Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 043ef46c7690bfdbd5b012e15812a14a19ca5604 / . / net / bridge / netfilter / ebt_arp.c
blob: a073dffe7a11e1993eeade9d6f65acc87e3960f2 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 * ebt_arp
3 *
4 * Authors:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 * Tim Gardner <timg@tpi.com>
7 *
8 * April, 2002
9 *
10 */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]11#include <linux/if_arp.h>
12#include <linux/if_ether.h>
13#include <linux/module.h>
Jan Engelhardt18219d32008-10-08 11:35:13 +0200[diff] [blame]14#include <linux/netfilter/x_tables.h>
15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_arp.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]17
Jan Engelhardt2d06d4a2008-10-08 11:35:15 +0200[diff] [blame]18static bool
19ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in,
20 const struct net_device *out, const struct xt_match *match,
21 const void *data, int offset, unsigned int protoff, bool *hotdrop)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]22{
Jan Engelhardtabfdf1c2008-01-31 03:59:24 -0800[diff] [blame]23 const struct ebt_arp_info *info = data;
24 const struct arphdr *ah;
25 struct arphdr _arph;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]26
27 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
28 if (ah == NULL)
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]29 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]30 if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode !=
31 ah->ar_op, EBT_ARP_OPCODE))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]32 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]33 if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype !=
34 ah->ar_hrd, EBT_ARP_HTYPE))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]35 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]36 if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype !=
37 ah->ar_pro, EBT_ARP_PTYPE))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]38 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]39
Bart De Schuymere011ff42007-11-05 20:59:47 -0800[diff] [blame]40 if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) {
Jan Engelhardtabfdf1c2008-01-31 03:59:24 -0800[diff] [blame]41 const __be32 *sap, *dap;
42 __be32 saddr, daddr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]43
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]44 if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]45 return false;
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]46 sap = skb_header_pointer(skb, sizeof(struct arphdr) +
47 ah->ar_hln, sizeof(saddr),
48 &saddr);
49 if (sap == NULL)
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]50 return false;
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]51 dap = skb_header_pointer(skb, sizeof(struct arphdr) +
52 2*ah->ar_hln+sizeof(saddr),
53 sizeof(daddr), &daddr);
54 if (dap == NULL)
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]55 return false;
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]56 if (info->bitmask & EBT_ARP_SRC_IP &&
57 FWINV(info->saddr != (*sap & info->smsk), EBT_ARP_SRC_IP))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]58 return false;
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]59 if (info->bitmask & EBT_ARP_DST_IP &&
60 FWINV(info->daddr != (*dap & info->dmsk), EBT_ARP_DST_IP))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]61 return false;
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]62 if (info->bitmask & EBT_ARP_GRAT &&
63 FWINV(*dap != *sap, EBT_ARP_GRAT))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]64 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]65 }
66
67 if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) {
Jan Engelhardtabfdf1c2008-01-31 03:59:24 -0800[diff] [blame]68 const unsigned char *mp;
69 unsigned char _mac[ETH_ALEN];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]70 uint8_t verdict, i;
71
Bart De Schuymerc15bf6e2007-04-12 22:15:06 -0700[diff] [blame]72 if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]73 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]74 if (info->bitmask & EBT_ARP_SRC_MAC) {
75 mp = skb_header_pointer(skb, sizeof(struct arphdr),
76 sizeof(_mac), &_mac);
77 if (mp == NULL)
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]78 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]79 verdict = 0;
80 for (i = 0; i < 6; i++)
81 verdict |= (mp[i] ^ info->smaddr[i]) &
82 info->smmsk[i];
83 if (FWINV(verdict != 0, EBT_ARP_SRC_MAC))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]84 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]85 }
86
87 if (info->bitmask & EBT_ARP_DST_MAC) {
88 mp = skb_header_pointer(skb, sizeof(struct arphdr) +
89 ah->ar_hln + ah->ar_pln,
90 sizeof(_mac), &_mac);
91 if (mp == NULL)
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]92 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]93 verdict = 0;
94 for (i = 0; i < 6; i++)
95 verdict |= (mp[i] ^ info->dmaddr[i]) &
96 info->dmmsk[i];
97 if (FWINV(verdict != 0, EBT_ARP_DST_MAC))
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]98 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]99 }
100 }
101
Jan Engelhardt8cc784e2008-10-08 11:35:13 +0200[diff] [blame]102 return true;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]103}
104
Jan Engelhardt2d06d4a2008-10-08 11:35:15 +0200[diff] [blame]105static bool
106ebt_arp_mt_check(const char *table, const void *entry,
107 const struct xt_match *match, void *data,
108 unsigned int hook_mask)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]109{
Jan Engelhardtabfdf1c2008-01-31 03:59:24 -0800[diff] [blame]110 const struct ebt_arp_info *info = data;
Jan Engelhardt2d06d4a2008-10-08 11:35:15 +0200[diff] [blame]111 const struct ebt_entry *e = entry;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]112
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]113 if ((e->ethproto != htons(ETH_P_ARP) &&
114 e->ethproto != htons(ETH_P_RARP)) ||
115 e->invflags & EBT_IPROTO)
Jan Engelhardt19eda872008-10-08 11:35:13 +0200[diff] [blame]116 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]117 if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK)
Jan Engelhardt19eda872008-10-08 11:35:13 +0200[diff] [blame]118 return false;
119 return true;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]120}
121
Jan Engelhardt043ef462008-10-08 11:35:15 +0200[diff] [blame^]122static struct xt_match ebt_arp_mt_reg __read_mostly = {
123 .name = "arp",
Jan Engelhardt001a18d2008-10-08 11:35:14 +0200[diff] [blame]124 .revision = 0,
125 .family = NFPROTO_BRIDGE,
Jan Engelhardt2d06d4a2008-10-08 11:35:15 +0200[diff] [blame]126 .match = ebt_arp_mt,
127 .checkentry = ebt_arp_mt_check,
Jan Engelhardt18219d32008-10-08 11:35:13 +0200[diff] [blame]128 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]129 .me = THIS_MODULE,
130};
131
Andrew Morton65b4b4e2006-03-28 16:37:06 -0800[diff] [blame]132static int __init ebt_arp_init(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]133{
Jan Engelhardt043ef462008-10-08 11:35:15 +0200[diff] [blame^]134 return xt_register_match(&ebt_arp_mt_reg);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]135}
136
Andrew Morton65b4b4e2006-03-28 16:37:06 -0800[diff] [blame]137static void __exit ebt_arp_fini(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]138{
Jan Engelhardt043ef462008-10-08 11:35:15 +0200[diff] [blame^]139 xt_unregister_match(&ebt_arp_mt_reg);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]140}
141
Andrew Morton65b4b4e2006-03-28 16:37:06 -0800[diff] [blame]142module_init(ebt_arp_init);
143module_exit(ebt_arp_fini);
Jan Engelhardtf776c4c2008-01-31 04:00:30 -0800[diff] [blame]144MODULE_DESCRIPTION("Ebtables: ARP protocol packet match");
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]145MODULE_LICENSE("GPL");