This patch adds SCTP/DCCP support to ebt_ip.c and ebt_log.c. The
ebt_ipt.c change needs a userspace change as well, this is the
second attached patch.
[EBTABLES]: Handle SCTP/DCCP in ebt_{ip,log}
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
---
commit bc13e9b0813539b43158bb701204ca018e15d5d4
tree ef1b274b24077af0f61444ef88f7e7f3b8b945ef
parent c4c7a043c4d51c24124e1555f0f5b3c33fb5c7c4
author Patrick McHardy <[EMAIL PROTECTED]> Thu, 12 Jan 2006 06:44:33 +0100
committer Patrick McHardy <[EMAIL PROTECTED]> Thu, 12 Jan 2006 06:44:33 +0100
net/bridge/netfilter/ebt_ip.c | 4 +++-
net/bridge/netfilter/ebt_log.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index f158fe6..dc5d0b2 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -92,7 +92,9 @@ static int ebt_ip_check(const char *tabl
if (info->invflags & EBT_IP_PROTO)
return -EINVAL;
if (info->protocol != IPPROTO_TCP &&
- info->protocol != IPPROTO_UDP)
+ info->protocol != IPPROTO_UDP &&
+ info->protocol != IPPROTO_SCTP &&
+ info->protocol != IPPROTO_DCCP)
return -EINVAL;
}
if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 9f6e019..349bc6a 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -94,7 +94,9 @@ ebt_log_packet(unsigned int pf, unsigned
"tos=0x%02X, IP proto=%d", NIPQUAD(ih->saddr),
NIPQUAD(ih->daddr), ih->tos, ih->protocol);
if (ih->protocol == IPPROTO_TCP ||
- ih->protocol == IPPROTO_UDP) {
+ ih->protocol == IPPROTO_UDP ||
+ ih->protocol == IPPROTO_SCTP ||
+ ih->protocol == IPPROTO_DCCP) {
struct tcpudphdr _ports, *pptr;
pptr = skb_header_pointer(skb, ih->ihl*4,
# Add SCTP/DCCP support to ebt_ip to allow matching on port numbers
#
#
Index: userspace/ebtables2/extensions/ebt_ip.c
===================================================================
RCS file: /cvsroot/ebtables/ebtables2/userspace/ebtables2/extensions/ebt_ip.c,v
retrieving revision 1.24
diff -u -r1.24 ebt_ip.c
--- userspace/ebtables2/extensions/ebt_ip.c 8 Feb 2005 20:02:36 -0000 1.24
+++ userspace/ebtables2/extensions/ebt_ip.c 8 Jan 2006 21:02:53 -0000
@@ -217,9 +217,12 @@
(!(ipinfo->bitmask & EBT_IP_PROTO) ||
ipinfo->invflags & EBT_IP_PROTO ||
(ipinfo->protocol!=IPPROTO_TCP &&
- ipinfo->protocol!=IPPROTO_UDP)))
+ ipinfo->protocol!=IPPROTO_UDP &&
+ ipinfo->protocol!=IPPROTO_SCTP &&
+ ipinfo->protocol!=IPPROTO_DCCP)))
ebt_print_error("For port filtering the IP protocol must be "
- "either 6 (tcp) or 17 (udp)");
+ "either 6 (tcp), 17 (udp), 33 (dccp) or "
+ "132 (sctp) ");
}
static void print(const struct ebt_u_entry *entry,
Index: userspace/ebtables2/include/ebtables_u.h
===================================================================
RCS file: /cvsroot/ebtables/ebtables2/userspace/ebtables2/include/ebtables_u.h,v
retrieving revision 1.38
diff -u -r1.38 ebtables_u.h
--- userspace/ebtables2/include/ebtables_u.h 2 Oct 2005 12:10:07 -0000 1.38
+++ userspace/ebtables2/include/ebtables_u.h 8 Jan 2006 21:02:55 -0000
@@ -26,6 +26,13 @@
#include <netinet/in.h>
#include <linux/netfilter_bridge/ebtables.h>
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
+
#define EXEC_STYLE_PRG 0
#define EXEC_STYLE_DAEMON 1
