From a9d694d7194f58fd7024b15a60b31ca9cf115936 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Mon, 12 May 2003 17:11:57 +0000 Subject: Chris Vitale --- .../include/linux/netfilter_bridge/ebt_802_3.h | 46 ++++++++++++++ kernel/linux/net/bridge/netfilter/ebt_802_3.c | 74 ++++++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h create mode 100644 kernel/linux/net/bridge/netfilter/ebt_802_3.c diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h b/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h new file mode 100644 index 0000000..9fcc8ee --- /dev/null +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h @@ -0,0 +1,46 @@ +#ifndef __LINUX_BRIDGE_EBT_802_3_H +#define __LINUX_BRIDGE_EBT_802_3_H + +#define EBT_802_3_SAP 0x01 +#define EBT_802_3_TYPE 0x02 + +#define EBT_802_3_MATCH "802_3" + +#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3) + +/* ui has one byte ctrl, ni has two */ +struct hdr_ui { + uint8_t dsap; + uint8_t ssap; + uint8_t ctrl; + uint8_t orig[3]; + uint16_t type; +}; + +struct hdr_ni { + uint8_t dsap; + uint8_t ssap; + uint16_t ctrl; + uint8_t orig[3]; + uint16_t type; +}; + +struct ebt_802_3_hdr { + uint8_t daddr[6]; + uint8_t saddr[6]; + uint16_t len; + union { + struct hdr_ui ui; + struct hdr_ni ni; + } llc; +}; + +struct ebt_802_3_info +{ + uint8_t sap; + uint16_t type; + uint8_t bitmask; + uint8_t invflags; +}; + +#endif diff --git a/kernel/linux/net/bridge/netfilter/ebt_802_3.c b/kernel/linux/net/bridge/netfilter/ebt_802_3.c new file mode 100644 index 0000000..f4732da --- /dev/null +++ b/kernel/linux/net/bridge/netfilter/ebt_802_3.c @@ -0,0 +1,74 @@ +/* + * 802_3 + * + * Author: + * Chris Vitale csv@bluetail.com + * + * May 2003 + * + */ + +#include +#include +#include + +static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, const void *data, unsigned int datalen) +{ + struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; + struct ebt_802_3_hdr *hdr = (struct ebt_802_3_hdr *)skb->mac.ethernet; + uint16_t type = hdr->llc.ui.ctrl & 0x3 ? hdr->llc.ui.type : hdr->llc.ni.type; + + + if (info->bitmask & EBT_802_3_SAP) { + if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP)) + return EBT_NOMATCH; + if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP)) + return EBT_NOMATCH; + } + + if (info->bitmask & EBT_802_3_TYPE) { + if (!(hdr->llc.ui.dsap == 0xaa && hdr->llc.ui.ssap == 0xaa)) + return EBT_NOMATCH; + if (FWINV(info->type != type, EBT_802_3_TYPE)) + return EBT_NOMATCH; + } + + /* Other matches will go here, when I get around to it */ + + return EBT_MATCH; +} + +static int ebt_802_3_check(const char *tablename, unsigned int hookmask, + const struct ebt_entry *e, void *data, unsigned int datalen) +{ + struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; + + if (datalen < sizeof(struct ebt_802_3_info)) + return -EINVAL; + if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) + return -EINVAL; + + return 0; +} + +static struct ebt_match filter_802_3 = +{ + {NULL, NULL}, EBT_802_3_MATCH, ebt_filter_802_3, ebt_802_3_check, NULL, + THIS_MODULE +}; + +static int __init init(void) +{ + return ebt_register_match(&filter_802_3); +} + +static void __exit fini(void) +{ + ebt_unregister_match(&filter_802_3); +} + +module_init(init); +module_exit(fini); +MODULE_LICENSE("GPL"); + -- cgit v1.2.3