summaryrefslogtreecommitdiff
path: root/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
diff options
context:
space:
mode:
Diffstat (limited to 'linux-2.6.10/net/bridge/netfilter/ebt_vlan.c')
-rwxr-xr-xlinux-2.6.10/net/bridge/netfilter/ebt_vlan.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c b/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
index 38346f0d1b..5c53789ae0 100755
--- a/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
+++ b/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
@@ -57,6 +57,7 @@ ebt_filter_vlan(const struct sk_buff *skb,
unsigned short id; /* VLAN ID, given from frame TCI */
unsigned char prio; /* user_priority, given from frame TCI */
unsigned char tos; /* IP TOS */
+ unsigned char ip_proto; /* IP protocol */
/* VLAN encapsulated Type/Length field, given from orig frame */
unsigned short encap;
@@ -77,9 +78,15 @@ ebt_filter_vlan(const struct sk_buff *skb,
encap = fp->h_vlan_encapsulated_proto;
ip = skb_header_pointer (skb, sizeof(_frame), sizeof(_iphdr), &_iphdr);
if(ip != NULL)
+ {
tos = ip->tos;
+ ip_proto = ip->protocol;
+ }
else
+ {
tos = 0;
+ ip_proto = 0;
+ }
/* Checking VLAN Identifier (VID) */
if (GET_BITMASK(EBT_VLAN_ID))
@@ -97,6 +104,9 @@ ebt_filter_vlan(const struct sk_buff *skb,
if (GET_BITMASK(EBT_VLAN_TOS) && (ip != NULL))
EXIT_ON_MISMATCH(tos, EBT_VLAN_TOS);
+ if (GET_BITMASK(EBT_VLAN_IP_PROTO) && (ip != NULL))
+ EXIT_ON_MISMATCH(ip_proto, EBT_VLAN_IP_PROTO);
+
return EBT_MATCH;
}
@@ -187,12 +197,16 @@ ebt_check_vlan(const char *tablename,
("encap must be IP type (0x0800)\n");
return -EINVAL;
}
+ }
- if ((unsigned char) info->encap > 255) {
+ /* Check for IP protocol range */
+ if (GET_BITMASK(EBT_VLAN_IP_PROTO)) {
+ if (!GET_BITMASK(EBT_VLAN_ENCAP) || ((unsigned short) ntohs(info->encap) != 0x0800)) {
DEBUG_MSG
- ("TOS value must be less than 256\n");
+ ("encap must be IP type (0x0800)\n");
return -EINVAL;
- }
+ }
+
}