Gitiles
Code Review Sign In
gerrit-public.fairphone.software / external / ebtables / cc02d5675e448c68ac14960a9d225dde8bd695e5 / . / kernel / linux / net / bridge / netfilter / ebt_idnat.c
blob: 75ea05bba5a31d981ca11c8657fff2cd0dbe7721 [file] [log] [blame]
/*
* ebt_idnat
*
* Authors:
* Grzegorz Borowiak <grzes@gnu.univ.gda.pl>
*
* September, 2003
*
*/
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_inat.h>
#include <linux/module.h>
#include <linux/ip.h>
#include <linux/if_arp.h>
#include <linux/types.h>
#include <net/sock.h>
static int get_ip_dst(const struct sk_buff *skb, uint32_t *addr)
{
if (skb->mac.ethernet->h_proto == __constant_htons(ETH_P_IP)) {
*addr = skb->nh.iph->daddr;
return 1;
}
if (skb->mac.ethernet->h_proto == __constant_htons(ETH_P_ARP)) {
uint32_t arp_len = sizeof(struct arphdr) +
(2 * (((*skb).nh.arph)->ar_hln)) +
(2 * (((*skb).nh.arph)->ar_pln));
// Make sure the packet is long enough.
if ((((*skb).nh.raw) + arp_len) > (*skb).tail)
return 0;
// IPv4 addresses are always 4 bytes.
if (((*skb).nh.arph)->ar_pln != sizeof(uint32_t))
return 0;
memcpy(addr, ((*skb).nh.raw) + sizeof(struct arphdr) +
(2*(((*skb).nh.arph)->ar_hln)) +
(((*skb).nh.arph)->ar_pln), sizeof(uint32_t));
return 2;
}
return 0;
}
static int ebt_target_idnat(struct sk_buff **pskb, unsigned int hooknr,
const struct net_device *in, const struct net_device *out,
const void *data, unsigned int datalen)
{
struct ebt_inat_info *info = (struct ebt_inat_info *)data;
uint32_t ip;
int index;
struct ebt_inat_tuple *tuple;
if (!get_ip_dst(*pskb, &ip)) {
/* not an ARP or IPV4 packet */
return info->target;
}
if ((ip & __constant_htonl(0xffffff00)) != info->ip_subnet) {
/* outside our range */
return info->target;
}
index = ((unsigned char*)&ip)[3]; /* the last byte; network packets are big endian */
tuple = &info->a[index];
if (!tuple->enabled) {
/* we do not want to alter packets with this IP */
return info->target;
}
memcpy(((**pskb).mac.ethernet)->h_dest, tuple->mac,
ETH_ALEN * sizeof(unsigned char));
if ((**pskb).mac.ethernet->h_proto == __constant_htons(ETH_P_ARP)) {
/* change the payload */
memcpy(
(**pskb).nh.raw + sizeof(struct arphdr) +
(**pskb).nh.arph->ar_hln +
(**pskb).nh.arph->ar_pln, tuple->mac, ETH_ALEN);
}
return tuple->target;
}
static int ebt_target_idnat_check(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_inat_info *info = (struct ebt_inat_info *)data;
if (BASE_CHAIN && info->target == EBT_RETURN)
return -EINVAL;
CLEAR_BASE_CHAIN_BIT;
if ( (strcmp(tablename, "nat") ||
(hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) &&
(strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
return -EINVAL;
if (datalen != EBT_ALIGN(sizeof(struct ebt_inat_info)))
return -EINVAL;
if (INVALID_TARGET)
return -EINVAL;
return 0;
}
static struct ebt_target idnat =
{
{NULL, NULL}, EBT_IDNAT_TARGET, ebt_target_idnat, ebt_target_idnat_check,
NULL, THIS_MODULE
};
static int __init init(void)
{
return ebt_register_target(&idnat);
}
static void __exit fini(void)
{
ebt_unregister_target(&idnat);
}
module_init(init);
module_exit(fini);
EXPORT_NO_SYMBOLS;
MODULE_LICENSE("GPL");