From 6aa7d1c26d0a3b0c909bbf13aa0ef6b179615433 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Wed, 17 Dec 2014 12:06:56 +0100 Subject: extensions: add ebt 802_3 extension This patch adds the first ebtables extension to ebtables-compat. The original 802_3 code is adapted to the xtables environment. I tried to mimic as much as possible the original ebtables code paths. With this patch, ebtables-compat is able to send the 802_3 match to the kernel, but the kernel-to-userspace path is not tested and should be adjusted in follow-up patches. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- extensions/libebt_802_3.c | 160 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 extensions/libebt_802_3.c (limited to 'extensions/libebt_802_3.c') diff --git a/extensions/libebt_802_3.c b/extensions/libebt_802_3.c new file mode 100644 index 00000000..3ca80f77 --- /dev/null +++ b/extensions/libebt_802_3.c @@ -0,0 +1,160 @@ +/* 802_3 + * + * Author: + * Chris Vitale + * + * May 2003 + * + * Adapted by Arturo Borrero Gonzalez + * to use libxtables for ebtables-compat + */ + +#include +#include +#include +#include +#include +#include +#include + +#define _802_3_SAP '1' +#define _802_3_TYPE '2' + +static const struct option br802_3_opts[] = { + { .name = "802_3-sap", .has_arg = true, .val = _802_3_SAP }, + { .name = "802_3-type", .has_arg = true, .val = _802_3_TYPE }, + XT_GETOPT_TABLEEND, +}; + +static void br802_3_print_help(void) +{ + printf( +"802_3 options:\n" +"--802_3-sap [!] protocol : 802.3 DSAP/SSAP- 1 byte value (hex)\n" +" DSAP and SSAP are always the same. One SAP applies to both fields\n" +"--802_3-type [!] protocol : 802.3 SNAP Type- 2 byte value (hex)\n" +" Type implies SAP value 0xaa\n"); +} + +static void br802_3_init(struct xt_entry_match *match) +{ + struct ebt_802_3_info *info = (struct ebt_802_3_info *)match->data; + + info->invflags = 0; + info->bitmask = 0; +} + +/*static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, + unsigned int *flags, struct ebt_entry_match **match)*/ +static int +br802_3_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_match **match) +{ + struct ebt_802_3_info *info = (struct ebt_802_3_info *) (*match)->data; + unsigned int i; + char *end; + + switch (c) { + case _802_3_SAP: + if (invert) + info->invflags |= EBT_802_3_SAP; + i = strtoul(optarg, &end, 16); + if (i > 255 || *end != '\0') + xtables_error(PARAMETER_PROBLEM, + "Problem with specified " + "sap hex value, %x",i); + info->sap = i; /* one byte, so no byte order worries */ + info->bitmask |= EBT_802_3_SAP; + break; + case _802_3_TYPE: + if (invert) + info->invflags |= EBT_802_3_TYPE; + i = strtoul(optarg, &end, 16); + if (i > 65535 || *end != '\0') { + xtables_error(PARAMETER_PROBLEM, + "Problem with the specified " + "type hex value, %x",i); + } + info->type = htons(i); + info->bitmask |= EBT_802_3_TYPE; + break; + default: + return 0; + } + return 1; +} + +static void +br802_3_final_check(unsigned int flags) +{ + /*if (!(entry->bitmask & EBT_802_3)) + ebt_print_error("For 802.3 DSAP/SSAP filtering the protocol " + "must be LENGTH"); + */ + if (!flags) + xtables_error(PARAMETER_PROBLEM, + "You must specify proper arguments"); +} + +/*static void print(const struct ebt_u_entry *entry, + const struct ebt_entry_match *match)*/ +static void br802_3_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + struct ebt_802_3_info *info = (struct ebt_802_3_info *)match->data; + + if (info->bitmask & EBT_802_3_SAP) { + printf("--802_3-sap "); + if (info->invflags & EBT_802_3_SAP) + printf("! "); + printf("0x%.2x ", info->sap); + } + if (info->bitmask & EBT_802_3_TYPE) { + printf("--802_3-type "); + if (info->invflags & EBT_802_3_TYPE) + printf("! "); + printf("0x%.4x ", ntohs(info->type)); + } +} +/* +static int compare(const struct ebt_entry_match *m1, + const struct ebt_entry_match *m2) +{ + struct ebt_802_3_info *info1 = (struct ebt_802_3_info *)m1->data; + struct ebt_802_3_info *info2 = (struct ebt_802_3_info *)m2->data; + + if (info1->bitmask != info2->bitmask) + return 0; + if (info1->invflags != info2->invflags) + return 0; + if (info1->bitmask & EBT_802_3_SAP) { + if (info1->sap != info2->sap) + return 0; + } + if (info1->bitmask & EBT_802_3_TYPE) { + if (info1->type != info2->type) + return 0; + } + return 1; +} +*/ +static struct xtables_match br802_3_match = +{ + .name = "802_3", + .revision = 0, + .version = XTABLES_VERSION, + .family = NFPROTO_BRIDGE, + .size = XT_ALIGN(sizeof(struct ebt_802_3_info)), + .userspacesize = XT_ALIGN(sizeof(struct ebt_802_3_info)), + .init = br802_3_init, + .help = br802_3_print_help, + .parse = br802_3_parse, + .final_check = br802_3_final_check, + .print = br802_3_print, + .extra_opts = br802_3_opts, +}; + +void _init(void) +{ + xtables_register_match(&br802_3_match); +} -- cgit v1.2.3 From 1bad0c75aa5696590d5cc7279ae6a6830f761d16 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Fri, 30 Jan 2015 12:47:16 +0100 Subject: extensions: cleanup commented code in ebtables-compat extensions This code can be cleaned up. No need for validation from userspace, the kernel will reject incorrect options. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- extensions/libebt_802_3.c | 29 ----------------------------- 1 file changed, 29 deletions(-) (limited to 'extensions/libebt_802_3.c') diff --git a/extensions/libebt_802_3.c b/extensions/libebt_802_3.c index 3ca80f77..e19c21d0 100644 --- a/extensions/libebt_802_3.c +++ b/extensions/libebt_802_3.c @@ -44,8 +44,6 @@ static void br802_3_init(struct xt_entry_match *match) info->bitmask = 0; } -/*static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, - unsigned int *flags, struct ebt_entry_match **match)*/ static int br802_3_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) @@ -87,17 +85,11 @@ br802_3_parse(int c, char **argv, int invert, unsigned int *flags, static void br802_3_final_check(unsigned int flags) { - /*if (!(entry->bitmask & EBT_802_3)) - ebt_print_error("For 802.3 DSAP/SSAP filtering the protocol " - "must be LENGTH"); - */ if (!flags) xtables_error(PARAMETER_PROBLEM, "You must specify proper arguments"); } -/*static void print(const struct ebt_u_entry *entry, - const struct ebt_entry_match *match)*/ static void br802_3_print(const void *ip, const struct xt_entry_match *match, int numeric) { @@ -116,28 +108,7 @@ static void br802_3_print(const void *ip, const struct xt_entry_match *match, printf("0x%.4x ", ntohs(info->type)); } } -/* -static int compare(const struct ebt_entry_match *m1, - const struct ebt_entry_match *m2) -{ - struct ebt_802_3_info *info1 = (struct ebt_802_3_info *)m1->data; - struct ebt_802_3_info *info2 = (struct ebt_802_3_info *)m2->data; - if (info1->bitmask != info2->bitmask) - return 0; - if (info1->invflags != info2->invflags) - return 0; - if (info1->bitmask & EBT_802_3_SAP) { - if (info1->sap != info2->sap) - return 0; - } - if (info1->bitmask & EBT_802_3_TYPE) { - if (info1->type != info2->type) - return 0; - } - return 1; -} -*/ static struct xtables_match br802_3_match = { .name = "802_3", -- cgit v1.2.3 From 936e65d472ca9f9bc64bff835d00877a3c6e2d17 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 3 Feb 2015 16:26:39 +0100 Subject: ebtables-compat: call extensions final checks Let's call extensions final checks. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- extensions/libebt_802_3.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'extensions/libebt_802_3.c') diff --git a/extensions/libebt_802_3.c b/extensions/libebt_802_3.c index e19c21d0..3c4a1c3c 100644 --- a/extensions/libebt_802_3.c +++ b/extensions/libebt_802_3.c @@ -79,6 +79,8 @@ br802_3_parse(int c, char **argv, int invert, unsigned int *flags, default: return 0; } + + *flags |= info->bitmask; return 1; } -- cgit v1.2.3