summaryrefslogtreecommitdiffstats
path: root/iptables/nft-arp.c
diff options
context:
space:
mode:
authorGiuseppe Longo <giuseppelng@gmail.com>2013-09-16 10:58:16 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:46 +0100
commit217f021925872dcbce4187408762845ae3f6f182 (patch)
tree0f89a883da3b034494f2dac6bbce964011ce5bdc /iptables/nft-arp.c
parent4c4bcbcd2523da740ed02021e51cb20b14fae153 (diff)
xtables: nft-arp: implements is_same op for ARP family
The following patch implements the is_same operation for ARP family needed for searching arp rule. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-arp.c')
-rw-r--r--iptables/nft-arp.c33
1 files changed, 30 insertions, 3 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 6ec8a455..494d2c2f 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -15,12 +15,13 @@
#include <xtables.h>
#include <net/if_arp.h>
-#include <if_ether.h>
+#include <netinet/if_ether.h>
#include <linux/netfilter_arp/arp_tables.h>
#include <linux/netfilter/nf_tables.h>
#include "nft-shared.h"
+#include "nft.h"
/* a few names */
char *opcodes[] =
@@ -334,7 +335,7 @@ static void nft_arp_parse_payload(struct nft_rule_expr_iter *iter,
}
}
-static void nft_rule_to_arpt_entry(struct nft_rule *r, struct arpt_entry *fw)
+void nft_rule_to_arpt_entry(struct nft_rule *r, struct arpt_entry *fw)
{
struct nft_rule_expr_iter *iter;
struct nft_rule_expr *expr;
@@ -537,9 +538,35 @@ after_devdst:
fputc('\n', stdout);
}
+static bool nft_arp_is_same(const void *data_a,
+ const void *data_b)
+{
+ const struct arpt_entry *a = data_a;
+ const struct arpt_entry *b = data_b;
+
+ if (a->arp.src.s_addr != b->arp.src.s_addr
+ || a->arp.tgt.s_addr != b->arp.tgt.s_addr
+ || a->arp.smsk.s_addr != b->arp.tmsk.s_addr
+ || a->arp.arpro != b->arp.arpro
+ || a->arp.flags != b->arp.flags
+ || a->arp.invflags != b->arp.invflags) {
+ DEBUGP("different src/dst/proto/flags/invflags\n");
+ return false;
+ }
+
+ return is_same_interfaces(a->arp.src_devaddr.addr,
+ a->arp.tgt_devaddr.addr,
+ (unsigned char*)a->arp.src_devaddr.mask,
+ (unsigned char*)a->arp.tgt_devaddr.mask,
+ b->arp.src_devaddr.addr,
+ a->arp.tgt_devaddr.addr,
+ (unsigned char*)b->arp.src_devaddr.mask,
+ (unsigned char*)b->arp.tgt_devaddr.mask);
+}
+
struct nft_family_ops nft_family_ops_arp = {
.add = nft_arp_add,
- .is_same = NULL,
+ .is_same = nft_arp_is_same,
.print_payload = NULL,
.parse_meta = nft_arp_parse_meta,
.parse_payload = nft_arp_parse_payload,