- fuzzy: need to account for kernel-level modified variables in .userspacesize
- geoip: remove XT_ALIGN from .userspacesize when used with offsetof
- add "STEAL" target
+- dhcpmac: rename from dhcpaddr
Xtables-addons 1.13 (March 23 2009)
obj-${build_CHAOS} += xt_CHAOS.o
obj-${build_DELUDE} += xt_DELUDE.o
-obj-${build_DHCPADDR} += xt_DHCPADDR.o
+obj-${build_DHCPMAC} += xt_DHCPMAC.o
obj-${build_ECHO} += xt_ECHO.o
obj-${build_IPMARK} += xt_IPMARK.o
obj-${build_LOGMARK} += xt_LOGMARK.o
obj-${build_CHAOS} += libxt_CHAOS.so
obj-${build_DELUDE} += libxt_DELUDE.so
-obj-${build_DHCPADDR} += libxt_DHCPADDR.so libxt_dhcpaddr.so
+obj-${build_DHCPMAC} += libxt_DHCPMAC.so libxt_dhcpmac.so
obj-${build_ECHO} += libxt_ECHO.so
obj-${build_IPMARK} += libxt_IPMARK.so
obj-${build_LOGMARK} += libxt_LOGMARK.so
/*
- * "DHCPADDR" target extension for iptables
+ * "DHCPMAC" target extension for iptables
* Copyright © Jan Engelhardt <jengelh [at] medozas de>, 2008
*
* This program is free software; you can redistribute it and/or
#include <string.h>
#include <netinet/ether.h>
#include <xtables.h>
-#include "xt_DHCPADDR.h"
+#include "xt_DHCPMAC.h"
#include "mac.c"
enum {
F_MAC = 1 << 0,
};
-static const struct option dhcpaddr_tg_opts[] = {
+static const struct option dhcpmac_tg_opts[] = {
{.name = "set-mac", .has_arg = true, .val = 'M'},
{NULL},
};
-static void dhcpaddr_tg_help(void)
+static void dhcpmac_tg_help(void)
{
printf(
"DHCPADDDR target options:\n"
);
}
-static int dhcpaddr_tg_parse(int c, char **argv, int invert,
+static int dhcpmac_tg_parse(int c, char **argv, int invert,
unsigned int *flags, const void *entry, struct xt_entry_target **target)
{
- struct dhcpaddr_info *info = (void *)(*target)->data;
+ struct dhcpmac_info *info = (void *)(*target)->data;
switch (c) {
case 'M':
- xtables_param_act(XTF_ONLY_ONCE, "DHCPADDR", "--set-mac", *flags & F_MAC);
- xtables_param_act(XTF_NO_INVERT, "DHCPADDR", "--set-mac", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "DHCPMAC", "--set-mac", *flags & F_MAC);
+ xtables_param_act(XTF_NO_INVERT, "DHCPMAC", "--set-mac", invert);
if (!mac_parse(optarg, info->addr, &info->mask))
- xtables_param_act(XTF_BAD_VALUE, "DHCPADDR", "--set-mac", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "DHCPMAC", "--set-mac", optarg);
*flags |= F_MAC;
return true;
}
return false;
}
-static void dhcpaddr_tg_check(unsigned int flags)
+static void dhcpmac_tg_check(unsigned int flags)
{
if (flags == 0)
- xtables_error(PARAMETER_PROBLEM, "DHCPADDR target: "
+ xtables_error(PARAMETER_PROBLEM, "DHCPMAC target: "
"--set-mac parameter required");
}
-static void dhcpaddr_tg_print(const void *ip,
+static void dhcpmac_tg_print(const void *ip,
const struct xt_entry_target *target, int numeric)
{
- const struct dhcpaddr_info *info = (void *)target->data;
+ const struct dhcpmac_info *info = (void *)target->data;
- printf("DHCPADDR %s" DH_MAC_FMT "/%u ",
+ printf("DHCPMAC %s" DH_MAC_FMT "/%u ",
info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
}
-static void dhcpaddr_tg_save(const void *ip,
+static void dhcpmac_tg_save(const void *ip,
const struct xt_entry_target *target)
{
- const struct dhcpaddr_info *info = (const void *)target->data;
+ const struct dhcpmac_info *info = (const void *)target->data;
if (info->invert)
printf("! ");
DH_MAC_HEX(info->addr), info->mask);
}
-static struct xtables_target dhcpaddr_tg_reg = {
+static struct xtables_target dhcpmac_tg_reg = {
.version = XTABLES_VERSION,
- .name = "DHCPADDR",
+ .name = "DHCPMAC",
.revision = 0,
.family = PF_INET,
- .size = XT_ALIGN(sizeof(struct dhcpaddr_info)),
- .userspacesize = XT_ALIGN(sizeof(struct dhcpaddr_info)),
- .help = dhcpaddr_tg_help,
- .parse = dhcpaddr_tg_parse,
- .final_check = dhcpaddr_tg_check,
- .print = dhcpaddr_tg_print,
- .save = dhcpaddr_tg_save,
- .extra_opts = dhcpaddr_tg_opts,
+ .size = XT_ALIGN(sizeof(struct dhcpmac_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct dhcpmac_info)),
+ .help = dhcpmac_tg_help,
+ .parse = dhcpmac_tg_parse,
+ .final_check = dhcpmac_tg_check,
+ .print = dhcpmac_tg_print,
+ .save = dhcpmac_tg_save,
+ .extra_opts = dhcpmac_tg_opts,
};
-static __attribute__((constructor)) void dhcpaddr_tg_ldr(void)
+static __attribute__((constructor)) void dhcpmac_tg_ldr(void)
{
- xtables_register_target(&dhcpaddr_tg_reg);
+ xtables_register_target(&dhcpmac_tg_reg);
}
-In conjunction with ebtables, DHCPADDR can be used to completely change all MAC
+In conjunction with ebtables, DHCPMAC can be used to completely change all MAC
addresses from and to a VMware-based virtual machine. This is needed because
VMware does not allow to set a non-VMware MAC address before an operating
system is booted (and the MAC be changed with `ip link set eth0 address
(00:50:56) addresses with something else:
.PP
iptables -t mangle -A FORWARD -p udp --dport 67 -m physdev --physdev-in vmnet1
--m dhcpaddr --mac 00:50:56:00:00:00/24 -j DHCPADDR --set-mac
+-m dhcpmac --mac 00:50:56:00:00:00/24 -j DHCPMAC --set-mac
ab:cd:ef:00:00:00/24
.PP
iptables -t mangle -A FORWARD -p udp --dport 68 -m physdev --physdev-out vmnet1
--m dhcpaddr --mac ab:cd:ef:00:00:00/24 -j DHCPADDR --set-mac
+-m dhcpmac --mac ab:cd:ef:00:00:00/24 -j DHCPMAC --set-mac
00:50:56:00:00:00/24
.PP
(This assumes there is a bridge interface that has vmnet1 as a port. You will
+++ /dev/null
-/*
- * "dhcpaddr" match extension for iptables
- * Copyright © Jan Engelhardt <jengelh [at] medozas de>, 2008
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License; either
- * version 2 of the License, or any later version, as published by the
- * Free Software Foundation.
- */
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netdb.h>
-#include <net/ethernet.h>
-#include <xtables.h>
-#include "xt_DHCPADDR.h"
-#include "mac.c"
-
-enum {
- F_MAC = 1 << 0,
-};
-
-static const struct option dhcpaddr_mt_opts[] = {
- {.name = "mac", .has_arg = true, .val = 'M'},
- {NULL},
-};
-
-static void dhcpaddr_mt_help(void)
-{
- printf(
-"dhcpaddr match options:\n"
-"[!] --mac lladdr[/mask] Match on MAC address in DHCP Client Host field\n"
- );
-}
-
-static int dhcpaddr_mt_parse(int c, char **argv, int invert,
- unsigned int *flags, const void *entry, struct xt_entry_match **match)
-{
- struct dhcpaddr_info *info = (void *)(*match)->data;
-
- switch (c) {
- case 'M':
- xtables_param_act(XTF_ONLY_ONCE, "dhcpaddr", "--mac", *flags & F_MAC);
- xtables_param_act(XTF_NO_INVERT, "dhcpaddr", "--mac", invert);
- if (!mac_parse(optarg, info->addr, &info->mask))
- xtables_param_act(XTF_BAD_VALUE, "dhcpaddr", "--mac", optarg);
- if (invert)
- info->invert = true;
- *flags |= F_MAC;
- return true;
- }
-
- return false;
-}
-
-static void dhcpaddr_mt_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM, "dhcpaddr match: "
- "--mac parameter required");
-}
-
-static void dhcpaddr_mt_print(const void *ip,
- const struct xt_entry_match *match, int numeric)
-{
- const struct dhcpaddr_info *info = (void *)match->data;
-
- printf("dhcpaddr %s" DH_MAC_FMT "/%u ",
- info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
-}
-
-static void dhcpaddr_mt_save(const void *ip,
- const struct xt_entry_match *match)
-{
- const struct dhcpaddr_info *info = (void *)match->data;
-
- if (info->invert)
- printf("! ");
- printf("--mac " DH_MAC_FMT "/%u ",
- DH_MAC_HEX(info->addr), info->mask);
-}
-
-static struct xtables_match dhcpaddr_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "dhcpaddr",
- .revision = 0,
- .family = PF_INET,
- .size = XT_ALIGN(sizeof(struct dhcpaddr_info)),
- .userspacesize = XT_ALIGN(sizeof(struct dhcpaddr_info)),
- .help = dhcpaddr_mt_help,
- .parse = dhcpaddr_mt_parse,
- .final_check = dhcpaddr_mt_check,
- .print = dhcpaddr_mt_print,
- .save = dhcpaddr_mt_save,
- .extra_opts = dhcpaddr_mt_opts,
-};
-
-static __attribute__((constructor)) void dhcpaddr_mt_ldr(void)
-{
- xtables_register_match(&dhcpaddr_mt_reg);
-}
+++ /dev/null
-.TP
-\fB--mac\fP \fIaa:bb:cc:dd:ee:ff\fP[\fB/\fP\fImask\fP]
-Matches the DHCP Client Host address in a DHCP message. \fImask\fP specifies
-the prefix length of the initial portion to match.
--- /dev/null
+/*
+ * "dhcpmac" match extension for iptables
+ * Copyright © Jan Engelhardt <jengelh [at] medozas de>, 2008
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License; either
+ * version 2 of the License, or any later version, as published by the
+ * Free Software Foundation.
+ */
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netdb.h>
+#include <net/ethernet.h>
+#include <xtables.h>
+#include "xt_DHCPMAC.h"
+#include "mac.c"
+
+enum {
+ F_MAC = 1 << 0,
+};
+
+static const struct option dhcpmac_mt_opts[] = {
+ {.name = "mac", .has_arg = true, .val = 'M'},
+ {NULL},
+};
+
+static void dhcpmac_mt_help(void)
+{
+ printf(
+"dhcpmac match options:\n"
+"[!] --mac lladdr[/mask] Match on MAC address in DHCP Client Host field\n"
+ );
+}
+
+static int dhcpmac_mt_parse(int c, char **argv, int invert,
+ unsigned int *flags, const void *entry, struct xt_entry_match **match)
+{
+ struct dhcpmac_info *info = (void *)(*match)->data;
+
+ switch (c) {
+ case 'M':
+ xtables_param_act(XTF_ONLY_ONCE, "dhcpmac", "--mac", *flags & F_MAC);
+ xtables_param_act(XTF_NO_INVERT, "dhcpmac", "--mac", invert);
+ if (!mac_parse(optarg, info->addr, &info->mask))
+ xtables_param_act(XTF_BAD_VALUE, "dhcpmac", "--mac", optarg);
+ if (invert)
+ info->invert = true;
+ *flags |= F_MAC;
+ return true;
+ }
+
+ return false;
+}
+
+static void dhcpmac_mt_check(unsigned int flags)
+{
+ if (flags == 0)
+ xtables_error(PARAMETER_PROBLEM, "dhcpmac match: "
+ "--mac parameter required");
+}
+
+static void dhcpmac_mt_print(const void *ip,
+ const struct xt_entry_match *match, int numeric)
+{
+ const struct dhcpmac_info *info = (void *)match->data;
+
+ printf("dhcpmac %s" DH_MAC_FMT "/%u ",
+ info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
+}
+
+static void dhcpmac_mt_save(const void *ip,
+ const struct xt_entry_match *match)
+{
+ const struct dhcpmac_info *info = (void *)match->data;
+
+ if (info->invert)
+ printf("! ");
+ printf("--mac " DH_MAC_FMT "/%u ",
+ DH_MAC_HEX(info->addr), info->mask);
+}
+
+static struct xtables_match dhcpmac_mt_reg = {
+ .version = XTABLES_VERSION,
+ .name = "dhcpmac",
+ .revision = 0,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct dhcpmac_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct dhcpmac_info)),
+ .help = dhcpmac_mt_help,
+ .parse = dhcpmac_mt_parse,
+ .final_check = dhcpmac_mt_check,
+ .print = dhcpmac_mt_print,
+ .save = dhcpmac_mt_save,
+ .extra_opts = dhcpmac_mt_opts,
+};
+
+static __attribute__((constructor)) void dhcpmac_mt_ldr(void)
+{
+ xtables_register_match(&dhcpmac_mt_reg);
+}
--- /dev/null
+.TP
+\fB--mac\fP \fIaa:bb:cc:dd:ee:ff\fP[\fB/\fP\fImask\fP]
+Matches the DHCP "Client Host" address (a MAC address) in a DHCP message.
+\fImask\fP specifies the prefix length of the initial portion to match.
-config NETFILTER_XT_DHCPADDR
- tristate '"DHCPADDR" DHCP address matching and manipulation support'
+config NETFILTER_XT_DHCPMAC
+ tristate '"DHCPMAC" DHCP address matching and manipulation support'
depends on NETFILTER_XTABLES
depends on IP_NF_MANGLE || IP6_NF_MANGLE
---help---
- The DHCPADDR extensions allows to match and change the MAC address in
+ The DHCPMAC extensions allows to match and change the MAC address in
a DHCP packet, so as to work around VMware's "inability" to use MAC
addresses from a vendor different than VMware at boot time.
/*
- * "DHCPADDR" extensions for Xtables
+ * "DHCPMAC" extensions for Xtables
* Copyright © Jan Engelhardt <jengelh [at] medozas de>, 2008
*
* This program is free software; you can redistribute it and/or
#include <linux/udp.h>
#include <net/ip.h>
#include <linux/netfilter/x_tables.h>
-#include "xt_DHCPADDR.h"
+#include "xt_DHCPMAC.h"
#include "compat_xtables.h"
struct dhcp_message {
}
static bool
-dhcpaddr_mt(const struct sk_buff *skb, const struct xt_match_param *par)
+dhcpmac_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct dhcpaddr_info *info = par->matchinfo;
+ const struct dhcpmac_info *info = par->matchinfo;
const struct dhcp_message *dh;
struct dhcp_message dhcpbuf;
}
static unsigned int
-dhcpaddr_tg(struct sk_buff **pskb, const struct xt_target_param *par)
+dhcpmac_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
- const struct dhcpaddr_info *info = par->targinfo;
+ const struct dhcpmac_info *info = par->targinfo;
struct dhcp_message dhcpbuf, *dh;
struct udphdr udpbuf, *udph;
struct sk_buff *skb = *pskb;
return XT_CONTINUE;
}
-static struct xt_target dhcpaddr_tg_reg __read_mostly = {
- .name = "DHCPADDR",
+static struct xt_target dhcpmac_tg_reg __read_mostly = {
+ .name = "DHCPMAC",
.revision = 0,
.family = NFPROTO_IPV4,
.proto = IPPROTO_UDP,
.table = "mangle",
- .target = dhcpaddr_tg,
- .targetsize = XT_ALIGN(sizeof(struct dhcpaddr_info)),
+ .target = dhcpmac_tg,
+ .targetsize = XT_ALIGN(sizeof(struct dhcpmac_info)),
.me = THIS_MODULE,
};
-static struct xt_match dhcpaddr_mt_reg __read_mostly = {
- .name = "dhcpaddr",
+static struct xt_match dhcpmac_mt_reg __read_mostly = {
+ .name = "dhcpmac",
.revision = 0,
.family = NFPROTO_IPV4,
.proto = IPPROTO_UDP,
- .match = dhcpaddr_mt,
- .matchsize = XT_ALIGN(sizeof(struct dhcpaddr_info)),
+ .match = dhcpmac_mt,
+ .matchsize = XT_ALIGN(sizeof(struct dhcpmac_info)),
.me = THIS_MODULE,
};
-static int __init dhcpaddr_init(void)
+static int __init dhcpmac_init(void)
{
int ret;
- ret = xt_register_target(&dhcpaddr_tg_reg);
+ ret = xt_register_target(&dhcpmac_tg_reg);
if (ret != 0)
return ret;
- ret = xt_register_match(&dhcpaddr_mt_reg);
+ ret = xt_register_match(&dhcpmac_mt_reg);
if (ret != 0) {
- xt_unregister_target(&dhcpaddr_tg_reg);
+ xt_unregister_target(&dhcpmac_tg_reg);
return ret;
}
return 0;
}
-static void __exit dhcpaddr_exit(void)
+static void __exit dhcpmac_exit(void)
{
- xt_unregister_target(&dhcpaddr_tg_reg);
- xt_unregister_match(&dhcpaddr_mt_reg);
+ xt_unregister_target(&dhcpmac_tg_reg);
+ xt_unregister_match(&dhcpmac_mt_reg);
}
-module_init(dhcpaddr_init);
-module_exit(dhcpaddr_exit);
+module_init(dhcpmac_init);
+module_exit(dhcpmac_exit);
MODULE_DESCRIPTION("Xtables: Clamp DHCP MAC to packet MAC addresses");
MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
MODULE_LICENSE("GPL");
-MODULE_ALIAS("ipt_DHCPADDR");
-MODULE_ALIAS("ipt_dhcpaddr");
+MODULE_ALIAS("ipt_DHCPMAC");
+MODULE_ALIAS("ipt_dhcpmac");
-#ifndef _LINUX_NETFILTER_XT_DHCPADDR_H
-#define _LINUX_NETFILTER_XT_DHCPADDR_H 1
+#ifndef _LINUX_NETFILTER_XT_DHCPMAC_H
+#define _LINUX_NETFILTER_XT_DHCPMAC_H 1
#define DH_MAC_FMT "%02X:%02X:%02X:%02X:%02X:%02X"
#define DH_MAC_HEX(z) z[0], z[1], z[2], z[3], z[4], z[5]
-struct dhcpaddr_info {
+struct dhcpmac_info {
unsigned char addr[ETH_ALEN];
uint8_t mask, invert;
};
-#endif /* _LINUX_NETFILTER_XT_DHCPADDR_H */
+#endif /* _LINUX_NETFILTER_XT_DHCPMAC_H */
#
build_CHAOS=m
build_DELUDE=m
-build_DHCPADDR=m
+build_DHCPMAC=m
build_ECHO=
build_IPMARK=m
build_LOGMARK=m
projects / thirdparty / xtables-addons.git / commitdiff
