summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ebtables.819
-rw-r--r--extensions/ebt_mark.c74
2 files changed, 79 insertions, 14 deletions
diff --git a/ebtables.8 b/ebtables.8
index 8e72289..f4f6f00 100644
--- a/ebtables.8
+++ b/ebtables.8
@@ -1,4 +1,4 @@
-.TH EBTABLES 8 "November 13, 2005"
+.TH EBTABLES 8 "September 04, 2006"
.\"
.\" Man page written by Bart De Schuymer <bdschuym@pandora.be>
.\" It is based on the iptables man page.
@@ -24,7 +24,7 @@
.\"
.\"
.SH NAME
-ebtables (v.2.0.8-rc1) \- Ethernet bridge frame table administration
+ebtables (v.2.0.8-rc3) \- Ethernet bridge frame table administration
.SH SYNOPSIS
.BR "ebtables " [ -t " table ] " - [ ACDI "] chain rule specification [match extensions] [watcher extensions] target"
.br
@@ -924,6 +924,21 @@ same place. This allows for a form of communication between ebtables and iptable
Mark the frame with the specified non-negative
.IR value .
.TP
+.BR "--mark-or " "\fIvalue\fP"
+.br
+Or the frame with the specified non-negative
+.IR value .
+.TP
+.BR "--mark-and " "\fIvalue\fP"
+.br
+And the frame with the specified non-negative
+.IR value .
+.TP
+.BR "--mark-xor " "\fIvalue\fP"
+.br
+Xor the frame with the specified non-negative
+.IR value .
+.TP
.BR "--mark-target " "\fItarget\fP"
.br
Specifies the standard target. After marking the frame, the rule
diff --git a/extensions/ebt_mark.c b/extensions/ebt_mark.c
index c7c79aa..e773def 100644
--- a/extensions/ebt_mark.c
+++ b/extensions/ebt_mark.c
@@ -3,7 +3,7 @@
* Authors:
* Bart De Schuymer <bdschuym@pandora.be>
*
- * July, 2002
+ * July, 2002, September 2006
*/
#include <stdio.h>
@@ -17,6 +17,9 @@ static int mark_supplied;
#define MARK_TARGET '1'
#define MARK_SETMARK '2'
+#define MARK_ORMARK '3'
+#define MARK_ANDMARK '4'
+#define MARK_XORMARK '5'
static struct option opts[] =
{
{ "mark-target" , required_argument, 0, MARK_TARGET },
@@ -24,6 +27,9 @@ static struct option opts[] =
* <extension-name>-<option> */
{ "set-mark" , required_argument, 0, MARK_SETMARK },
{ "mark-set" , required_argument, 0, MARK_SETMARK },
+ { "mark-or" , required_argument, 0, MARK_ORMARK },
+ { "mark-and" , required_argument, 0, MARK_ANDMARK },
+ { "mark-xor" , required_argument, 0, MARK_XORMARK },
{ 0 }
};
@@ -32,6 +38,9 @@ static void print_help()
printf(
"mark target options:\n"
" --mark-set value : Set nfmark value\n"
+ " --mark-or value : Or nfmark with value (nfmark |= value)\n"
+ " --mark-and value : And nfmark with value (nfmark &= value)\n"
+ " --mark-xor value : Xor nfmark with value (nfmark ^= value)\n"
" --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n");
}
@@ -47,6 +56,9 @@ static void init(struct ebt_entry_target *target)
#define OPT_MARK_TARGET 0x01
#define OPT_MARK_SETMARK 0x02
+#define OPT_MARK_ORMARK 0x04
+#define OPT_MARK_ANDMARK 0x08
+#define OPT_MARK_XORMARK 0x10
static int parse(int c, char **argv, int argc,
const struct ebt_u_entry *entry, unsigned int *flags,
struct ebt_entry_target **target)
@@ -57,20 +69,45 @@ static int parse(int c, char **argv, int argc,
switch (c) {
case MARK_TARGET:
+ { int tmp;
ebt_check_option2(flags, OPT_MARK_TARGET);
- if (FILL_TARGET(optarg, markinfo->target))
+ if (FILL_TARGET(optarg, tmp))
ebt_print_error2("Illegal --mark-target target");
- break;
+ /* the 4 lsb are left to designate the target */
+ markinfo->target = (markinfo->target & -16) | (tmp & ~-16);
+ }
+ return 1;
case MARK_SETMARK:
ebt_check_option2(flags, OPT_MARK_SETMARK);
- markinfo->mark = strtoul(optarg, &end, 0);
- if (*end != '\0' || end == optarg)
- ebt_print_error2("Bad MARK value '%s'", optarg);
- mark_supplied = 1;
+ if (*flags & (OPT_MARK_ORMARK|OPT_MARK_ANDMARK|OPT_MARK_XORMARK))
+ ebt_print_error2("--mark-set cannot be used together with specific --mark option");
+ break;
+ case MARK_ORMARK:
+ ebt_check_option2(flags, OPT_MARK_ORMARK);
+ if (*flags & (OPT_MARK_SETMARK|OPT_MARK_ANDMARK|OPT_MARK_XORMARK))
+ ebt_print_error2("--mark-or cannot be used together with specific --mark option");
+ markinfo->target = (markinfo->target & ~-16) | MARK_OR_VALUE;
+ break;
+ case MARK_ANDMARK:
+ ebt_check_option2(flags, OPT_MARK_ANDMARK);
+ if (*flags & (OPT_MARK_SETMARK|OPT_MARK_ORMARK|OPT_MARK_XORMARK))
+ ebt_print_error2("--mark-and cannot be used together with specific --mark option");
+ markinfo->target = (markinfo->target & ~-16) | MARK_AND_VALUE;
+ break;
+ case MARK_XORMARK:
+ ebt_check_option2(flags, OPT_MARK_XORMARK);
+ if (*flags & (OPT_MARK_SETMARK|OPT_MARK_ANDMARK|OPT_MARK_ORMARK))
+ ebt_print_error2("--mark-xor cannot be used together with specific --mark option");
+ markinfo->target = (markinfo->target & ~-16) | MARK_XOR_VALUE;
break;
default:
return 0;
}
+ /* mutual code */
+ markinfo->mark = strtoul(optarg, &end, 0);
+ if (*end != '\0' || end == optarg)
+ ebt_print_error2("Bad MARK value '%s'", optarg);
+ mark_supplied = 1;
return 1;
}
@@ -83,7 +120,7 @@ static void final_check(const struct ebt_u_entry *entry,
if (time == 0 && mark_supplied == 0) {
ebt_print_error("No mark value supplied");
- } else if (BASE_CHAIN && markinfo->target == EBT_RETURN)
+ } else if (BASE_CHAIN && (markinfo->target|-16) == EBT_RETURN)
ebt_print_error("--mark-target RETURN not allowed on base chain");
}
@@ -92,11 +129,24 @@ static void print(const struct ebt_u_entry *entry,
{
struct ebt_mark_t_info *markinfo =
(struct ebt_mark_t_info *)target->data;
-
- printf("--mark-set 0x%lx", markinfo->mark);
- if (markinfo->target == EBT_ACCEPT)
+ int tmp;
+
+ tmp = markinfo->target & -16;
+ if (tmp == MARK_SET_VALUE)
+ printf("--mark-set");
+ else if (tmp == MARK_OR_VALUE)
+ printf("--mark-or");
+ else if (tmp == MARK_XOR_VALUE)
+ printf("--mark-xor");
+ else if (tmp == MARK_AND_VALUE)
+ printf("--mark-and");
+ else
+ ebt_print_error("oops, unknown mark action, try a later version of ebtables");
+ printf(" 0x%lx", markinfo->mark);
+ tmp = markinfo->target | -16;
+ if (tmp == EBT_ACCEPT)
return;
- printf(" --mark-target %s", TARGET_NAME(markinfo->target));
+ printf(" --mark-target %s", TARGET_NAME(tmp));
}
static int compare(const struct ebt_entry_target *t1,