diff options
Diffstat (limited to 'kernel/linux/net/bridge/netfilter/ebt_arp.c')
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_arp.c | 71 |
1 files changed, 33 insertions, 38 deletions
diff --git a/kernel/linux/net/bridge/netfilter/ebt_arp.c b/kernel/linux/net/bridge/netfilter/ebt_arp.c index 8900a0c..ba2a2ac 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_arp.c +++ b/kernel/linux/net/bridge/netfilter/ebt_arp.c @@ -14,73 +14,68 @@ #include <linux/if_arp.h> #include <linux/module.h> -#define FWINV2(bool,invflg) ((bool) ^ !!(infostuff->invflags & invflg)) -static int ebt_filter_arp(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const void *data, - unsigned int datalen, const struct ebt_counter *c) +static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_arp_info *infostuff = (struct ebt_arp_info *)data; + struct ebt_arp_info *info = (struct ebt_arp_info *)data; - if (infostuff->bitmask & EBT_ARP_OPCODE && FWINV2(infostuff->opcode != + if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode != ((*skb).nh.arph)->ar_op, EBT_ARP_OPCODE)) - return 1; - if (infostuff->bitmask & EBT_ARP_HTYPE && FWINV2(infostuff->htype != + return EBT_NOMATCH; + if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype != ((*skb).nh.arph)->ar_hrd, EBT_ARP_HTYPE)) - return 1; - if (infostuff->bitmask & EBT_ARP_PTYPE && FWINV2(infostuff->ptype != + return EBT_NOMATCH; + if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype != ((*skb).nh.arph)->ar_pro, EBT_ARP_PTYPE)) - return 1; + return EBT_NOMATCH; - if (infostuff->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP)) + if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP)) { - __u32 arp_len = sizeof(struct arphdr) + - (2*(((*skb).nh.arph)->ar_hln)) + - (2*(((*skb).nh.arph)->ar_pln)); - __u32 dst; - __u32 src; + uint32_t arp_len = sizeof(struct arphdr) + + (2 * (((*skb).nh.arph)->ar_hln)) + + (2 * (((*skb).nh.arph)->ar_pln)); + uint32_t dst; + uint32_t src; - // Make sure the packet is long enough. + // Make sure the packet is long enough. if ((((*skb).nh.raw) + arp_len) > (*skb).tail) - return 1; - // IPV4 addresses are always 4 bytes. - if (((*skb).nh.arph)->ar_pln != sizeof(__u32)) - return 1; + return EBT_NOMATCH; + // IPv4 addresses are always 4 bytes. + if (((*skb).nh.arph)->ar_pln != sizeof(uint32_t)) + return EBT_NOMATCH; - if (infostuff->bitmask & EBT_ARP_SRC_IP) { + if (info->bitmask & EBT_ARP_SRC_IP) { memcpy(&src, ((*skb).nh.raw) + sizeof(struct arphdr) + - ((*skb).nh.arph)->ar_hln, sizeof(__u32)); - if (FWINV2(infostuff->saddr != (src & infostuff->smsk), + ((*skb).nh.arph)->ar_hln, sizeof(uint32_t)); + if (FWINV(info->saddr != (src & info->smsk), EBT_ARP_SRC_IP)) - return 1; + return EBT_NOMATCH; } - if (infostuff->bitmask & EBT_ARP_DST_IP) { + if (info->bitmask & EBT_ARP_DST_IP) { memcpy(&dst, ((*skb).nh.raw)+sizeof(struct arphdr) + (2*(((*skb).nh.arph)->ar_hln)) + - (((*skb).nh.arph)->ar_pln), sizeof(__u32)); - if (FWINV2(infostuff->daddr != (dst & infostuff->dmsk), + (((*skb).nh.arph)->ar_pln), sizeof(uint32_t)); + if (FWINV(info->daddr != (dst & info->dmsk), EBT_ARP_DST_IP)) - return 1; + return EBT_NOMATCH; } } - return 0; + return EBT_MATCH; } static int ebt_arp_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_arp_info *infostuff = (struct ebt_arp_info *) data; + struct ebt_arp_info *info = (struct ebt_arp_info *)data; if (datalen != sizeof(struct ebt_arp_info)) return -EINVAL; - if (e->bitmask & (EBT_NOPROTO | EBT_802_3) || - (e->ethproto != __constant_htons(ETH_P_ARP) && - e->ethproto != __constant_htons(ETH_P_RARP)) || + if ((e->ethproto != __constant_htons(ETH_P_ARP) && + e->ethproto != __constant_htons(ETH_P_RARP)) || e->invflags & EBT_IPROTO) return -EINVAL; - if (infostuff->bitmask & ~EBT_ARP_MASK) + if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) return -EINVAL; return 0; } |