1
2
3
4
5
6
7
8
9
10#include <linux/module.h>
11#include <linux/netfilter/x_tables.h>
12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_802_3.h>
14
15static bool
16ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
17{
18 const struct ebt_802_3_info *info = par->matchinfo;
19 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
20 __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type;
21
22 if (info->bitmask & EBT_802_3_SAP) {
23 if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP))
24 return false;
25 if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP))
26 return false;
27 }
28
29 if (info->bitmask & EBT_802_3_TYPE) {
30 if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE))
31 return false;
32 if (FWINV(info->type != type, EBT_802_3_TYPE))
33 return false;
34 }
35
36 return true;
37}
38
39static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par)
40{
41 const struct ebt_802_3_info *info = par->matchinfo;
42
43 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
44 return false;
45
46 return true;
47}
48
49static struct xt_match ebt_802_3_mt_reg __read_mostly = {
50 .name = "802_3",
51 .revision = 0,
52 .family = NFPROTO_BRIDGE,
53 .match = ebt_802_3_mt,
54 .checkentry = ebt_802_3_mt_check,
55 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
56 .me = THIS_MODULE,
57};
58
59static int __init ebt_802_3_init(void)
60{
61 return xt_register_match(&ebt_802_3_mt_reg);
62}
63
64static void __exit ebt_802_3_fini(void)
65{
66 xt_unregister_match(&ebt_802_3_mt_reg);
67}
68
69module_init(ebt_802_3_init);
70module_exit(ebt_802_3_fini);
71MODULE_DESCRIPTION("Ebtables: DSAP/SSAP field and SNAP type matching");
72MODULE_LICENSE("GPL");
73
