diff options
author | Florian Westphal <fw@strlen.de> | 2018-10-09 17:21:37 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-11-03 20:35:22 +0100 |
commit | edf2b7c0863133b38ba48dbcaa18a16bdba1a588 (patch) | |
tree | 89552c76bd3026b1f784b897dcdfea293b44942b | |
parent | 2d1372ecfc61de8fea8708f7c54fce02e8218e0d (diff) |
ebtables-nft: add arpreply target
Unfortunately no nft translation available so far.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | extensions/libebt_arpreply.c | 106 | ||||
-rw-r--r-- | extensions/libebt_arpreply.t | 4 | ||||
-rw-r--r-- | iptables/xtables-eb.c | 1 |
3 files changed, 111 insertions, 0 deletions
diff --git a/extensions/libebt_arpreply.c b/extensions/libebt_arpreply.c new file mode 100644 index 00000000..998dece3 --- /dev/null +++ b/extensions/libebt_arpreply.c @@ -0,0 +1,106 @@ +/* ebt_arpreply + * + * Authors: + * Grzegorz Borowiak <grzes@gnu.univ.gda.pl> + * Bart De Schuymer <bdschuym@pandora.be> + * + * August, 2003 + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <getopt.h> +#include <xtables.h> +#include <netinet/ether.h> +#include <linux/netfilter_bridge/ebt_arpreply.h> +#include "iptables/nft.h" +#include "iptables/nft-bridge.h" + +#define OPT_REPLY_MAC 0x01 +#define OPT_REPLY_TARGET 0x02 + +#define REPLY_MAC '1' +#define REPLY_TARGET '2' +static const struct option brarpreply_opts[] = { + { "arpreply-mac" , required_argument, 0, REPLY_MAC }, + { "arpreply-target" , required_argument, 0, REPLY_TARGET }, + XT_GETOPT_TABLEEND, +}; + +static void brarpreply_print_help(void) +{ + printf( + "arpreply target options:\n" + " --arpreply-mac address : source MAC of generated reply\n" + " --arpreply-target target : ACCEPT, DROP, RETURN or CONTINUE\n" + " (standard target is DROP)\n"); +} + +static void brarpreply_init(struct xt_entry_target *target) +{ + struct ebt_arpreply_info *replyinfo = (void *)target->data; + + replyinfo->target = EBT_DROP; +} + +static int +brarpreply_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_target **tg) + +{ + struct ebt_arpreply_info *replyinfo = (void *)(*tg)->data; + struct ether_addr *addr; + + switch (c) { + case REPLY_MAC: + EBT_CHECK_OPTION(flags, OPT_REPLY_MAC); + if (!(addr = ether_aton(optarg))) + xtables_error(PARAMETER_PROBLEM, "Problem with specified --arpreply-mac mac"); + memcpy(replyinfo->mac, addr, ETH_ALEN); + break; + case REPLY_TARGET: + EBT_CHECK_OPTION(flags, OPT_REPLY_TARGET); + if (ebt_fill_target(optarg, (unsigned int *)&replyinfo->target)) + xtables_error(PARAMETER_PROBLEM, "Illegal --arpreply-target target"); + break; + + default: + return 0; + } + return 1; +} + +static void ebt_print_mac(const unsigned char *mac) +{ + printf("%s", ether_ntoa((struct ether_addr *) mac)); +} + +static void brarpreply_print(const void *ip, const struct xt_entry_target *t, int numeric) +{ + struct ebt_arpreply_info *replyinfo = (void *)t->data; + + printf("--arpreply-mac "); + ebt_print_mac(replyinfo->mac); + if (replyinfo->target == EBT_DROP) + return; + printf(" --arpreply-target %s", ebt_target_name(replyinfo->target)); +} + +static struct xtables_target arpreply_target = { + .name = "arpreply", + .version = XTABLES_VERSION, + .family = NFPROTO_BRIDGE, + .init = brarpreply_init, + .size = XT_ALIGN(sizeof(struct ebt_arpreply_info)), + .userspacesize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), + .help = brarpreply_print_help, + .parse = brarpreply_parse, + .print = brarpreply_print, + .extra_opts = brarpreply_opts, +}; + +void _init(void) +{ + xtables_register_target(&arpreply_target); +} diff --git a/extensions/libebt_arpreply.t b/extensions/libebt_arpreply.t new file mode 100644 index 00000000..f7bc85f9 --- /dev/null +++ b/extensions/libebt_arpreply.t @@ -0,0 +1,4 @@ +:PREROUTING +*nat +-p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff --arpreply-target ACCEPT;=;OK +-p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff;=;OK diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index c36c12e6..87189144 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -655,6 +655,7 @@ void ebt_load_match_extensions(void) ebt_load_target("mark"); ebt_load_target("dnat"); ebt_load_target("snat"); + ebt_load_target("arpreply"); ebt_load_target("redirect"); ebt_load_target("standard"); } |