1
2
3
4
5
6
7
8
9
10
11#include <linux/module.h>
12#include <linux/netfilter/x_tables.h>
13#include <linux/netfilter_bridge/ebtables.h>
14#include <linux/netfilter_bridge/ebt_802_3.h>
15
16static bool
17ebt_802_3_mt(const struct sk_buff *skb, struct xt_action_param *par)
18{
19 const struct ebt_802_3_info *info = par->matchinfo;
20 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
21 __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type;
22
23 if (info->bitmask & EBT_802_3_SAP) {
24 if (NF_INVF(info, EBT_802_3_SAP, info->sap != hdr->llc.ui.ssap))
25 return false;
26 if (NF_INVF(info, EBT_802_3_SAP, info->sap != hdr->llc.ui.dsap))
27 return false;
28 }
29
30 if (info->bitmask & EBT_802_3_TYPE) {
31 if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE))
32 return false;
33 if (NF_INVF(info, EBT_802_3_TYPE, info->type != type))
34 return false;
35 }
36
37 return true;
38}
39
40static int ebt_802_3_mt_check(const struct xt_mtchk_param *par)
41{
42 const struct ebt_802_3_info *info = par->matchinfo;
43
44 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
45 return -EINVAL;
46
47 return 0;
48}
49
50static struct xt_match ebt_802_3_mt_reg __read_mostly = {
51 .name = "802_3",
52 .revision = 0,
53 .family = NFPROTO_BRIDGE,
54 .match = ebt_802_3_mt,
55 .checkentry = ebt_802_3_mt_check,
56 .matchsize = sizeof(struct ebt_802_3_info),
57 .me = THIS_MODULE,
58};
59
60static int __init ebt_802_3_init(void)
61{
62 return xt_register_match(&ebt_802_3_mt_reg);
63}
64
65static void __exit ebt_802_3_fini(void)
66{
67 xt_unregister_match(&ebt_802_3_mt_reg);
68}
69
70module_init(ebt_802_3_init);
71module_exit(ebt_802_3_fini);
72MODULE_DESCRIPTION("Ebtables: DSAP/SSAP field and SNAP type matching");
73MODULE_LICENSE("GPL");
74
