fixes firewall for trunk, custom chains were never reched, as policies apply beforehand
[openwrt.git] / package / ppp / patches / 310-precompiled_filter.patch
1 Index: ppp-2.4.3/pppd/Makefile.linux
2 ===================================================================
3 --- ppp-2.4.3.orig/pppd/Makefile.linux 2007-06-04 13:22:14.133706632 +0200
4 +++ ppp-2.4.3/pppd/Makefile.linux 2007-06-04 13:22:14.320678208 +0200
5 @@ -50,6 +50,9 @@
6 # and that the kernel driver support PPP packet filtering.
7 #FILTER=y
8
9 +# Support for precompiled filters
10 +PRECOMPILED_FILTER=y
11 +
12 # Uncomment the next line to enable multilink PPP (enabled by default)
13 # Linux distributions: Please leave multilink ENABLED in your builds
14 # of pppd!
15 @@ -177,6 +180,14 @@
16 endif
17 endif
18
19 +ifdef PRECOMPILED_FILTER
20 +PPPDSRCS += pcap_pcc.c
21 +HEADERS += pcap_pcc.h
22 +PPPDOBJS += pcap_pcc.o
23 +LIBS += $(STAGING_DIR)/usr/lib/libpcap.a
24 +CFLAGS += -DPPP_FILTER -DPPP_PRECOMPILED_FILTER -I$(STAGING_DIR)/usr/include
25 +endif
26 +
27 ifdef HAVE_INET6
28 PPPDSRCS += ipv6cp.c eui64.c
29 HEADERS += ipv6cp.h eui64.h
30 Index: ppp-2.4.3/pppd/demand.c
31 ===================================================================
32 --- ppp-2.4.3.orig/pppd/demand.c 2007-06-04 13:22:11.613089824 +0200
33 +++ ppp-2.4.3/pppd/demand.c 2007-06-04 13:22:14.320678208 +0200
34 @@ -438,12 +438,14 @@
35 return 0;
36 proto = PPP_PROTOCOL(p);
37 #ifdef PPP_FILTER
38 + *p = 1; /* set outbound for the filter rule */
39 if (pass_filter.bf_len != 0
40 && bpf_filter(pass_filter.bf_insns, p, len, len) == 0)
41 return 0;
42 if (active_filter.bf_len != 0
43 && bpf_filter(active_filter.bf_insns, p, len, len) == 0)
44 return 0;
45 + *p = 0xff; /* restore original ppp header */
46 #endif
47 for (i = 0; (protp = protocols[i]) != NULL; ++i) {
48 if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) {
49 Index: ppp-2.4.3/pppd/options.c
50 ===================================================================
51 --- ppp-2.4.3.orig/pppd/options.c 2007-06-04 13:22:09.005486240 +0200
52 +++ ppp-2.4.3/pppd/options.c 2007-06-04 13:22:14.321678056 +0200
53 @@ -57,14 +57,7 @@
54
55 #ifdef PPP_FILTER
56 #include <pcap.h>
57 -/*
58 - * DLT_PPP_WITH_DIRECTION is in current libpcap cvs, and should be in
59 - * libpcap-0.8.4. Until that is released, use DLT_PPP - but that means
60 - * we lose the inbound and outbound qualifiers.
61 - */
62 -#ifndef DLT_PPP_WITH_DIRECTION
63 -#define DLT_PPP_WITH_DIRECTION DLT_PPP
64 -#endif
65 +#include <pcap-bpf.h>
66 #endif
67
68 #include "pppd.h"
69 @@ -155,6 +148,13 @@
70 static int loadplugin __P((char **));
71 #endif
72
73 +#ifdef PPP_PRECOMPILED_FILTER
74 +#include "pcap_pcc.h"
75 +static int setprecompiledpassfilter __P((char **));
76 +static int setprecompiledactivefilter __P((char **));
77 +#undef PPP_FILTER
78 +#endif
79 +
80 #ifdef PPP_FILTER
81 static int setpassfilter __P((char **));
82 static int setactivefilter __P((char **));
83 @@ -312,6 +312,14 @@
84 "set filter for active pkts", OPT_PRIO },
85 #endif
86
87 +#ifdef PPP_PRECOMPILED_FILTER
88 + { "precompiled-pass-filter", 1, setprecompiledpassfilter,
89 + "set precompiled filter for packets to pass", OPT_PRIO },
90 +
91 + { "precompiled-active-filter", 1, setprecompiledactivefilter,
92 + "set precompiled filter for active pkts", OPT_PRIO },
93 +#endif
94 +
95 #ifdef MAXOCTETS
96 { "maxoctets", o_int, &maxoctets,
97 "Set connection traffic limit",
98 @@ -1447,6 +1455,29 @@
99 return ok;
100 }
101
102 +#ifdef PPP_PRECOMPILED_FILTER
103 +/*
104 + * setprecompiledpassfilter - Set the pass filter for packets using a
105 + * precompiled expression
106 + */
107 +static int
108 +setprecompiledpassfilter(argv)
109 + char **argv;
110 +{
111 + return pcap_pre_compiled (*argv, &pass_filter);
112 +}
113 +
114 +/*
115 + * setactivefilter - Set the active filter for packets
116 + */
117 +static int
118 +setprecompiledactivefilter(argv)
119 + char **argv;
120 +{
121 + return pcap_pre_compiled (*argv, &active_filter);
122 +}
123 +#endif
124 +
125 #ifdef PPP_FILTER
126 /*
127 * setpassfilter - Set the pass filter for packets
128 @@ -1458,7 +1489,7 @@
129 pcap_t *pc;
130 int ret = 0;
131
132 - pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
133 + pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
134 if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) {
135 option_error("error in pass-filter expression: %s\n",
136 pcap_geterr(pc));
137 @@ -1479,7 +1510,7 @@
138 pcap_t *pc;
139 int ret = 0;
140
141 - pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
142 + pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
143 if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) {
144 option_error("error in active-filter expression: %s\n",
145 pcap_geterr(pc));
146 Index: ppp-2.4.3/pppd/pcap_pcc.c
147 ===================================================================
148 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
149 +++ ppp-2.4.3/pppd/pcap_pcc.c 2007-06-04 13:22:14.321678056 +0200
150 @@ -0,0 +1,74 @@
151 +#include <pcap.h>
152 +#include <pcap-bpf.h>
153 +#include <stdio.h>
154 +#include <stdlib.h>
155 +#include <string.h>
156 +#include <errno.h>
157 +#include "pppd.h"
158 +
159 +int pcap_pre_compiled (char * fname, struct bpf_program *p)
160 +{
161 + char buf[128];
162 + int line = 0, size = 0, index=0, ret=1;
163 + FILE *f = fopen (fname, "r");
164 + if (!f)
165 + {
166 + option_error("error opening precompiled active-filter '%s': %s",
167 + fname, strerror (errno));
168 + return 0;
169 + }
170 + while (fgets (buf, 127, f))
171 + {
172 + line++;
173 + if (*buf == '#')
174 + continue;
175 + if (size)
176 + {
177 + /*
178 + struct bpf_insn {
179 + u_short code;
180 + u_char jt;
181 + u_char jf;
182 + bpf_int32 k;
183 + }
184 + */
185 + struct bpf_insn * insn = & p->bf_insns[index];
186 + unsigned code, jt, jf, k;
187 + if (sscanf (buf, "%u %u %u %u", &code, &jt, &jf, &k) != 4)
188 + {
189 + goto err;
190 + }
191 + insn->code = code;
192 + insn->jt = jt;
193 + insn->jf = jf;
194 + insn->k = k;
195 + index++;
196 + }
197 + else
198 + {
199 + if (sscanf (buf, "%u", &size) != 1)
200 + {
201 + goto err;
202 + }
203 + p->bf_len = size;
204 + p->bf_insns = (struct bpf_insn *)
205 + malloc (size * sizeof (struct bpf_insn));
206 + }
207 + }
208 + if (size != index)
209 + {
210 + option_error("error in precompiled active-filter,"
211 + " expected %d expressions, got %dn",
212 + size, index);
213 + ret = 0;
214 + }
215 + fclose(f);
216 + return ret;
217 +
218 +err:
219 + option_error("error in precompiled active-filter"
220 + " expression line %s:%d (wrong size)\n",
221 + fname, line);
222 + fclose (f);
223 + return 0;
224 +}
225 Index: ppp-2.4.3/pppd/pcap_pcc.h
226 ===================================================================
227 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
228 +++ ppp-2.4.3/pppd/pcap_pcc.h 2007-06-04 13:22:14.321678056 +0200
229 @@ -0,0 +1,7 @@
230 +#ifndef PCAP_PCC_H
231 +#define PCAP_PCC_H
232 +
233 +#include <pcap.h>
234 +
235 +int pcap_pre_compiled (char * fname, struct bpf_program *p);
236 +#endif /* PCAP_PCC_H */
This page took 0.049542 seconds and 5 git commands to generate.