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save
- cat arptables-restore | sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-restore_
-- install -m 0755 -o root -g root arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore
-+ install -m 0755 arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore
- cat arptables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > arptables.sysv_
-- if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi
-+ if test -d $(DESTDIR)$(INITDIR); then install -m 0755 arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi
- rm -f arptables-save_ arptables-restore_ arptables.sysv_
-
- .PHONY: install
|
[-]
[+]
|
Deleted |
arptables-warnings.diff
^
|
@@ -1,168 +0,0 @@
----
- arptables.c | 27 +++++++++++++++------------
- libarptc/libarptc.c | 6 ++++--
- libarptc/libarptc_incl.c | 6 ++++--
- 3 files changed, 23 insertions(+), 16 deletions(-)
-
-Index: arptables-v0.0.3-4/arptables.c
-===================================================================
---- arptables-v0.0.3-4.orig/arptables.c
-+++ arptables-v0.0.3-4/arptables.c
-@@ -874,7 +874,7 @@ parse_target(const char *targetname)
-
- if (strlen(targetname)+1 > sizeof(arpt_chainlabel))
- exit_error(PARAMETER_PROBLEM,
-- "Invalid target name `%s' (%i chars max)",
-+ "Invalid target name `%s' (%zu chars max)",
- targetname, sizeof(arpt_chainlabel)-1);
-
- for (ptr = targetname; *ptr; ptr++)
-@@ -1062,7 +1062,7 @@ register_match(struct arptables_match *m
- }
-
- if (me->size != ARPT_ALIGN(me->size)) {
-- fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
-+ fprintf(stderr, "%s: match `%s' has invalid size %zu.\n",
- program_name, me->name, me->size);
- exit(1);
- }
-@@ -1092,7 +1092,7 @@ register_target(struct arptables_target
- }
-
- if (me->size != ARPT_ALIGN(me->size)) {
-- fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
-+ fprintf(stderr, "%s: target `%s' has invalid size %zu.\n",
- program_name, me->name, me->size);
- exit(1);
- }
-@@ -1116,17 +1116,17 @@ print_num(u_int64_t number, unsigned int
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
-- printf(FMT("%4lluT ","%lluT "), number);
-+ printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
-- else printf(FMT("%4lluG ","%lluG "), number);
-+ else printf(FMT("%4lluG ","%lluG "), (unsigned long long)number);
- }
-- else printf(FMT("%4lluM ","%lluM "), number);
-+ else printf(FMT("%4lluM ","%lluM "), (unsigned long long)number);
- } else
-- printf(FMT("%4lluK ","%lluK "), number);
-+ printf(FMT("%4lluK ","%lluK "), (unsigned long long)number);
- } else
-- printf(FMT("%5llu ","%llu "), number);
-+ printf(FMT("%5llu ","%llu "), (unsigned long long)number);
- } else
-- printf(FMT("%8llu ","%llu "), number);
-+ printf(FMT("%8llu ","%llu "), (unsigned long long)number);
- }
-
-
-@@ -1370,7 +1370,7 @@ after_devdst:
- /* Print the target information. */
- target->print(&fw->arp, t, format & FMT_NUMERIC);
- } else if (t->u.target_size != sizeof(*t))
-- printf("[%u bytes of unknown target data] ",
-+ printf("[%zu bytes of unknown target data] ",
- t->u.target_size - sizeof(*t));
-
- if (!(format & FMT_NOCOUNTS)) {
-@@ -1777,6 +1777,7 @@ int do_command(int argc, char *argv[], c
- const char *jumpto = "";
- char *protocol = NULL;
- const char *modprobe = NULL;
-+ unsigned long long bpcnt_num;
-
- /* first figure out if this is a 2.6 or a 2.4 kernel */
- *handle = arptc_init(*table);
-@@ -2159,15 +2160,17 @@ int do_command(int argc, char *argv[], c
- "-%c requires packet and byte counter",
- opt2char(OPT_COUNTERS));
-
-- if (sscanf(pcnt, "%llu", &fw.counters.pcnt) != 1)
-+ if (sscanf(pcnt, "%llu", &bpcnt_num) != 1)
- exit_error(PARAMETER_PROBLEM,
- "-%c packet counter not numeric",
- opt2char(OPT_COUNTERS));
-+ fw.counters.pcnt = bpcnt_num;
-
-- if (sscanf(bcnt, "%llu", &fw.counters.bcnt) != 1)
-+ if (sscanf(bcnt, "%llu", &bpcnt_num) != 1)
- exit_error(PARAMETER_PROBLEM,
- "-%c byte counter not numeric",
- opt2char(OPT_COUNTERS));
-+ fw.counters.bcnt = bpcnt_num;
-
- break;
-
-Index: arptables-v0.0.3-4/libarptc/libarptc.c
-===================================================================
---- arptables-v0.0.3-4.orig/libarptc/libarptc.c
-+++ arptables-v0.0.3-4/libarptc/libarptc.c
-@@ -133,7 +133,8 @@ dump_entry(STRUCT_ENTRY *e, const TC_HAN
- printf("Flags: %02X\n", e->arp.flags);
- printf("Invflags: %02X\n", e->arp.invflags);
- printf("Counters: %llu packets, %llu bytes\n",
-- e->counters.pcnt, e->counters.bcnt);
-+ (unsigned long long)e->counters.pcnt,
-+ (unsigned long long)e->counters.bcnt);
- /*
- printf("Cache: %08X ", e->nfcache);
- if (e->nfcache & NFC_ALTERED) printf("ALTERED ");
-@@ -159,7 +160,8 @@ dump_entry(STRUCT_ENTRY *e, const TC_HAN
- t = GET_TARGET(e);
- printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
- if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) {
-- int pos = *(int *)t->data;
-+ const unsigned char *data = t->data;
-+ int pos = *(const int *)data;
- if (pos < 0)
- printf("verdict=%s\n",
- pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
-Index: arptables-v0.0.3-4/libarptc/libarptc_incl.c
-===================================================================
---- arptables-v0.0.3-4.orig/libarptc/libarptc_incl.c
-+++ arptables-v0.0.3-4/libarptc/libarptc_incl.c
-@@ -121,7 +121,7 @@ entry2index(const TC_HANDLE_T h, const S
-
- if (ENTRY_ITERATE(h->entries.entrytable, h->entries.size,
- get_number, seek, &pos) == 0) {
-- fprintf(stderr, "ERROR: offset %i not an entry!\n",
-+ fprintf(stderr, "ERROR: offset %zu not an entry!\n",
- (char *)seek - (char *)h->entries.entrytable);
- abort();
- }
-@@ -583,6 +583,7 @@ target_name(TC_HANDLE_T handle, const ST
- int spos;
- unsigned int labelidx;
- STRUCT_ENTRY *jumpto;
-+ const unsigned char *data;
-
- /* To avoid const warnings */
- STRUCT_ENTRY *e = (STRUCT_ENTRY *)ce;
-@@ -591,7 +592,8 @@ target_name(TC_HANDLE_T handle, const ST
- return GET_TARGET(e)->u.user.name;
-
- /* Standard target: evaluate */
-- spos = *(int *)GET_TARGET(e)->data;
-+ data = GET_TARGET(e)->data;
-+ spos = *(const int *)data;
- if (spos < 0) {
- if (spos == RETURN)
- return LABEL_RETURN;
-Index: arptables-v0.0.3-4/Makefile
-===================================================================
---- arptables-v0.0.3-4.orig/Makefile
-+++ arptables-v0.0.3-4/Makefile
-@@ -10,8 +10,8 @@ INITDIR:=/etc/rc.d/init.d
- SYSCONFIGDIR:=/etc/sysconfig
- DESTDIR:=
-
--COPT_FLAGS:=-O2
--CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include/ -Iinclude/ -DARPTABLES_VERSION=\"$(ARPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DARPTC_DEBUG
-+COPT_FLAGS=-O2
-+CFLAGS=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include/ -Iinclude/ -DARPTABLES_VERSION=\"$(ARPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DARPTC_DEBUG
-
- ifndef ARPT_LIBDIR
- ARPT_LIBDIR:=$(LIBDIR)/arptables
|
[-]
[+]
|
Deleted |
arptables-v0.0.3-4.tar.xz/include/arp_tables.h
^
|
@@ -1,342 +0,0 @@
-/*
- * Format of an ARP firewall descriptor
- *
- * src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in
- * network byte order.
- * flags are stored in host byte order (of course).
- */
-
-#ifndef _ARPTABLES_H
-#define _ARPTABLES_H
-
-#ifdef __KERNEL__
-#include <linux/if.h>
-#include <linux/types.h>
-#include <linux/in.h>
-#include <linux/if_arp.h>
-#include <linux/skbuff.h>
-#endif
-
-#include <linux/netfilter_arp.h>
-
-#define ARPT_FUNCTION_MAXNAMELEN 30
-#define ARPT_TABLE_MAXNAMELEN 32
-
-#define ARPT_DEV_ADDR_LEN_MAX 16
-
-struct arpt_devaddr_info {
- char addr[ARPT_DEV_ADDR_LEN_MAX];
- char mask[ARPT_DEV_ADDR_LEN_MAX];
-};
-
-/* Yes, Virginia, you have to zero the padding. */
-struct arpt_arp {
- /* Source and target IP addr */
- struct in_addr src, tgt;
- /* Mask for src and target IP addr */
- struct in_addr smsk, tmsk;
-
- /* Device hw address length, src+target device addresses */
- u_int8_t arhln, arhln_mask;
- struct arpt_devaddr_info src_devaddr;
- struct arpt_devaddr_info tgt_devaddr;
-
- /* ARP operation code. */
- u_int16_t arpop, arpop_mask;
-
- /* ARP hardware address and protocol address format. */
- u_int16_t arhrd, arhrd_mask;
- u_int16_t arpro, arpro_mask;
-
- /* The protocol address length is only accepted if it is 4
- * so there is no use in offering a way to do filtering on it.
- */
-
- char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
-
- /* Flags word */
- u_int8_t flags;
- /* Inverse flags */
- u_int16_t invflags;
-};
-
-struct arpt_entry_target
-{
- union {
- struct {
- u_int16_t target_size;
-
- /* Used by userspace */
- char name[ARPT_FUNCTION_MAXNAMELEN];
- } user;
- struct {
- u_int16_t target_size;
-
- /* Used inside the kernel */
- struct arpt_target *target;
- } kernel;
-
- /* Total length */
- u_int16_t target_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct arpt_standard_target
-{
- struct arpt_entry_target target;
- int verdict;
-};
-
-struct arpt_counters
-{
- u_int64_t pcnt, bcnt; /* Packet and byte counters */
-};
-
-/* Values for "flag" field in struct arpt_ip (general arp structure).
- * No flags defined yet.
- */
-#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
-
-/* Values for "inv" field in struct arpt_arp. */
-#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
-#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
-#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
-#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
-#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
-#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
-#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
-#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
-#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
-#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
-#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
-
-/* This structure defines each of the firewall rules. Consists of 3
- parts which are 1) general ARP header stuff 2) match specific
- stuff 3) the target to perform if the rule matches */
-struct arpt_entry
-{
- struct arpt_arp arp;
-
- /* Size of arpt_entry + matches */
- u_int16_t target_offset;
- /* Size of arpt_entry + matches + target */
- u_int16_t next_offset;
-
- /* Back pointer */
- unsigned int comefrom;
-
- /* Packet and byte counters. */
- struct arpt_counters counters;
-
- /* The matches (if any), then the target. */
- unsigned char elems[0];
-};
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls.
- */
-#define ARPT_BASE_CTL 96 /* base for firewall socket options */
-
-#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
-#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
-#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
-
-#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
-#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
-#define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES
-
-/* CONTINUE verdict for targets */
-#define ARPT_CONTINUE 0xFFFFFFFF
-
-/* For standard target */
-#define ARPT_RETURN (-NF_REPEAT - 1)
-
-/* The argument to ARPT_SO_GET_INFO */
-struct arpt_getinfo
-{
- /* Which table: caller fills this in. */
- char name[ARPT_TABLE_MAXNAMELEN];
-
- /* Kernel fills these in. */
- /* Which hook entry points are valid: bitmask */
- unsigned int valid_hooks;
-
- /* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[3];
-
- /* Underflow points. */
- unsigned int underflow[3];
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Size of entries. */
- unsigned int size;
-};
-
-/* The argument to ARPT_SO_SET_REPLACE. */
-struct arpt_replace
-{
- /* Which table. */
- char name[ARPT_TABLE_MAXNAMELEN];
-
- /* Which hook entry points are valid: bitmask. You can't
- change this. */
- unsigned int valid_hooks;
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Total size of new entries */
- unsigned int size;
-
- /* Hook entry points. */
- unsigned int hook_entry[3];
-
- /* Underflow points. */
- unsigned int underflow[3];
-
- /* Information about old entries: */
- /* Number of counters (must be equal to current number of entries). */
- unsigned int num_counters;
- /* The old entries' counters. */
- struct arpt_counters *counters;
-
- /* The entries (hang off end: not really an array). */
- struct arpt_entry entries[0];
-};
-
-/* The argument to ARPT_SO_ADD_COUNTERS. */
-struct arpt_counters_info
-{
- /* Which table. */
- char name[ARPT_TABLE_MAXNAMELEN];
-
- unsigned int num_counters;
-
- /* The counters (actually `number' of these). */
- struct arpt_counters counters[0];
-};
-
-/* The argument to ARPT_SO_GET_ENTRIES. */
-struct arpt_get_entries
-{
- /* Which table: user fills this in. */
- char name[ARPT_TABLE_MAXNAMELEN];
-
- /* User fills this in: total entry size. */
- unsigned int size;
-
- /* The entries. */
- struct arpt_entry entrytable[0];
-};
-
-/* Standard return verdict, or do jump. */
-#define ARPT_STANDARD_TARGET ""
-/* Error verdict. */
-#define ARPT_ERROR_TARGET "ERROR"
-
-/* Helper functions */
-static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e)
-{
- return (void *)e + e->target_offset;
-}
-
-/* fn returns 0 to continue iteration */
-#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct arpt_entry *__entry; \
- \
- for (__i = 0; __i < (size); __i += __entry->next_offset) { \
- __entry = (void *)(entries) + __i; \
- \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
-
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-#ifdef __KERNEL__
-
-/* Registration hooks for targets. */
-struct arpt_target
-{
- struct list_head list;
-
- const char name[ARPT_FUNCTION_MAXNAMELEN];
-
- /* Returns verdict. */
- unsigned int (*target)(struct sk_buff **pskb,
- unsigned int hooknum,
- const struct net_device *in,
- const struct net_device *out,
- const void *targinfo,
- void *userdata);
-
- /* Called when user tries to insert an entry of this type:
- hook_mask is a bitmask of hooks from which it can be
- called. */
- /* Should return true or false. */
- int (*checkentry)(const char *tablename,
- const struct arpt_entry *e,
- void *targinfo,
- unsigned int targinfosize,
- unsigned int hook_mask);
-
- /* Called when entry of this type deleted. */
- void (*destroy)(void *targinfo, unsigned int targinfosize);
-
- /* Set this to THIS_MODULE if you are a module, otherwise NULL */
- struct module *me;
-};
-
-extern int arpt_register_target(struct arpt_target *target);
-extern void arpt_unregister_target(struct arpt_target *target);
-
-/* Furniture shopping... */
-struct arpt_table
-{
- struct list_head list;
-
- /* A unique name... */
- char name[ARPT_TABLE_MAXNAMELEN];
-
- /* Seed table: copied in register_table */
- struct arpt_replace *table;
-
- /* What hooks you will enter on */
- unsigned int valid_hooks;
-
- /* Lock for the curtain */
- rwlock_t lock;
-
- /* Man behind the curtain... */
- struct arpt_table_info *private;
-
- /* Set this to THIS_MODULE if you are a module, otherwise NULL */
- struct module *me;
-};
-
-extern int arpt_register_table(struct arpt_table *table);
-extern void arpt_unregister_table(struct arpt_table *table);
-extern unsigned int arpt_do_table(struct sk_buff **pskb,
- unsigned int hook,
- const struct net_device *in,
- const struct net_device *out,
- struct arpt_table *table,
- void *userdata);
-
-#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1))
-#endif /*__KERNEL__*/
-#endif /* _ARPTABLES_H */
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/Makefile
^
|
@@ -1,4 +1,4 @@
-ARPTABLES_VERSION:=0.0.3-4
+ARPTABLES_VERSION:=0.0.4
KERNEL_DIR:=./
# default paths
@@ -31,26 +31,27 @@
$(CC) $(CFLAGS) -c -o $@ $<
arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS)
- $(CC) $(CFLAGS) -o $@ $^
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
$(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8
mkdir -p $(@D)
- install -m 0644 -o root -g root $< $@
+ install -m 0644 $< $@
$(DESTDIR)$(BINDIR)/arptables: arptables
mkdir -p $(DESTDIR)$(BINDIR)
- install -m 0755 -o root -g root $< $@
+ install -m 0755 $< $@
tmp1:=$(shell printf $(BINDIR) | sed 's/\//\\\//g')
tmp2:=$(shell printf $(SYSCONFIGDIR) | sed 's/\//\\\//g')
.PHONY: scripts
scripts: arptables-save arptables-restore arptables.sysv
cat arptables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-save_
- install -m 0755 -o root -g root arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save
+ install -m 0755 arptables-save_ $(DESTDIR)$(BINDIR)/arptables-save
cat arptables-restore | sed 's/__EXEC_PATH__/$(tmp1)/g' > arptables-restore_
- install -m 0755 -o root -g root arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore
+ install -m 0755 arptables-restore_ $(DESTDIR)$(BINDIR)/arptables-restore
cat arptables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > arptables.sysv_
- if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi
+ if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi
+ if test -d $(DESTDIR)$(INITDIR); then install -m 0755 arptables.sysv_ $(DESTDIR)$(INITDIR)/arptables; fi
rm -f arptables-save_ arptables-restore_ arptables.sysv_
.PHONY: install
@@ -65,11 +66,9 @@
rm -f include/*~ include/libarptc/*~
DIR:=arptables-v$(ARPTABLES_VERSION)
-CVSDIRS:=CVS extensions/CVS libarptc/CVS include/CVS include/libarptc/CVS include/linux/CVS include/linux/netfilter_arp/CVS
# This is used to make a new userspace release
.PHONY: release
release:
- rm -rf $(CVSDIRS)
make clean
cd ..;find $(DIR) -exec touch {} \;;find $(DIR) -exec chmod o-r,g-r,o-w,g-w,o-x,g-x {} \;;tar -pc $(DIR) | gzip >$(DIR).tar.gz
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/arptables-save
^
|
@@ -19,7 +19,7 @@
my $line = "";
foreach $line (split("\n",$_[0])) {
- if ($line =~ m/Chain\s(.*?)\s\(policy\s(.*?)\s/) {
+ if ($line =~ m/Chain\s(.*?)\s\(policy\s(.*?)\)/) {
$chains = $chains . ":$1 $2\n";
$chain = $1;
next;
@@ -32,9 +32,6 @@
if ($line =~ m/^$/) {
next;
}
- # Due to arptables "issues" with displaying device names
- # we need to use -v and then do some processing
- $line =~ s/\s,\s.*//;
$rules = $rules . "-A $chain $line\n";
}
@@ -47,7 +44,7 @@
# ========================================================
unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; };
-$table =`$tool -t filter -L -v`;
+$table =`$tool -t filter -L -n`;
unless ($? == 0) { print $table; exit -1 };
&process_table($table);
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/arptables.8
^
|
@@ -1,4 +1,4 @@
-.TH ARPTABLES 8 "August 2007"
+.TH ARPTABLES 8 "November 2011"
.\"
.\" Man page originally written by Jochen Friedrich <jochen@scram.de>,
.\" maintained by Bart De Schuymer.
@@ -22,7 +22,7 @@
.\"
.\"
.SH NAME
-arptables (v.0.0.3-3) \- ARP table administration
+arptables \- ARP table administration
.SH SYNOPSIS
.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ]
.br
@@ -297,10 +297,19 @@
.BR "--mangle-target target "
Target of ARP mangle operation
.BR "" ( DROP ", " CONTINUE " or " ACCEPT " -- default is " ACCEPT ).
+.SS CLASSIFY
+This module allows you to set the skb->priority value (and thus clas-
+sify the packet into a specific CBQ class).
+
+.TP
+.BR "--set-class major:minor"
+
+Set the major and minor class value. The values are always
+interpreted as hexadecimal even if no 0x prefix is given.
.SH MAILINGLISTS
-.I ebtables-user@lists.sourceforge.net
-.br
-.I ebtables-devel@lists.sourceforge.net
+.BR "" "See " http://netfilter.org/mailinglists.html
.SH SEE ALSO
.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8)
+.PP
+.BR "" "See " http://ebtables.sf.net
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/arptables.c
^
|
@@ -34,6 +34,7 @@
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
+#include <inttypes.h>
#include <dlfcn.h>
#include <ctype.h>
#include <stdarg.h>
@@ -203,6 +204,7 @@
/* 2 */ ARPT_INV_SRCDEVADDR,
/* 3 */ ARPT_INV_TGTDEVADDR,
/* -l */ ARPT_INV_ARPHLN,
+/* 8 */ 0,
/* 4 */ ARPT_INV_ARPOP,
/* 5 */ ARPT_INV_ARPHRD,
/* 6 */ ARPT_INV_ARPPRO,
@@ -874,7 +876,7 @@
if (strlen(targetname)+1 > sizeof(arpt_chainlabel))
exit_error(PARAMETER_PROBLEM,
- "Invalid target name `%s' (%i chars max)",
+ "Invalid target name `%s' (%zu chars max)",
targetname, sizeof(arpt_chainlabel)-1);
for (ptr = targetname; *ptr; ptr++)
@@ -1062,7 +1064,7 @@
}
if (me->size != ARPT_ALIGN(me->size)) {
- fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
+ fprintf(stderr, "%s: match `%s' has invalid size %zu.\n",
program_name, me->name, me->size);
exit(1);
}
@@ -1092,7 +1094,7 @@
}
if (me->size != ARPT_ALIGN(me->size)) {
- fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
+ fprintf(stderr, "%s: target `%s' has invalid size %zu.\n",
program_name, me->name, me->size);
exit(1);
}
@@ -1116,17 +1118,17 @@
number = (number + 500) / 1000;
if (number > 9999) {
number = (number + 500) / 1000;
- printf(FMT("%4lluT ","%lluT "), number);
+ printf(FMT("%4"PRIu64"T ","%"PRIu64"T "), number);
}
- else printf(FMT("%4lluG ","%lluG "), number);
+ else printf(FMT("%4"PRIu64"G ","%"PRIu64"G "), number);
}
- else printf(FMT("%4lluM ","%lluM "), number);
+ else printf(FMT("%4"PRIu64"M ","%"PRIu64"M "), number);
} else
- printf(FMT("%4lluK ","%lluK "), number);
+ printf(FMT("%4"PRIu64"K ","%"PRIu64"K "), number);
} else
- printf(FMT("%5llu ","%llu "), number);
+ printf(FMT("%5"PRIu64" ","%"PRIu64" "), number);
} else
- printf(FMT("%8llu ","%llu "), number);
+ printf(FMT("%8"PRIu64" ","%"PRIu64" "), number);
}
@@ -1214,9 +1216,10 @@
{
struct arptables_target *target = NULL;
const struct arpt_entry_target *t;
- u_int8_t flags;
char buf[BUFSIZ];
int i;
+ char iface[IFNAMSIZ+2];
+ int print_iface = 0;
if (!arptc_is_chain(targname, handle))
target = find_target(targname, TRY_LOAD);
@@ -1224,7 +1227,6 @@
target = find_target(ARPT_STANDARD_TARGET, LOAD_MUST_SUCCEED);
t = arpt_get_target((struct arpt_entry *)fw);
- flags = fw->arp.flags;
if (format & FMT_LINENUMBERS)
printf("%u ", num+1);
@@ -1232,35 +1234,34 @@
if (!(format & FMT_NOTARGET) && targname[0] != '\0')
printf("-j %s ", targname);
- if (format & FMT_VIA) {
- char iface[IFNAMSIZ+2];
-
- if (fw->arp.invflags & ARPT_INV_VIA_IN) {
- iface[0] = '!';
- iface[1] = '\0';
- }
- else iface[0] = '\0';
+ iface[0] = '\0';
- if (fw->arp.iniface[0] != '\0') {
- strcat(iface, fw->arp.iniface);
- }
- else if (format & FMT_NUMERIC) strcat(iface, "*");
+ if (fw->arp.iniface[0] != '\0') {
+ strcat(iface, fw->arp.iniface);
+ print_iface = 1;
+ }
+ else if (format & FMT_VIA) {
+ print_iface = 1;
+ if (format & FMT_NUMERIC) strcat(iface, "*");
else strcat(iface, "any");
- printf("-i %s ", iface);
+ }
+ if (print_iface)
+ printf("%s-i %s ", fw->arp.invflags & ARPT_INV_VIA_IN ? "! ": "", iface);
- if (fw->arp.invflags & ARPT_INV_VIA_OUT) {
- iface[0] = '!';
- iface[1] = '\0';
- }
- else iface[0] = '\0';
+ print_iface = 0;
+ iface[0] = '\0';
- if (fw->arp.outiface[0] != '\0') {
- strcat(iface, fw->arp.outiface);
- }
- else if (format & FMT_NUMERIC) strcat(iface, "*");
+ if (fw->arp.outiface[0] != '\0') {
+ strcat(iface, fw->arp.outiface);
+ print_iface = 1;
+ }
+ else if (format & FMT_VIA) {
+ print_iface = 1;
+ if (format & FMT_NUMERIC) strcat(iface, "*");
else strcat(iface, "any");
- printf("-o %s ", iface);
}
+ if (print_iface)
+ printf("%s-o %s ", fw->arp.invflags & ARPT_INV_VIA_OUT ? "! " : "", iface);
if (fw->arp.smsk.s_addr != 0L) {
printf("%s", fw->arp.invflags & ARPT_INV_SRCIP
@@ -1370,7 +1371,7 @@
/* Print the target information. */
target->print(&fw->arp, t, format & FMT_NUMERIC);
} else if (t->u.target_size != sizeof(*t))
- printf("[%u bytes of unknown target data] ",
+ printf("[%zu bytes of unknown target data] ",
t->u.target_size - sizeof(*t));
if (!(format & FMT_NOCOUNTS)) {
@@ -2039,7 +2040,7 @@
check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_P_TYPE, &fw.arp.invflags,
invert);
- if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 10)) {
+ if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 0)) {
if (strcasecmp(argv[optind-1], "ipv4"))
exit_error(PARAMETER_PROBLEM, "Problem with specified protocol type");
fw.arp.arpro = htons(0x800);
@@ -2159,12 +2160,12 @@
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
- if (sscanf(pcnt, "%llu", &fw.counters.pcnt) != 1)
+ if (sscanf(pcnt, "%"PRIu64, &fw.counters.pcnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- if (sscanf(bcnt, "%llu", &fw.counters.bcnt) != 1)
+ if (sscanf(bcnt, "%"PRIu64, &fw.counters.bcnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/extensions/Makefile
^
|
@@ -1,6 +1,6 @@
#! /usr/bin/make
-EXT_FUNC+=standard mangle
+EXT_FUNC+=standard mangle CLASSIFY
EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/arpt_$(T).o)
extensions/ebt_%.o: extensions/arpt_%.c include/arptables.h include/arptables_common.h
|
[-]
[+]
|
Added |
arptables-v0.0.4.tar.xz/extensions/arpt_CLASSIFY.c
^
|
@@ -0,0 +1,121 @@
+/*
+ * (C) 2010 by Frederic Leroy <fredo@starox.org>
+ *
+ * arpt_classify.c -- arptables extension to classify arp packet
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <stdio.h>
+#include <getopt.h>
+#include <arptables.h>
+#include <linux/netfilter/xt_CLASSIFY.h>
+
+#define TC_H_MAJ_MASK (0xFFFF0000U)
+#define TC_H_MIN_MASK (0x0000FFFFU)
+#define TC_H_MAJ(h) ((h)&TC_H_MAJ_MASK)
+#define TC_H_MIN(h) ((h)&TC_H_MIN_MASK)
+#define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK))
+
+static void
+help(void)
+{
+ printf(
+"CLASSIFY target v%s options:\n"
+"--set-class major:minor : set the major and minor class value\n",
+ ARPTABLES_VERSION);
+}
+
+#define CLASSIFY_OPT 1
+
+static struct option opts[] = {
+ { "set-class" , required_argument, 0, CLASSIFY_OPT },
+ {0}
+};
+
+static void
+init(struct arpt_entry_target *t)
+{
+ struct xt_classify_target_info *classify = (struct xt_classify_target_info *) t->data;
+ classify->priority = 0;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+ const struct arpt_entry *e,
+ struct arpt_entry_target **t)
+{
+ struct xt_classify_target_info *classify = (struct xt_classify_target_info *)(*t)->data;
+ int i,j;
+
+ switch (c) {
+ case CLASSIFY_OPT:
+ if (sscanf(argv[optind-1], "%x:%x", &i, &j) != 2) {
+ exit_error(PARAMETER_PROBLEM,
+ "Bad class value `%s'", optarg);
+ return 0;
+ }
+ classify->priority = TC_H_MAKE(i<<16, j);
+ if (*flags)
+ exit_error(PARAMETER_PROBLEM,
+ "CLASSIFY: Can't specify --set-class twice");
+ *flags = 1;
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+static void final_check(unsigned int flags)
+{
+ if (!flags)
+ exit_error(PARAMETER_PROBLEM, "CLASSIFY: Parameter --set-class is required");
+}
+
+static void print(const struct arpt_arp *ip,
+ const struct arpt_entry_target *target, int numeric)
+{
+ struct xt_classify_target_info *t = (struct xt_classify_target_info *)(target->data);
+
+ printf("--set-class %x:%x ", TC_H_MAJ(t->priority)>>16, TC_H_MIN(t->priority));
+}
+
+static void
+save(const struct arpt_arp *ip, const struct arpt_entry_target *target)
+{
+}
+
+static
+struct arptables_target classify
+= { NULL,
+ "CLASSIFY",
+ ARPTABLES_VERSION,
+ ARPT_ALIGN(sizeof(struct xt_classify_target_info)),
+ ARPT_ALIGN(sizeof(struct xt_classify_target_info)),
+ &help,
+ &init,
+ &parse,
+ &final_check,
+ &print,
+ &save,
+ opts
+};
+
+static void _init(void) __attribute__ ((constructor));
+static void _init(void)
+{
+ register_target(&classify);
+}
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/libarptc/libarptc.c
^
|
@@ -15,6 +15,7 @@
#include <string.h>
#include <errno.h>
#include <stdlib.h>
+#include <inttypes.h>
#include <stdio.h>
#include <unistd.h>
@@ -132,7 +133,7 @@
printf("%c", e->arp.outiface_mask[i] ? 'X' : '.');
printf("Flags: %02X\n", e->arp.flags);
printf("Invflags: %02X\n", e->arp.invflags);
- printf("Counters: %llu packets, %llu bytes\n",
+ printf("Counters: %"PRIu64" packets, %"PRIu64" bytes\n",
e->counters.pcnt, e->counters.bcnt);
/*
printf("Cache: %08X ", e->nfcache);
@@ -159,7 +160,8 @@
t = GET_TARGET(e);
printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) {
- int pos = *(int *)t->data;
+ const unsigned char *data = t->data;
+ const int pos = *(const int *)data;
if (pos < 0)
printf("verdict=%s\n",
pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
|
[-]
[+]
|
Changed |
arptables-v0.0.4.tar.xz/libarptc/libarptc_incl.c
^
|
@@ -1,4 +1,4 @@
-/* Library which manipulates firewall rules. Version $Revision: 1.6 $ */
+/* Library which manipulates firewall rules. Version $Revision: 1.7 $ */
/* Architecture of firewall rules is as follows:
*
@@ -121,7 +121,7 @@
if (ENTRY_ITERATE(h->entries.entrytable, h->entries.size,
get_number, seek, &pos) == 0) {
- fprintf(stderr, "ERROR: offset %i not an entry!\n",
+ fprintf(stderr, "ERROR: offset %zu not an entry!\n",
(char *)seek - (char *)h->entries.entrytable);
abort();
}
@@ -581,6 +581,7 @@
target_name(TC_HANDLE_T handle, const STRUCT_ENTRY *ce)
{
int spos;
+ const unsigned char *data;
unsigned int labelidx;
STRUCT_ENTRY *jumpto;
@@ -591,7 +592,8 @@
return GET_TARGET(e)->u.user.name;
/* Standard target: evaluate */
- spos = *(int *)GET_TARGET(e)->data;
+ data = GET_TARGET(e)->data;
+ spos = *(const int *)data;
if (spos < 0) {
if (spos == RETURN)
return LABEL_RETURN;
@@ -1246,7 +1248,6 @@
unsigned int rulenum,
TC_HANDLE_T *handle)
{
- STRUCT_ENTRY *e;
struct chain_cache *c;
unsigned int chainindex, end;
@@ -1266,8 +1267,6 @@
return 0;
}
- e = index2entry(*handle, chainindex + rulenum);
-
if ((*handle)->counter_map[chainindex + rulenum].maptype
== COUNTER_MAP_NORMAL_MAP) {
(*handle)->counter_map[chainindex + rulenum].maptype
|