Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
63ecc7be
Commit
63ecc7be
authored
Aug 23, 2003
by
Bart De Schuymer
Committed by
Stephen Hemminger
Aug 23, 2003
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[BRIDGE]: Add arpreply EBTABLES target.
parent
f9205c85
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
178 additions
and
52 deletions
+178
-52
include/linux/netfilter_bridge/ebt_arpreply.h
include/linux/netfilter_bridge/ebt_arpreply.h
+11
-0
net/bridge/netfilter/Kconfig
net/bridge/netfilter/Kconfig
+63
-46
net/bridge/netfilter/Makefile
net/bridge/netfilter/Makefile
+15
-6
net/bridge/netfilter/ebt_arpreply.c
net/bridge/netfilter/ebt_arpreply.c
+89
-0
No files found.
include/linux/netfilter_bridge/ebt_arpreply.h
0 → 100644
View file @
63ecc7be
#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
#define __LINUX_BRIDGE_EBT_ARPREPLY_H
struct
ebt_arpreply_info
{
unsigned
char
mac
[
ETH_ALEN
];
int
target
;
};
#define EBT_ARPREPLY_TARGET "arpreply"
#endif
net/bridge/netfilter/Kconfig
View file @
63ecc7be
...
...
@@ -4,29 +4,9 @@
config BRIDGE_NF_EBTABLES
tristate "Bridge: ebtables"
depends on NETFILTER && BRIDGE
config BRIDGE_EBT_T_FILTER
tristate "ebt: filter table support"
depends on BRIDGE_NF_EBTABLES
help
The ebtables filter table is used to define frame filtering rules at
local input, forwarding and local output. See the man page for
ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_T_NAT
tristate "ebt: nat table support"
depends on BRIDGE_NF_EBTABLES
help
The ebtables nat table is used to define rules that alter the MAC
source address (MAC SNAT) or the MAC destination address (MAC DNAT).
See the man page for ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# tables
#
config BRIDGE_EBT_BROUTE
tristate "ebt: broute table support"
depends on BRIDGE_NF_EBTABLES
...
...
@@ -39,26 +19,30 @@ config BRIDGE_EBT_BROUTE
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_
LOG
tristate "ebt:
log
support"
config BRIDGE_EBT_
T_FILTER
tristate "ebt:
filter table
support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the log target, that you can use in any rule in
any ebtables table. It records the frame header to the syslog.
The ebtables filter table is used to define frame filtering rules at
local input, forwarding and local output. See the man page for
ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_
IP
tristate "ebt:
IP filter
support"
config BRIDGE_EBT_
T_NAT
tristate "ebt:
nat table
support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the IP match, which allows basic IP header field
filtering.
The ebtables nat table is used to define rules that alter the MAC
source address (MAC SNAT) or the MAC destination address (MAC DNAT).
See the man page for ebtables(8).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# matches
#
config BRIDGE_EBT_ARP
tristate "ebt: ARP filter support"
depends on BRIDGE_NF_EBTABLES
...
...
@@ -69,12 +53,12 @@ config BRIDGE_EBT_ARP
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_
VLAN
tristate "ebt:
802.1Q VLAN
filter support"
config BRIDGE_EBT_
IP
tristate "ebt:
IP
filter support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the
802.1Q vlan match, which allows the filtering of
802.1Q vlan fields
.
This option adds the
IP match, which allows basic IP header field
filtering
.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
...
...
@@ -113,12 +97,24 @@ config BRIDGE_EBT_STP
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_
SNAT
tristate "ebt:
snat target
support"
config BRIDGE_EBT_
VLAN
tristate "ebt:
802.1Q VLAN filter
support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the MAC SNAT target, which allows altering the MAC
source address of frames.
This option adds the 802.1Q vlan match, which allows the filtering of
802.1Q vlan fields.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# targets
#
config BRIDGE_EBT_ARPREPLY
tristate "ebt: arp reply target support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the arp reply target, which allows
automatically sending arp replies to arp requests.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
...
...
@@ -133,6 +129,18 @@ config BRIDGE_EBT_DNAT
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_MARK_T
tristate "ebt: mark target support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the mark target, which allows marking frames by
setting the 'nfmark' value in the frame.
This value is the same as the one used in the iptables mark match and
target.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_REDIRECT
tristate "ebt: redirect target support"
depends on BRIDGE_NF_EBTABLES
...
...
@@ -143,15 +151,24 @@ config BRIDGE_EBT_REDIRECT
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config BRIDGE_EBT_
MARK_
T
tristate "ebt:
mark
target support"
config BRIDGE_EBT_
SNA
T
tristate "ebt:
snat
target support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the mark target, which allows marking frames by
setting the 'nfmark' value in the frame.
This value is the same as the one used in the iptables mark match and
target.
This option adds the MAC SNAT target, which allows altering the MAC
source address of frames.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
#
# watchers
#
config BRIDGE_EBT_LOG
tristate "ebt: log support"
depends on BRIDGE_NF_EBTABLES
help
This option adds the log target, that you can use in any rule in
any ebtables table. It records the frame header to the syslog.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
net/bridge/netfilter/Makefile
View file @
63ecc7be
...
...
@@ -3,17 +3,26 @@
#
obj-$(CONFIG_BRIDGE_NF_EBTABLES)
+=
ebtables.o
# tables
obj-$(CONFIG_BRIDGE_EBT_BROUTE)
+=
ebtable_broute.o
obj-$(CONFIG_BRIDGE_EBT_T_FILTER)
+=
ebtable_filter.o
obj-$(CONFIG_BRIDGE_EBT_T_NAT)
+=
ebtable_nat.o
obj-$(CONFIG_BRIDGE_EBT_BROUTE)
+=
ebtable_broute.o
obj-$(CONFIG_BRIDGE_EBT_IP)
+=
ebt_ip.o
#matches
obj-$(CONFIG_BRIDGE_EBT_ARP)
+=
ebt_arp.o
obj-$(CONFIG_BRIDGE_EBT_
VLAN)
+=
ebt_vlan
.o
obj-$(CONFIG_BRIDGE_EBT_
IP)
+=
ebt_ip
.o
obj-$(CONFIG_BRIDGE_EBT_MARK)
+=
ebt_mark_m.o
obj-$(CONFIG_BRIDGE_EBT_PKTTYPE)
+=
ebt_pkttype.o
obj-$(CONFIG_BRIDGE_EBT_STP)
+=
ebt_stp.o
obj-$(CONFIG_BRIDGE_EBT_LOG)
+=
ebt_log.o
obj-$(CONFIG_BRIDGE_EBT_SNAT)
+=
ebt_snat.o
obj-$(CONFIG_BRIDGE_EBT_VLAN)
+=
ebt_vlan.o
# targets
obj-$(CONFIG_BRIDGE_EBT_ARPREPLY)
+=
ebt_arpreply.o
obj-$(CONFIG_BRIDGE_EBT_MARK_T)
+=
ebt_mark.o
obj-$(CONFIG_BRIDGE_EBT_DNAT)
+=
ebt_dnat.o
obj-$(CONFIG_BRIDGE_EBT_REDIRECT)
+=
ebt_redirect.o
obj-$(CONFIG_BRIDGE_EBT_MARK_T)
+=
ebt_mark.o
obj-$(CONFIG_BRIDGE_EBT_SNAT)
+=
ebt_snat.o
# watchers
obj-$(CONFIG_BRIDGE_EBT_LOG)
+=
ebt_log.o
net/bridge/netfilter/ebt_arpreply.c
0 → 100644
View file @
63ecc7be
/*
* ebt_arpreply
*
* Authors:
* Grzegorz Borowiak <grzes@gnu.univ.gda.pl>
* Bart De Schuymer <bdschuym@pandora.be>
*
* August, 2003
*
*/
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_arpreply.h>
#include <linux/if_arp.h>
#include <net/arp.h>
#include <linux/module.h>
static
int
ebt_target_reply
(
struct
sk_buff
**
pskb
,
unsigned
int
hooknr
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
void
*
data
,
unsigned
int
datalen
)
{
struct
ebt_arpreply_info
*
info
=
(
struct
ebt_arpreply_info
*
)
data
;
u32
sip
,
dip
;
struct
arphdr
ah
;
unsigned
char
sha
[
ETH_ALEN
];
struct
sk_buff
*
skb
=
*
pskb
;
if
(
skb_copy_bits
(
skb
,
0
,
&
ah
,
sizeof
(
ah
)))
return
EBT_DROP
;
if
(
ah
.
ar_op
!=
__constant_htons
(
ARPOP_REQUEST
)
||
ah
.
ar_hln
!=
ETH_ALEN
||
ah
.
ar_pro
!=
__constant_htons
(
ETH_P_IP
)
||
ah
.
ar_pln
!=
4
)
return
EBT_CONTINUE
;
if
(
skb_copy_bits
(
skb
,
sizeof
(
ah
),
&
sha
,
ETH_ALEN
))
return
EBT_DROP
;
if
(
skb_copy_bits
(
skb
,
sizeof
(
ah
)
+
ETH_ALEN
,
&
sip
,
sizeof
(
sip
)))
return
EBT_DROP
;
if
(
skb_copy_bits
(
skb
,
sizeof
(
ah
)
+
2
*
ETH_ALEN
+
sizeof
(
sip
),
&
dip
,
sizeof
(
dip
)))
return
EBT_DROP
;
arp_send
(
ARPOP_REPLY
,
ETH_P_ARP
,
sip
,
(
struct
net_device
*
)
in
,
dip
,
sha
,
info
->
mac
,
sha
);
return
info
->
target
;
}
static
int
ebt_target_reply_check
(
const
char
*
tablename
,
unsigned
int
hookmask
,
const
struct
ebt_entry
*
e
,
void
*
data
,
unsigned
int
datalen
)
{
struct
ebt_arpreply_info
*
info
=
(
struct
ebt_arpreply_info
*
)
data
;
if
(
datalen
!=
EBT_ALIGN
(
sizeof
(
struct
ebt_arpreply_info
)))
return
-
EINVAL
;
if
(
BASE_CHAIN
&&
info
->
target
==
EBT_RETURN
)
return
-
EINVAL
;
if
(
e
->
ethproto
!=
__constant_htons
(
ETH_P_ARP
)
||
e
->
invflags
&
EBT_IPROTO
)
return
-
EINVAL
;
CLEAR_BASE_CHAIN_BIT
;
if
(
strcmp
(
tablename
,
"nat"
)
||
hookmask
&
~
(
1
<<
NF_BR_PRE_ROUTING
))
return
-
EINVAL
;
return
0
;
}
static
struct
ebt_target
reply_target
=
{
.
name
=
EBT_ARPREPLY_TARGET
,
.
target
=
ebt_target_reply
,
.
check
=
ebt_target_reply_check
,
.
me
=
THIS_MODULE
,
};
static
int
__init
init
(
void
)
{
return
ebt_register_target
(
&
reply_target
);
}
static
void
__exit
fini
(
void
)
{
ebt_unregister_target
(
&
reply_target
);
}
module_init
(
init
);
module_exit
(
fini
);
MODULE_LICENSE
(
"GPL"
);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment