summaryrefslogtreecommitdiffstats
path: root/src/proto.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2019-05-22 22:06:16 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-05-24 21:14:30 +0200
commit4b0f2a712b5792d2842d89fe68d4230e0eb05c7e (patch)
tree954a866715d95529e65f39c3ff90920973186ac1 /src/proto.c
parenteeda228c2d1719f5b6276b40ad14a5b3c3e88536 (diff)
src: support for arp sender and target ethernet and IPv4 addresses
# nft add table arp x # nft add chain arp x y { type filter hook input priority 0\; } # nft add rule arp x y arp saddr ip 192.168.2.1 counter Testing this: # ip neigh flush dev eth0 # ping 8.8.8.8 # nft list ruleset table arp x { chain y { type filter hook input priority filter; policy accept; arp saddr ip 192.168.2.1 counter packets 1 bytes 46 } } You can also specify hardware sender address, eg. # nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/proto.c')
-rw-r--r--src/proto.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/src/proto.c b/src/proto.c
index f68fb684..67e86f20 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -874,23 +874,29 @@ const struct datatype arpop_type = {
};
#define ARPHDR_TYPE(__name, __type, __member) \
- HDR_TYPE(__name, __type, struct arphdr, __member)
+ HDR_TYPE(__name, __type, struct arp_hdr, __member)
#define ARPHDR_FIELD(__name, __member) \
- HDR_FIELD(__name, struct arphdr, __member)
+ HDR_FIELD(__name, struct arp_hdr, __member)
const struct proto_desc proto_arp = {
.name = "arp",
.base = PROTO_BASE_NETWORK_HDR,
.templates = {
- [ARPHDR_HRD] = ARPHDR_FIELD("htype", ar_hrd),
- [ARPHDR_PRO] = ARPHDR_TYPE("ptype", &ethertype_type, ar_pro),
- [ARPHDR_HLN] = ARPHDR_FIELD("hlen", ar_hln),
- [ARPHDR_PLN] = ARPHDR_FIELD("plen", ar_pln),
- [ARPHDR_OP] = ARPHDR_TYPE("operation", &arpop_type, ar_op),
+ [ARPHDR_HRD] = ARPHDR_FIELD("htype", htype),
+ [ARPHDR_PRO] = ARPHDR_TYPE("ptype", &ethertype_type, ptype),
+ [ARPHDR_HLN] = ARPHDR_FIELD("hlen", hlen),
+ [ARPHDR_PLN] = ARPHDR_FIELD("plen", plen),
+ [ARPHDR_OP] = ARPHDR_TYPE("operation", &arpop_type, oper),
+ [ARPHDR_SADDR_ETHER] = ARPHDR_TYPE("saddr ether", &etheraddr_type, sha),
+ [ARPHDR_DADDR_ETHER] = ARPHDR_TYPE("daddr ether", &etheraddr_type, tha),
+ [ARPHDR_SADDR_IP] = ARPHDR_TYPE("saddr ip", &ipaddr_type, spa),
+ [ARPHDR_DADDR_IP] = ARPHDR_TYPE("daddr ip", &ipaddr_type, tpa),
},
.format = {
.filter = (1 << ARPHDR_HRD) | (1 << ARPHDR_PRO) |
- (1 << ARPHDR_HLN) | (1 << ARPHDR_PLN),
+ (1 << ARPHDR_HLN) | (1 << ARPHDR_PLN) |
+ (1 << ARPHDR_SADDR_ETHER) | (1 << ARPHDR_DADDR_ETHER) |
+ (1 << ARPHDR_SADDR_IP) | (1 << ARPHDR_DADDR_IP),
},
};