diff options
-rw-r--r-- | Android.mk | 6 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge.h | 1 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_arp.h | 3 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h | 50 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_log.h | 4 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h | 2 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h | 12 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_nat.h | 2 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h | 23 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h | 38 | ||||
-rw-r--r-- | kernel/linux/include/linux/netfilter_bridge/ebtables.h | 4 | ||||
-rw-r--r-- | userspace/Android.mk | 1 | ||||
-rw-r--r-- | userspace/ebtables2/Android.mk | 141 | ||||
-rw-r--r-- | userspace/ebtables2/include/ebtables_u.h | 7 | ||||
-rw-r--r-- | userspace/ebtables2/include/ethernetdb.h | 2 |
15 files changed, 294 insertions, 2 deletions
diff --git a/Android.mk b/Android.mk new file mode 100644 index 0000000..02b9bee --- /dev/null +++ b/Android.mk @@ -0,0 +1,6 @@ +#Avoid building ebtables for emulator +ifeq ($(call is-vendor-board-platform,QCOM),true) + include $(call all-subdir-makefiles) +else + $(info "ebtables is disabled on this build") +endif diff --git a/kernel/linux/include/linux/netfilter_bridge.h b/kernel/linux/include/linux/netfilter_bridge.h index 3c271c6..4c2a5aa 100644 --- a/kernel/linux/include/linux/netfilter_bridge.h +++ b/kernel/linux/include/linux/netfilter_bridge.h @@ -6,6 +6,7 @@ #include <linux/config.h> #include <linux/netfilter.h> +#include <limits.h> /* Bridge Hooks */ /* After promisc drops, checksum checks. */ diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h b/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h index 537ec6b..91ae858 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_arp.h @@ -8,8 +8,9 @@ #define EBT_ARP_DST_IP 0x10 #define EBT_ARP_SRC_MAC 0x20 #define EBT_ARP_DST_MAC 0x40 +#define EBT_ARP_GRAT 0x80 #define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \ - EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC) + EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | EBT_ARP_GRAT) #define EBT_ARP_MATCH "arp" struct ebt_arp_info diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h b/kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h new file mode 100644 index 0000000..42b8896 --- /dev/null +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_ip6.h @@ -0,0 +1,50 @@ +/* + * ebt_ip6 + * + * Authors: + * Kuo-Lang Tseng <kuo-lang.tseng@intel.com> + * Manohar Castelino <manohar.r.castelino@intel.com> + * + * Jan 11, 2008 + * + */ + +#ifndef __LINUX_BRIDGE_EBT_IP6_H +#define __LINUX_BRIDGE_EBT_IP6_H + +#include <linux/types.h> + +#define EBT_IP6_SOURCE 0x01 +#define EBT_IP6_DEST 0x02 +#define EBT_IP6_TCLASS 0x04 +#define EBT_IP6_PROTO 0x08 +#define EBT_IP6_SPORT 0x10 +#define EBT_IP6_DPORT 0x20 +#define EBT_IP6_ICMP6 0x40 + +#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\ + EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \ + EBT_IP6_ICMP6) +#define EBT_IP6_MATCH "ip6" + +/* the same values are used for the invflags */ +struct ebt_ip6_info { + struct in6_addr saddr; + struct in6_addr daddr; + struct in6_addr smsk; + struct in6_addr dmsk; + __u8 tclass; + __u8 protocol; + __u8 bitmask; + __u8 invflags; + union { + __u16 sport[2]; + __u8 icmpv6_type[2]; + }; + union { + __u16 dport[2]; + __u8 icmpv6_code[2]; + }; +}; + +#endif diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_log.h b/kernel/linux/include/linux/netfilter_bridge/ebt_log.h index d3e7377..0dee3f3 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebt_log.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_log.h @@ -3,7 +3,9 @@ #define EBT_LOG_IP 0x01 // if the frame is made by ip, log the ip information #define EBT_LOG_ARP 0x02 -#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP) +#define EBT_LOG_NFLOG 0x04 +#define EBT_LOG_IP6 0x0 +#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6) #define EBT_LOG_PREFIX_SIZE 30 #define EBT_LOG_WATCHER "log" diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h index 301524f..c057abf 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_m.h @@ -1,6 +1,8 @@ #ifndef __LINUX_BRIDGE_EBT_MARK_M_H #define __LINUX_BRIDGE_EBT_MARK_M_H +#include <linux/types.h> + #define EBT_MARK_AND 0x01 #define EBT_MARK_OR 0x02 #define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR) diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h index f84d2ad..8cb5764 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_mark_t.h @@ -1,6 +1,18 @@ #ifndef __LINUX_BRIDGE_EBT_MARK_T_H #define __LINUX_BRIDGE_EBT_MARK_T_H +/* The target member is reused for adding new actions, the + * value of the real target is -1 to -NUM_STANDARD_TARGETS. + * For backward compatibility, the 4 lsb (2 would be enough, + * but let's play it safe) are kept to designate this target. + * The remaining bits designate the action. By making the set + * action 0xfffffff0, the result will look ok for older + * versions. [September 2006] */ +#define MARK_SET_VALUE (0xfffffff0) +#define MARK_OR_VALUE (0xffffffe0) +#define MARK_AND_VALUE (0xffffffd0) +#define MARK_XOR_VALUE (0xffffffc0) + struct ebt_mark_t_info { unsigned long mark; diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h b/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h index eac1871..879377f 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_nat.h @@ -1,6 +1,8 @@ #ifndef __LINUX_BRIDGE_EBT_NAT_H #define __LINUX_BRIDGE_EBT_NAT_H +#define NAT_ARP_BIT (0x00000010) + struct ebt_nat_info { unsigned char mac[ETH_ALEN]; diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h b/kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h new file mode 100644 index 0000000..df829fc --- /dev/null +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_nflog.h @@ -0,0 +1,23 @@ +#ifndef __LINUX_BRIDGE_EBT_NFLOG_H +#define __LINUX_BRIDGE_EBT_NFLOG_H + +#include <linux/types.h> + +#define EBT_NFLOG_MASK 0x0 + +#define EBT_NFLOG_PREFIX_SIZE 64 +#define EBT_NFLOG_WATCHER "nflog" + +#define EBT_NFLOG_DEFAULT_GROUP 0x1 +#define EBT_NFLOG_DEFAULT_THRESHOLD 1 + +struct ebt_nflog_info { + __u32 len; + __u16 group; + __u16 threshold; + __u16 flags; + __u16 pad; + char prefix[EBT_NFLOG_PREFIX_SIZE]; +}; + +#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */ diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h b/kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h new file mode 100644 index 0000000..89a6bec --- /dev/null +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_ulog.h @@ -0,0 +1,38 @@ +#ifndef _EBT_ULOG_H +#define _EBT_ULOG_H + +#include <linux/types.h> + +#define EBT_ULOG_DEFAULT_NLGROUP 0 +#define EBT_ULOG_DEFAULT_QTHRESHOLD 1 +#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */ +#define EBT_ULOG_PREFIX_LEN 32 +#define EBT_ULOG_MAX_QLEN 50 +#define EBT_ULOG_WATCHER "ulog" +#define EBT_ULOG_VERSION 1 + +struct ebt_ulog_info { + __u32 nlgroup; + unsigned int cprange; + unsigned int qthreshold; + char prefix[EBT_ULOG_PREFIX_LEN]; +}; + +typedef struct ebt_ulog_packet_msg { + int version; + char indev[IFNAMSIZ]; + char outdev[IFNAMSIZ]; + char physindev[IFNAMSIZ]; + char physoutdev[IFNAMSIZ]; + char prefix[EBT_ULOG_PREFIX_LEN]; + struct timeval stamp; + unsigned long mark; + unsigned int hook; + size_t data_len; + /* The complete packet, including Ethernet header and perhaps + * the VLAN header is appended */ + unsigned char data[0] __attribute__ + ((aligned (__alignof__(struct ebt_ulog_info)))); +} ebt_ulog_packet_msg_t; + +#endif /* _EBT_ULOG_H */ diff --git a/kernel/linux/include/linux/netfilter_bridge/ebtables.h b/kernel/linux/include/linux/netfilter_bridge/ebtables.h index 81543a8..e4a5690 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebtables.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebtables.h @@ -26,6 +26,10 @@ #define EBT_CONTINUE -3 #define EBT_RETURN -4 #define NUM_STANDARD_TARGETS 4 +/* ebtables target modules store the verdict inside an int. We can + * reclaim a part of this int for backwards compatible extensions. + * The 4 lsb are more than enough to store the verdict. */ +#define EBT_VERDICT_BITS 0x0000000F struct ebt_counter { diff --git a/userspace/Android.mk b/userspace/Android.mk new file mode 100644 index 0000000..5053e7d --- /dev/null +++ b/userspace/Android.mk @@ -0,0 +1 @@ +include $(call all-subdir-makefiles) diff --git a/userspace/ebtables2/Android.mk b/userspace/ebtables2/Android.mk new file mode 100644 index 0000000..59b07b3 --- /dev/null +++ b/userspace/ebtables2/Android.mk @@ -0,0 +1,141 @@ +# BUILD libebtc.so + +LOCAL_PATH:= $(call my-dir) + +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := getethertype.c +LOCAL_SRC_FILES += communication.c +LOCAL_SRC_FILES += libebtc.c +LOCAL_SRC_FILES += useful_functions.c +LOCAL_SRC_FILES += ebtables.c + +LOCAL_C_INCLUDES := $(LOCAL_PATH)/include +LOCAL_C_INCLUDES += $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include +LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr + +LOCAL_CFLAGS += -DPROGNAME=\"ebtables\" \ + -DPROGVERSION=\"2.0.10\" \ + -DPROGDATE=\"December\ 2011\" \ + -D__THROW= + +LOCAL_CFLAGS += -O2 -g -Wno-ignored-qualifiers +LOCAL_CFLAGS += -Wno-sign-compare \ + -Wno-missing-field-initializers \ + -Wno-pointer-arith + +LOCAL_MODULE := libebtc + +LOCAL_MODULE_TAGS := optional + +include $(BUILD_SHARED_LIBRARY) + +# sources and intermediate files are separated + +c_includes := $(LOCAL_PATH)/include +c_includes += $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include +local_additional_dependencies := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr + +cflags := -O2 -g \ + -DPROGNAME=\"ebtables\" \ + -DPROGVERSION=\"2.0.10\" \ + -DPROGDATE=\"December\ 2011\" \ + -Wno-sign-compare -Wno-missing-field-initializers \ + -Wno-ignored-qualifiers + +extensions_src_files := \ + extensions/ebt_802_3.c \ + extensions/ebt_among.c \ + extensions/ebt_arp.c \ + extensions/ebt_arpreply.c \ + extensions/ebt_ip.c \ + extensions/ebt_ip6.c \ + extensions/ebt_limit.c \ + extensions/ebt_log.c \ + extensions/ebt_mark.c \ + extensions/ebt_mark_m.c \ + extensions/ebt_nat.c \ + extensions/ebt_nflog.c \ + extensions/ebt_pkttype.c \ + extensions/ebt_redirect.c \ + extensions/ebt_standard.c \ + extensions/ebt_stp.c \ + extensions/ebt_ulog.c \ + extensions/ebt_vlan.c \ + extensions/ebtable_broute.c \ + extensions/ebtable_filter.c \ + extensions/ebtable_nat.c + +ld_flags := -nostartfiles +shared_libs := libebtc +module_tags := eng + +$(foreach file,$(extensions_src_files), \ + $(eval include $(CLEAR_VARS)) \ + $(eval LOCAL_C_INCLUDES := $(c_includes)) \ + $(eval LOCAL_ADDITIONAL_DEPENDENCIES := $(local_additional_dependencies)) \ + $(eval LOCAL_SRC_FILES := $(file)) \ + $(eval tmp_file := $(notdir $(file:%.c=%))) \ + $(eval tmp_file := $(addprefix lib, $(tmp_file))) \ + $(eval LOCAL_MODULE := $(tmp_file)) \ + $(eval LOCAL_MODULE_TAGS := $(module_tags)) \ + $(eval LOCAL_LDFLAGS := $(ld_flags)) \ + $(eval LOCAL_CFLAGS := $(cflags)) \ + $(eval LOCAL_SHARED_LIBRARIES := $(shared_libs)) \ + $(eval include $(BUILD_SHARED_LIBRARY)) \ +) + + +############################### +include $(CLEAR_VARS) + +LOCAL_C_INCLUDES := $(LOCAL_PATH)/include +LOCAL_C_INCLUDES += $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include +LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr + +LOCAL_CFLAGS += -DPROGNAME=\"ebtables\" \ + -DPROGVERSION=\"2.0.10\" \ + -DPROGDATE=\"December\ 2011\" + +LOCAL_SRC_FILES := ebtables-standalone.c + +LOCAL_SHARED_LIBRARIES += \ + libebtc \ + libebt_802_3 \ + libebt_among \ + libebt_arp \ + libebt_arpreply \ + libebt_ip \ + libebt_ip6 \ + libebt_limit \ + libebt_log \ + libebt_mark \ + libebt_mark_m \ + libebt_nat \ + libebt_nflog \ + libebt_pkttype \ + libebt_redirect \ + libebt_standard \ + libebt_stp \ + libebt_ulog \ + libebt_vlan \ + libebtable_broute \ + libebtable_filter \ + libebtable_nat + +LOCAL_MODULE := ebtables + +LOCAL_MODULE_TAGS := optional + +include $(BUILD_EXECUTABLE) + + +#######dss_test_104########## +include $(CLEAR_VARS) +LOCAL_MODULE:= ethertypes +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_SRC_FILES := ethertypes +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE_PATH := $(TARGET_OUT_ETC) +include $(BUILD_PREBUILT) + diff --git a/userspace/ebtables2/include/ebtables_u.h b/userspace/ebtables2/include/ebtables_u.h index ab615c1..07dae8e 100644 --- a/userspace/ebtables2/include/ebtables_u.h +++ b/userspace/ebtables2/include/ebtables_u.h @@ -24,7 +24,14 @@ #ifndef EBTABLES_U_H #define EBTABLES_U_H #include <netinet/in.h> + +#ifdef __ANDROID_API__ +#pragma message "Found __ANDRIOD_API__, #undef __unused" +#undef __unused +#include <ebtables.h> +#else #include <linux/netfilter_bridge/ebtables.h> +#endif #include <linux/netfilter/x_tables.h> #ifndef IPPROTO_SCTP diff --git a/userspace/ebtables2/include/ethernetdb.h b/userspace/ebtables2/include/ethernetdb.h index 46d8bfd..22b6f7f 100644 --- a/userspace/ebtables2/include/ethernetdb.h +++ b/userspace/ebtables2/include/ethernetdb.h @@ -30,6 +30,8 @@ #define _PATH_ETHERTYPES "/etc/ethertypes" #endif /* _PATH_ETHERTYPES */ +#define __THROW + struct ethertypeent { char *e_name; /* Official ethernet type name. */ char **e_aliases; /* Alias list. */ |