From 4b0f2a712b5792d2842d89fe68d4230e0eb05c7e Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 22 May 2019 22:06:16 +0200
Subject: src: support for arp sender and target ethernet and IPv4 addresses

 # nft add table arp x
 # nft add chain arp x y { type filter hook input priority 0\; }
 # nft add rule arp x y arp saddr ip 192.168.2.1 counter

Testing this:

 # ip neigh flush dev eth0
 # ping 8.8.8.8
 # nft list ruleset
 table arp x {
        chain y {
                type filter hook input priority filter; policy accept;
                arp saddr ip 192.168.2.1 counter packets 1 bytes 46
        }
 }

You can also specify hardware sender address, eg.

 # nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/proto.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include/proto.h')

diff --git a/include/proto.h b/include/proto.h
index 99c57a79..92b25edb 100644
--- a/include/proto.h
+++ b/include/proto.h
@@ -182,6 +182,10 @@ enum arp_hdr_fields {
 	ARPHDR_HLN,
 	ARPHDR_PLN,
 	ARPHDR_OP,
+	ARPHDR_SADDR_ETHER,
+	ARPHDR_DADDR_ETHER,
+	ARPHDR_SADDR_IP,
+	ARPHDR_DADDR_IP,
 };
 
 enum ip_hdr_fields {
-- 
cgit v1.2.3