Merge "ebtables: Android makefiles to build ebtables on Android"HEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004-rc2replicant-6.0-0004-rc1replicant-6.0-0004replicant-6.0-0003replicant-6.0-0002replicant-6.0-0001staging/cm-12.1staging/cm-12.0-cafstable/cm-13.0-ZNH5Ystable/cm-13.0-ZNH2KBstable/cm-13.0-ZNH2Kstable/cm-13.0-ZNH0Estable/cm-12.1-YOG7Dstable/cm-12.1-YOG4Pstable/cm-12.1-YOG3Cstable/cm-12.0-YNG4Nstable/cm-12.0-YNG3Cstable/cm-12.0-YNG1TAstable/cm-12.0-YNG1Tstable/cm-12.0-YNG1Icm-13.0cm-12.1cm-12.0

15 files changed, 294 insertions, 2 deletions

diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..02b9bee
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,6 @@
+#Avoid building ebtables for emulator
+ifeq ($(call is-vendor-board-platform,QCOM),true)
+    include $(call all-subdir-makefiles)
+else
+    $(info "ebtables is disabled on this build")
+endif
diff --git a/kernel/linux/include/linux/netfilter_bridge.h b/kernel/linux/include/linux/netfilter_bridge.h
index 3c271c6..4c2a5aa 100644
--- a/kernel/linux/include/linux/netfilter_bridge.h
+++ b/kernel/linux/include/linux/netfilter_bridge.h
@@ -6,6 +6,7 @@
 
 #include <linux/config.h>
 #include <linux/netfilter.h>
+#include  <limits.h>
 
 /* Bridge Hooks */
 /* After promisc drops, checksum checks. */
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h b/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h
index 537ec6b..91ae858 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h
@@ -8,8 +8,9 @@
 #define EBT_ARP_DST_IP 0x10
 #define EBT_ARP_SRC_MAC 0x20
 #define EBT_ARP_DST_MAC 0x40
+#define EBT_ARP_GRAT 0x80
 #define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
-   EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)
+   EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | EBT_ARP_GRAT)
 #define EBT_ARP_MATCH "arp"
 
 struct ebt_arp_info
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h b/kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h
new file mode 100644
index 0000000..42b8896
--- /dev/null
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h
@@ -0,0 +1,50 @@
+/*
+ *  ebt_ip6
+ *
+ *	Authors:
+ * Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
+ * Manohar Castelino <manohar.r.castelino@intel.com>
+ *
+ *  Jan 11, 2008
+ *
+ */
+
+#ifndef __LINUX_BRIDGE_EBT_IP6_H
+#define __LINUX_BRIDGE_EBT_IP6_H
+
+#include <linux/types.h>
+
+#define EBT_IP6_SOURCE 0x01
+#define EBT_IP6_DEST 0x02
+#define EBT_IP6_TCLASS 0x04
+#define EBT_IP6_PROTO 0x08
+#define EBT_IP6_SPORT 0x10
+#define EBT_IP6_DPORT 0x20
+#define EBT_IP6_ICMP6 0x40
+
+#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\
+		      EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \
+		      EBT_IP6_ICMP6)
+#define EBT_IP6_MATCH "ip6"
+
+/* the same values are used for the invflags */
+struct ebt_ip6_info {
+	struct in6_addr saddr;
+	struct in6_addr daddr;
+	struct in6_addr smsk;
+	struct in6_addr dmsk;
+	__u8  tclass;
+	__u8  protocol;
+	__u8  bitmask;
+	__u8  invflags;
+	union {
+		__u16 sport[2];
+		__u8 icmpv6_type[2];
+	};
+	union {
+		__u16 dport[2];
+		__u8 icmpv6_code[2];
+	};
+};
+
+#endif
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_log.h b/kernel/linux/include/linux/netfilter_bridge/ebt_log.h
index d3e7377..0dee3f3 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebt_log.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_log.h
@@ -3,7 +3,9 @@
 
 #define EBT_LOG_IP 0x01 // if the frame is made by ip, log the ip information
 #define EBT_LOG_ARP 0x02
-#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP)
+#define EBT_LOG_NFLOG 0x04
+#define EBT_LOG_IP6 0x0
+#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6)
 #define EBT_LOG_PREFIX_SIZE 30
 #define EBT_LOG_WATCHER "log"
 
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h
index 301524f..c057abf 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h
@@ -1,6 +1,8 @@
 #ifndef __LINUX_BRIDGE_EBT_MARK_M_H
 #define __LINUX_BRIDGE_EBT_MARK_M_H
 
+#include <linux/types.h>
+
 #define EBT_MARK_AND 0x01
 #define EBT_MARK_OR 0x02
 #define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h
index f84d2ad..8cb5764 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h
@@ -1,6 +1,18 @@
 #ifndef __LINUX_BRIDGE_EBT_MARK_T_H
 #define __LINUX_BRIDGE_EBT_MARK_T_H
 
+/* The target member is reused for adding new actions, the
+ * value of the real target is -1 to -NUM_STANDARD_TARGETS.
+ * For backward compatibility, the 4 lsb (2 would be enough,
+ * but let's play it safe) are kept to designate this target.
+ * The remaining bits designate the action. By making the set
+ * action 0xfffffff0, the result will look ok for older
+ * versions. [September 2006] */
+#define MARK_SET_VALUE (0xfffffff0)
+#define MARK_OR_VALUE  (0xffffffe0)
+#define MARK_AND_VALUE (0xffffffd0)
+#define MARK_XOR_VALUE (0xffffffc0)
+
 struct ebt_mark_t_info
 {
 	unsigned long mark;
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h b/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h
index eac1871..879377f 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h
@@ -1,6 +1,8 @@
 #ifndef __LINUX_BRIDGE_EBT_NAT_H
 #define __LINUX_BRIDGE_EBT_NAT_H
 
+#define NAT_ARP_BIT  (0x00000010)
+
 struct ebt_nat_info
 {
 	unsigned char mac[ETH_ALEN];
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h b/kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h
new file mode 100644
index 0000000..df829fc
--- /dev/null
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h
@@ -0,0 +1,23 @@
+#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
+#define __LINUX_BRIDGE_EBT_NFLOG_H
+
+#include <linux/types.h>
+
+#define EBT_NFLOG_MASK 0x0
+
+#define EBT_NFLOG_PREFIX_SIZE 64
+#define EBT_NFLOG_WATCHER "nflog"
+
+#define EBT_NFLOG_DEFAULT_GROUP		0x1
+#define EBT_NFLOG_DEFAULT_THRESHOLD	1
+
+struct ebt_nflog_info {
+	__u32 len;
+	__u16 group;
+	__u16 threshold;
+	__u16 flags;
+	__u16 pad;
+	char prefix[EBT_NFLOG_PREFIX_SIZE];
+};
+
+#endif				/* __LINUX_BRIDGE_EBT_NFLOG_H */
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h b/kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h
new file mode 100644
index 0000000..89a6bec
--- /dev/null
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h
@@ -0,0 +1,38 @@
+#ifndef _EBT_ULOG_H
+#define _EBT_ULOG_H
+
+#include <linux/types.h>
+
+#define EBT_ULOG_DEFAULT_NLGROUP 0
+#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
+#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
+#define EBT_ULOG_PREFIX_LEN 32
+#define EBT_ULOG_MAX_QLEN 50
+#define EBT_ULOG_WATCHER "ulog"
+#define EBT_ULOG_VERSION 1
+
+struct ebt_ulog_info {
+	__u32 nlgroup;
+	unsigned int cprange;
+	unsigned int qthreshold;
+	char prefix[EBT_ULOG_PREFIX_LEN];
+};
+
+typedef struct ebt_ulog_packet_msg {
+	int version;
+	char indev[IFNAMSIZ];
+	char outdev[IFNAMSIZ];
+	char physindev[IFNAMSIZ];
+	char physoutdev[IFNAMSIZ];
+	char prefix[EBT_ULOG_PREFIX_LEN];
+	struct timeval stamp;
+	unsigned long mark;
+	unsigned int hook;
+	size_t data_len;
+	/* The complete packet, including Ethernet header and perhaps
+	 * the VLAN header is appended */
+	unsigned char data[0] __attribute__
+	                      ((aligned (__alignof__(struct ebt_ulog_info))));
+} ebt_ulog_packet_msg_t;
+
+#endif /* _EBT_ULOG_H */
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebtables.h b/kernel/linux/include/linux/netfilter_bridge/ebtables.h
index 81543a8..e4a5690 100644
--- a/kernel/linux/include/linux/netfilter_bridge/ebtables.h
+++ b/kernel/linux/include/linux/netfilter_bridge/ebtables.h
@@ -26,6 +26,10 @@
 #define EBT_CONTINUE -3
 #define EBT_RETURN   -4
 #define NUM_STANDARD_TARGETS   4
+/* ebtables target modules store the verdict inside an int. We can
+ * reclaim a part of this int for backwards compatible extensions.
+ * The 4 lsb are more than enough to store the verdict. */
+#define EBT_VERDICT_BITS 0x0000000F
 
 struct ebt_counter
 {
diff --git a/userspace/Android.mk b/userspace/Android.mk
new file mode 100644
index 0000000..5053e7d
--- /dev/null
+++ b/userspace/Android.mk
@@ -0,0 +1 @@
+include $(call all-subdir-makefiles)
diff --git a/userspace/ebtables2/Android.mk b/userspace/ebtables2/Android.mk
new file mode 100644
index 0000000..59b07b3
--- /dev/null
+++ b/userspace/ebtables2/Android.mk
@@ -0,0 +1,141 @@
+# BUILD libebtc.so
+
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := getethertype.c
+LOCAL_SRC_FILES += communication.c
+LOCAL_SRC_FILES += libebtc.c
+LOCAL_SRC_FILES += useful_functions.c
+LOCAL_SRC_FILES += ebtables.c
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
+LOCAL_C_INCLUDES += $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include
+LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr
+
+LOCAL_CFLAGS += -DPROGNAME=\"ebtables\" \
+        -DPROGVERSION=\"2.0.10\" \
+        -DPROGDATE=\"December\ 2011\" \
+        -D__THROW=
+
+LOCAL_CFLAGS += -O2 -g -Wno-ignored-qualifiers
+LOCAL_CFLAGS += -Wno-sign-compare \
+                -Wno-missing-field-initializers \
+                -Wno-pointer-arith
+
+LOCAL_MODULE := libebtc
+
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SHARED_LIBRARY)
+
+# sources and intermediate files are separated
+
+c_includes := $(LOCAL_PATH)/include
+c_includes += $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include
+local_additional_dependencies := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr
+
+cflags := -O2 -g \
+        -DPROGNAME=\"ebtables\" \
+        -DPROGVERSION=\"2.0.10\" \
+        -DPROGDATE=\"December\ 2011\" \
+        -Wno-sign-compare -Wno-missing-field-initializers \
+        -Wno-ignored-qualifiers
+
+extensions_src_files := \
+        extensions/ebt_802_3.c \
+        extensions/ebt_among.c \
+        extensions/ebt_arp.c \
+        extensions/ebt_arpreply.c \
+        extensions/ebt_ip.c \
+        extensions/ebt_ip6.c \
+        extensions/ebt_limit.c \
+        extensions/ebt_log.c \
+        extensions/ebt_mark.c \
+        extensions/ebt_mark_m.c \
+        extensions/ebt_nat.c \
+        extensions/ebt_nflog.c \
+        extensions/ebt_pkttype.c \
+        extensions/ebt_redirect.c \
+        extensions/ebt_standard.c \
+        extensions/ebt_stp.c \
+        extensions/ebt_ulog.c \
+        extensions/ebt_vlan.c \
+        extensions/ebtable_broute.c \
+        extensions/ebtable_filter.c \
+        extensions/ebtable_nat.c
+
+ld_flags := -nostartfiles
+shared_libs := libebtc
+module_tags := eng
+
+$(foreach file,$(extensions_src_files), \
+    $(eval include $(CLEAR_VARS)) \
+    $(eval LOCAL_C_INCLUDES := $(c_includes)) \
+    $(eval LOCAL_ADDITIONAL_DEPENDENCIES := $(local_additional_dependencies)) \
+    $(eval LOCAL_SRC_FILES := $(file)) \
+    $(eval tmp_file := $(notdir $(file:%.c=%))) \
+    $(eval tmp_file := $(addprefix lib, $(tmp_file))) \
+    $(eval LOCAL_MODULE := $(tmp_file)) \
+    $(eval LOCAL_MODULE_TAGS := $(module_tags)) \
+    $(eval LOCAL_LDFLAGS := $(ld_flags)) \
+    $(eval LOCAL_CFLAGS := $(cflags)) \
+    $(eval LOCAL_SHARED_LIBRARIES := $(shared_libs)) \
+    $(eval include $(BUILD_SHARED_LIBRARY)) \
+)
+
+
+###############################
+include $(CLEAR_VARS)
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
+LOCAL_C_INCLUDES += $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include
+LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr
+
+LOCAL_CFLAGS += -DPROGNAME=\"ebtables\" \
+        -DPROGVERSION=\"2.0.10\" \
+        -DPROGDATE=\"December\ 2011\"
+
+LOCAL_SRC_FILES := ebtables-standalone.c
+
+LOCAL_SHARED_LIBRARIES += \
+        libebtc \
+        libebt_802_3 \
+        libebt_among \
+        libebt_arp \
+        libebt_arpreply \
+        libebt_ip \
+        libebt_ip6 \
+        libebt_limit \
+        libebt_log \
+        libebt_mark \
+        libebt_mark_m \
+        libebt_nat \
+        libebt_nflog \
+        libebt_pkttype \
+        libebt_redirect \
+        libebt_standard \
+        libebt_stp \
+        libebt_ulog \
+        libebt_vlan \
+        libebtable_broute \
+        libebtable_filter \
+        libebtable_nat
+
+LOCAL_MODULE := ebtables
+
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_EXECUTABLE)
+
+
+#######dss_test_104##########
+include $(CLEAR_VARS)
+LOCAL_MODULE:= ethertypes
+LOCAL_MODULE_CLASS := EXECUTABLES
+LOCAL_SRC_FILES := ethertypes
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
+include $(BUILD_PREBUILT)
+
diff --git a/userspace/ebtables2/include/ebtables_u.h b/userspace/ebtables2/include/ebtables_u.h
index ab615c1..07dae8e 100644
--- a/userspace/ebtables2/include/ebtables_u.h
+++ b/userspace/ebtables2/include/ebtables_u.h
@@ -24,7 +24,14 @@
 #ifndef EBTABLES_U_H
 #define EBTABLES_U_H
 #include <netinet/in.h>
+
+#ifdef __ANDROID_API__
+#pragma message "Found __ANDRIOD_API__, #undef __unused"
+#undef __unused
+#include <ebtables.h>
+#else
 #include <linux/netfilter_bridge/ebtables.h>
+#endif
 #include <linux/netfilter/x_tables.h>
 
 #ifndef IPPROTO_SCTP
diff --git a/userspace/ebtables2/include/ethernetdb.h b/userspace/ebtables2/include/ethernetdb.h
index 46d8bfd..22b6f7f 100644
--- a/userspace/ebtables2/include/ethernetdb.h
+++ b/userspace/ebtables2/include/ethernetdb.h
@@ -30,6 +30,8 @@
 #define	_PATH_ETHERTYPES	"/etc/ethertypes"
 #endif				/* _PATH_ETHERTYPES */
 
+#define __THROW
+
 struct ethertypeent {
 	char *e_name;		/* Official ethernet type name.  */
 	char **e_aliases;	/* Alias list.  */