summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h46
-rw-r--r--kernel/linux/net/bridge/netfilter/ebt_802_3.c74
2 files changed, 120 insertions, 0 deletions
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h b/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h
new file mode 100644
index 0000000..9fcc8ee
--- /dev/null
+++ b/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h
@@ -0,0 +1,46 @@
+#ifndef __LINUX_BRIDGE_EBT_802_3_H
+#define __LINUX_BRIDGE_EBT_802_3_H
+
+#define EBT_802_3_SAP 0x01
+#define EBT_802_3_TYPE 0x02
+
+#define EBT_802_3_MATCH "802_3"
+
+#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
+
+/* ui has one byte ctrl, ni has two */
+struct hdr_ui {
+ uint8_t dsap;
+ uint8_t ssap;
+ uint8_t ctrl;
+ uint8_t orig[3];
+ uint16_t type;
+};
+
+struct hdr_ni {
+ uint8_t dsap;
+ uint8_t ssap;
+ uint16_t ctrl;
+ uint8_t orig[3];
+ uint16_t type;
+};
+
+struct ebt_802_3_hdr {
+ uint8_t daddr[6];
+ uint8_t saddr[6];
+ uint16_t len;
+ union {
+ struct hdr_ui ui;
+ struct hdr_ni ni;
+ } llc;
+};
+
+struct ebt_802_3_info
+{
+ uint8_t sap;
+ uint16_t type;
+ uint8_t bitmask;
+ uint8_t invflags;
+};
+
+#endif
diff --git a/kernel/linux/net/bridge/netfilter/ebt_802_3.c b/kernel/linux/net/bridge/netfilter/ebt_802_3.c
new file mode 100644
index 0000000..f4732da
--- /dev/null
+++ b/kernel/linux/net/bridge/netfilter/ebt_802_3.c
@@ -0,0 +1,74 @@
+/*
+ * 802_3
+ *
+ * Author:
+ * Chris Vitale csv@bluetail.com
+ *
+ * May 2003
+ *
+ */
+
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_802_3.h>
+#include <linux/module.h>
+
+static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const void *data, unsigned int datalen)
+{
+ struct ebt_802_3_info *info = (struct ebt_802_3_info *)data;
+ struct ebt_802_3_hdr *hdr = (struct ebt_802_3_hdr *)skb->mac.ethernet;
+ uint16_t type = hdr->llc.ui.ctrl & 0x3 ? hdr->llc.ui.type : hdr->llc.ni.type;
+
+
+ if (info->bitmask & EBT_802_3_SAP) {
+ if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP))
+ return EBT_NOMATCH;
+ if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP))
+ return EBT_NOMATCH;
+ }
+
+ if (info->bitmask & EBT_802_3_TYPE) {
+ if (!(hdr->llc.ui.dsap == 0xaa && hdr->llc.ui.ssap == 0xaa))
+ return EBT_NOMATCH;
+ if (FWINV(info->type != type, EBT_802_3_TYPE))
+ return EBT_NOMATCH;
+ }
+
+ /* Other matches will go here, when I get around to it */
+
+ return EBT_MATCH;
+}
+
+static int ebt_802_3_check(const char *tablename, unsigned int hookmask,
+ const struct ebt_entry *e, void *data, unsigned int datalen)
+{
+ struct ebt_802_3_info *info = (struct ebt_802_3_info *)data;
+
+ if (datalen < sizeof(struct ebt_802_3_info))
+ return -EINVAL;
+ if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
+ return -EINVAL;
+
+ return 0;
+}
+
+static struct ebt_match filter_802_3 =
+{
+ {NULL, NULL}, EBT_802_3_MATCH, ebt_filter_802_3, ebt_802_3_check, NULL,
+ THIS_MODULE
+};
+
+static int __init init(void)
+{
+ return ebt_register_match(&filter_802_3);
+}
+
+static void __exit fini(void)
+{
+ ebt_unregister_match(&filter_802_3);
+}
+
+module_init(init);
+module_exit(fini);
+MODULE_LICENSE("GPL");
+