Commit 63ecc7be authored by Bart De Schuymer's avatar Bart De Schuymer Committed by Stephen Hemminger

[BRIDGE]: Add arpreply EBTABLES target.

parent f9205c85
#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
#define __LINUX_BRIDGE_EBT_ARPREPLY_H
struct ebt_arpreply_info
{
unsigned char mac[ETH_ALEN];
int target;
};
#define EBT_ARPREPLY_TARGET "arpreply"
#endif
......@@ -4,29 +4,9 @@
config BRIDGE_NF_EBTABLES
tristate "Bridge: ebtables"
depends on NETFILTER && BRIDGE
config BRIDGE_EBT_T_FILTER
tristate "ebt: filter table support"
depends on BRIDGE_NF_EBTABLES
help
The ebtables filter table is used to define frame filtering rules at
local input, forwarding and local output. See the man page for
ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_T_NAT
tristate "ebt: nat table support"
depends on BRIDGE_NF_EBTABLES
help
The ebtables nat table is used to define rules that alter the MAC
source address (MAC SNAT) or the MAC destination address (MAC DNAT).
See the man page for ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# tables
#
config BRIDGE_EBT_BROUTE
tristate "ebt: broute table support"
depends on BRIDGE_NF_EBTABLES
......@@ -39,26 +19,30 @@ config BRIDGE_EBT_BROUTE
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_LOG
tristate "ebt: log support"
config BRIDGE_EBT_T_FILTER
tristate "ebt: filter table support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the log target, that you can use in any rule in
any ebtables table. It records the frame header to the syslog.
The ebtables filter table is used to define frame filtering rules at
local input, forwarding and local output. See the man page for
ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_IP
tristate "ebt: IP filter support"
config BRIDGE_EBT_T_NAT
tristate "ebt: nat table support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the IP match, which allows basic IP header field
filtering.
The ebtables nat table is used to define rules that alter the MAC
source address (MAC SNAT) or the MAC destination address (MAC DNAT).
See the man page for ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# matches
#
config BRIDGE_EBT_ARP
tristate "ebt: ARP filter support"
depends on BRIDGE_NF_EBTABLES
......@@ -69,12 +53,12 @@ config BRIDGE_EBT_ARP
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_VLAN
tristate "ebt: 802.1Q VLAN filter support"
config BRIDGE_EBT_IP
tristate "ebt: IP filter support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the 802.1Q vlan match, which allows the filtering of
802.1Q vlan fields.
This option adds the IP match, which allows basic IP header field
filtering.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
......@@ -113,12 +97,24 @@ config BRIDGE_EBT_STP
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_SNAT
tristate "ebt: snat target support"
config BRIDGE_EBT_VLAN
tristate "ebt: 802.1Q VLAN filter support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the MAC SNAT target, which allows altering the MAC
source address of frames.
This option adds the 802.1Q vlan match, which allows the filtering of
802.1Q vlan fields.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# targets
#
config BRIDGE_EBT_ARPREPLY
tristate "ebt: arp reply target support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the arp reply target, which allows
automatically sending arp replies to arp requests.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
......@@ -133,6 +129,18 @@ config BRIDGE_EBT_DNAT
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_MARK_T
tristate "ebt: mark target support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the mark target, which allows marking frames by
setting the 'nfmark' value in the frame.
This value is the same as the one used in the iptables mark match and
target.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_REDIRECT
tristate "ebt: redirect target support"
depends on BRIDGE_NF_EBTABLES
......@@ -143,15 +151,24 @@ config BRIDGE_EBT_REDIRECT
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_MARK_T
tristate "ebt: mark target support"
config BRIDGE_EBT_SNAT
tristate "ebt: snat target support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the mark target, which allows marking frames by
setting the 'nfmark' value in the frame.
This value is the same as the one used in the iptables mark match and
target.
This option adds the MAC SNAT target, which allows altering the MAC
source address of frames.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# watchers
#
config BRIDGE_EBT_LOG
tristate "ebt: log support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the log target, that you can use in any rule in
any ebtables table. It records the frame header to the syslog.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
......@@ -3,17 +3,26 @@
#
obj-$(CONFIG_BRIDGE_NF_EBTABLES) += ebtables.o
# tables
obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o
obj-$(CONFIG_BRIDGE_EBT_T_FILTER) += ebtable_filter.o
obj-$(CONFIG_BRIDGE_EBT_T_NAT) += ebtable_nat.o
obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o
obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o
#matches
obj-$(CONFIG_BRIDGE_EBT_ARP) += ebt_arp.o
obj-$(CONFIG_BRIDGE_EBT_VLAN) += ebt_vlan.o
obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o
obj-$(CONFIG_BRIDGE_EBT_MARK) += ebt_mark_m.o
obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_pkttype.o
obj-$(CONFIG_BRIDGE_EBT_STP) += ebt_stp.o
obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o
obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o
obj-$(CONFIG_BRIDGE_EBT_VLAN) += ebt_vlan.o
# targets
obj-$(CONFIG_BRIDGE_EBT_ARPREPLY) += ebt_arpreply.o
obj-$(CONFIG_BRIDGE_EBT_MARK_T) += ebt_mark.o
obj-$(CONFIG_BRIDGE_EBT_DNAT) += ebt_dnat.o
obj-$(CONFIG_BRIDGE_EBT_REDIRECT) += ebt_redirect.o
obj-$(CONFIG_BRIDGE_EBT_MARK_T) += ebt_mark.o
obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o
# watchers
obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o
/*
* ebt_arpreply
*
* Authors:
* Grzegorz Borowiak <grzes@gnu.univ.gda.pl>
* Bart De Schuymer <bdschuym@pandora.be>
*
* August, 2003
*
*/
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_arpreply.h>
#include <linux/if_arp.h>
#include <net/arp.h>
#include <linux/module.h>
static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr,
const struct net_device *in, const struct net_device *out,
const void *data, unsigned int datalen)
{
struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data;
u32 sip, dip;
struct arphdr ah;
unsigned char sha[ETH_ALEN];
struct sk_buff *skb = *pskb;
if (skb_copy_bits(skb, 0, &ah, sizeof(ah)))
return EBT_DROP;
if (ah.ar_op != __constant_htons(ARPOP_REQUEST) || ah.ar_hln != ETH_ALEN
|| ah.ar_pro != __constant_htons(ETH_P_IP) || ah.ar_pln != 4)
return EBT_CONTINUE;
if (skb_copy_bits(skb, sizeof(ah), &sha, ETH_ALEN))
return EBT_DROP;
if (skb_copy_bits(skb, sizeof(ah) + ETH_ALEN, &sip, sizeof(sip)))
return EBT_DROP;
if (skb_copy_bits(skb, sizeof(ah) + 2 * ETH_ALEN + sizeof(sip),
&dip, sizeof(dip)))
return EBT_DROP;
arp_send(ARPOP_REPLY, ETH_P_ARP, sip, (struct net_device *)in,
dip, sha, info->mac, sha);
return info->target;
}
static int ebt_target_reply_check(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data;
if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info)))
return -EINVAL;
if (BASE_CHAIN && info->target == EBT_RETURN)
return -EINVAL;
if (e->ethproto != __constant_htons(ETH_P_ARP) ||
e->invflags & EBT_IPROTO)
return -EINVAL;
CLEAR_BASE_CHAIN_BIT;
if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
return -EINVAL;
return 0;
}
static struct ebt_target reply_target =
{
.name = EBT_ARPREPLY_TARGET,
.target = ebt_target_reply,
.check = ebt_target_reply_check,
.me = THIS_MODULE,
};
static int __init init(void)
{
return ebt_register_target(&reply_target);
}
static void __exit fini(void)
{
ebt_unregister_target(&reply_target);
}
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment