summaryrefslogtreecommitdiff
path: root/linux-2.6.10
diff options
context:
space:
mode:
Diffstat (limited to 'linux-2.6.10')
-rw-r--r--linux-2.6.10/include/linux/netfilter_bridge/ebt_vlan.h25
-rwxr-xr-xlinux-2.6.10/net/bridge/netfilter/ebt_vlan.c20
2 files changed, 31 insertions, 14 deletions
diff --git a/linux-2.6.10/include/linux/netfilter_bridge/ebt_vlan.h b/linux-2.6.10/include/linux/netfilter_bridge/ebt_vlan.h
index 52aa56b2f0..5a2d0fc06a 100644
--- a/linux-2.6.10/include/linux/netfilter_bridge/ebt_vlan.h
+++ b/linux-2.6.10/include/linux/netfilter_bridge/ebt_vlan.h
@@ -1,21 +1,24 @@
#ifndef __LINUX_BRIDGE_EBT_VLAN_H
#define __LINUX_BRIDGE_EBT_VLAN_H
-#define EBT_VLAN_ID 0x01
-#define EBT_VLAN_PRIO 0x02
-#define EBT_VLAN_ENCAP 0x04
-#define EBT_VLAN_TOS 0x08
-#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP | EBT_VLAN_TOS)
+#define EBT_VLAN_ID 0x01
+#define EBT_VLAN_PRIO 0x02
+#define EBT_VLAN_ENCAP 0x04
+#define EBT_VLAN_TOS 0x08
+#define EBT_VLAN_IP_PROTO 0x10
+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP | EBT_VLAN_TOS | EBT_VLAN_IP_PROTO)
#define EBT_VLAN_MATCH "vlan"
struct ebt_vlan_info {
- uint16_t id; /* VLAN ID {1-4095} */
- uint8_t prio; /* VLAN User Priority {0-7} */
- uint16_t encap; /* VLAN Encapsulated frame code {0-65535} */
- uint8_t tos; /* VLAN IP tos {0-255} */
- uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg,
+ uint16_t id; /* VLAN ID {1-4095} */
+ uint8_t prio; /* VLAN User Priority {0-7} */
+ uint16_t encap; /* VLAN Encapsulated frame code {0-65535} */
+
+ uint8_t tos; /* VLAN IP tos {0-255} */
+ uint8_t ip_proto; /* VLAN IP proto {0-255} */
+ uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg,
bit 2=1 User-Priority arg, bit 3=1 encap*/
- uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
+ uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
bit 2=1 - inversed Pirority arg */
};
diff --git a/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c b/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
index 38346f0d1b..5c53789ae0 100755
--- a/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
+++ b/linux-2.6.10/net/bridge/netfilter/ebt_vlan.c
@@ -57,6 +57,7 @@ ebt_filter_vlan(const struct sk_buff *skb,
unsigned short id; /* VLAN ID, given from frame TCI */
unsigned char prio; /* user_priority, given from frame TCI */
unsigned char tos; /* IP TOS */
+ unsigned char ip_proto; /* IP protocol */
/* VLAN encapsulated Type/Length field, given from orig frame */
unsigned short encap;
@@ -77,9 +78,15 @@ ebt_filter_vlan(const struct sk_buff *skb,
encap = fp->h_vlan_encapsulated_proto;
ip = skb_header_pointer (skb, sizeof(_frame), sizeof(_iphdr), &_iphdr);
if(ip != NULL)
+ {
tos = ip->tos;
+ ip_proto = ip->protocol;
+ }
else
+ {
tos = 0;
+ ip_proto = 0;
+ }
/* Checking VLAN Identifier (VID) */
if (GET_BITMASK(EBT_VLAN_ID))
@@ -97,6 +104,9 @@ ebt_filter_vlan(const struct sk_buff *skb,
if (GET_BITMASK(EBT_VLAN_TOS) && (ip != NULL))
EXIT_ON_MISMATCH(tos, EBT_VLAN_TOS);
+ if (GET_BITMASK(EBT_VLAN_IP_PROTO) && (ip != NULL))
+ EXIT_ON_MISMATCH(ip_proto, EBT_VLAN_IP_PROTO);
+
return EBT_MATCH;
}
@@ -187,12 +197,16 @@ ebt_check_vlan(const char *tablename,
("encap must be IP type (0x0800)\n");
return -EINVAL;
}
+ }
- if ((unsigned char) info->encap > 255) {
+ /* Check for IP protocol range */
+ if (GET_BITMASK(EBT_VLAN_IP_PROTO)) {
+ if (!GET_BITMASK(EBT_VLAN_ENCAP) || ((unsigned short) ntohs(info->encap) != 0x0800)) {
DEBUG_MSG
- ("TOS value must be less than 256\n");
+ ("encap must be IP type (0x0800)\n");
return -EINVAL;
- }
+ }
+
}