} else if (!(e->bitmask & EBT_NOPROTO) &&
FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
{
- if(h->h_proto!=ETH_P_PPP_SES)
- return 1;
+ /*Fix bug: Add any bridge filter rule will drop ETH_P_PPP_SES packets.*/
+ /*Andy modify (2006/12/05)*/
+ /*if(h->h_proto!=ETH_P_PPP_SES)
+ return 1;*/
+ return 1;
}
if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
return 1;
base = private->entries;
i = 0;
while (i < nentries) {
- if (ebt_basic_match(point, (**pskb).mac.ethernet, in, out))
+ struct ethhdr ex8021q;
+
+ if ((*pskb)->protocol == __constant_htons(ETH_P_8021Q) && (point->ethproto != __constant_htons(ETH_P_8021Q))) {
+ memcpy(ex8021q.h_dest,(**pskb).mac.ethernet->h_dest,ETH_ALEN);
+ memcpy(ex8021q.h_source,(**pskb).mac.ethernet->h_source,ETH_ALEN);
+ ex8021q.h_proto = * (unsigned short *)(&(**pskb).nh.raw[2]);
+ //vicprintk("802.1q pkt dst mac %02x.%02x.%02x.%02x.%02x.%02x ",ex8021q.h_dest[0],ex8021q.h_dest[1],ex8021q.h_dest[2],ex8021q.h_dest[3],ex8021q.h_dest[4],ex8021q.h_dest[5]);
+ //vicprintk(" src mac %02x.%02x.%02x.%02x.%02x.%02x ",ex8021q.h_source[0],ex8021q.h_source[1],ex8021q.h_source[2],ex8021q.h_source[3],ex8021q.h_source[4],ex8021q.h_source[5]);
+ //vicprintk(" pkt type %02x\n",ex8021q.h_proto);
+ if (ebt_basic_match(point,&ex8021q, in, out)) {
+ //vicprintk("filter 0x%x,0x%x,%4x\n",point -> bitmask,point -> invflags , point->ethproto);
+ //vicprintk("not match %d\n",j);
+ goto letscontinue;
+ }
+ }
+ else
+ if (ebt_basic_match(point, (**pskb).mac.ethernet, in, out)){
+ //vicprintk("filter 0x%x,0x%x,%4x\n",point -> bitmask,point -> invflags , point->ethproto);
+ //vicprintk("not match %d\n",j);
goto letscontinue;
+ }
- if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
+ //vicprintk("do match ext\n");
+
+ if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) {
+ //vicprintk("ext not match 0x%x,0x%x,%4x\n",point -> bitmask,point -> invflags , point->ethproto);
goto letscontinue;
+ }
+ //else vicprintk("ext matched or no ext\n");
/* increase counter */
(*(counter_base + i)).pcnt++;
else
verdict = t->u.target->target(pskb, hook,
in, out, t->data, t->target_size);
+
+ //vicprintk("matched verdict %d\n",verdict);
if (verdict == EBT_ACCEPT) {
read_unlock_bh(&table->lock);
return NF_ACCEPT;
}
if (verdict == EBT_DROP) {
+ //vicprintk("drop 0x%x,0x%x,%4x\n",point -> bitmask,point -> invflags , point->ethproto);
read_unlock_bh(&table->lock);
return NF_DROP;
}
return -EINVAL;
}
- /* we now know the following (along with E=mc²):
+ /* we now know the following (along with E=mc?:
- the nr of entries in each chain is right
- the size of the allocated space is right
- all valid hooks have a corresponding chain