diff options
4 files changed, 32 insertions, 4 deletions
diff --git a/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h b/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h index 9fcc8ee..b3d6c32 100644 --- a/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h +++ b/kernel/linux/include/linux/netfilter_bridge/ebt_802_3.h @@ -6,6 +6,20 @@ #define EBT_802_3_MATCH "802_3" +/* + * If frame has DSAP/SSAP value 0xaa you must check the SNAP type + * to discover what kind of packet we're carrying. + */ +#define CHECK_TYPE 0xaa + +/* + * Control field may be one or two bytes. If the first byte has + * the value 0x03 then the entire length is one byte, otherwise it is two. + * One byte controls are used in Unnumbered Information frames. + * Two byte controls are used in Numbered Information frames. + */ +#define IS_UI 0x03 + #define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3) /* ui has one byte ctrl, ni has two */ diff --git a/kernel/linux/net/bridge/netfilter/ebt_802_3.c b/kernel/linux/net/bridge/netfilter/ebt_802_3.c index 4a54574..638753b 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_802_3.c +++ b/kernel/linux/net/bridge/netfilter/ebt_802_3.c @@ -17,7 +17,7 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device * { struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; struct ebt_802_3_hdr *hdr = (struct ebt_802_3_hdr *)skb->mac.ethernet; - uint16_t type = hdr->llc.ui.ctrl & 0x3 ? hdr->llc.ui.type : hdr->llc.ni.type; + uint16_t type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; if (info->bitmask & EBT_802_3_SAP) { @@ -28,7 +28,7 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device * } if (info->bitmask & EBT_802_3_TYPE) { - if (!(hdr->llc.ui.dsap == 0xaa && hdr->llc.ui.ssap == 0xaa)) + if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE)) return EBT_NOMATCH; if (FWINV(info->type != type, EBT_802_3_TYPE)) return EBT_NOMATCH; diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h index 9fcc8ee..b3d6c32 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_802_3.h @@ -6,6 +6,20 @@ #define EBT_802_3_MATCH "802_3" +/* + * If frame has DSAP/SSAP value 0xaa you must check the SNAP type + * to discover what kind of packet we're carrying. + */ +#define CHECK_TYPE 0xaa + +/* + * Control field may be one or two bytes. If the first byte has + * the value 0x03 then the entire length is one byte, otherwise it is two. + * One byte controls are used in Unnumbered Information frames. + * Two byte controls are used in Numbered Information frames. + */ +#define IS_UI 0x03 + #define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3) /* ui has one byte ctrl, ni has two */ diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_802_3.c b/kernel/linux2.5/net/bridge/netfilter/ebt_802_3.c index 7535f29..7817805 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_802_3.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_802_3.c @@ -17,7 +17,7 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device * { struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; struct ebt_802_3_hdr *hdr = (struct ebt_802_3_hdr *)skb->mac.ethernet; - uint16_t type = hdr->llc.ui.ctrl & 0x3 ? hdr->llc.ui.type : hdr->llc.ni.type; + uint16_t type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; if (info->bitmask & EBT_802_3_SAP) { @@ -28,7 +28,7 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device * } if (info->bitmask & EBT_802_3_TYPE) { - if (!(hdr->llc.ui.dsap == 0xaa && hdr->llc.ui.ssap == 0xaa)) + if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE)) return EBT_NOMATCH; if (FWINV(info->type != type, EBT_802_3_TYPE)) return EBT_NOMATCH; |