Gitiles
Code Review Sign In
review.blissroms.org / platform_external_ebtables / 464e7d9b2e853441282addc7484e5eee7d825514 / . / extensions / ebt_arp.c
blob: 7b00b784264e11a30a2be1461a21f4fbbb51b074 [file] [log] [blame]
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1#include <stdio.h>
2#include <string.h>
3#include <stdlib.h>
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]4#include <getopt.h>
5#include "../include/ebtables_u.h"
Bart De Schuymerc1939b12002-11-20 19:41:54 +0000[diff] [blame]6#include "../include/ethernetdb.h"
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]7#include <linux/if_ether.h>
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]8#include <linux/netfilter_bridge/ebt_arp.h>
9
10#define ARP_OPCODE '1'
11#define ARP_HTYPE '2'
12#define ARP_PTYPE '3'
13#define ARP_IP_S '4'
14#define ARP_IP_D '5'
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]15#define ARP_MAC_S '6'
16#define ARP_MAC_D '7'
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]17static struct option opts[] =
18{
19 { "arp-opcode" , required_argument, 0, ARP_OPCODE },
20 { "arp-op" , required_argument, 0, ARP_OPCODE },
21 { "arp-htype" , required_argument, 0, ARP_HTYPE },
22 { "arp-ptype" , required_argument, 0, ARP_PTYPE },
23 { "arp-ip-src" , required_argument, 0, ARP_IP_S },
24 { "arp-ip-dst" , required_argument, 0, ARP_IP_D },
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]25 { "arp-mac-src" , required_argument, 0, ARP_MAC_S },
26 { "arp-mac-dst" , required_argument, 0, ARP_MAC_D },
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]27 { 0 }
28};
29
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]30#define NUMOPCODES 9
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]31/* a few names */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]32static char *opcodes[] =
33{
34 "Request",
35 "Reply",
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]36 "Request_Reverse",
37 "Reply_Reverse",
38 "DRARP_Request",
39 "DRARP_Reply",
40 "DRARP_Error",
41 "InARP_Request",
42 "ARP_NAK",
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]43};
44
45static void print_help()
46{
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]47 int i;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]48
49 printf(
50"arp options:\n"
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]51"--arp-opcode opcode : ARP opcode (integer or string)\n"
52"--arp-htype type : ARP hardware type (integer or string)\n"
53"--arp-ptype type : ARP protocol type (hexadecimal or string)\n"
54"--arp-ip-src [!] address[/mask]: ARP IP source specification\n"
55"--arp-ip-dst [!] address[/mask]: ARP IP target specification\n"
56"--arp-mac-src [!] address[/mask]: ARP MAC source specification\n"
57"--arp-mac-dst [!] address[/mask]: ARP MAC target specification\n"
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]58" opcode strings: \n");
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]59 for (i = 0; i < NUMOPCODES; i++)
Bart De Schuymer1446c292003-05-25 09:47:01 +0000[diff] [blame]60 printf(" %d = %s\n", i + 1, opcodes[i]);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]61 printf(
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]62" hardware type string: 1 = Ethernet\n"
fnm36c3dc652002-11-21 10:49:38 +0000[diff] [blame]63" protocol type string: see "_PATH_ETHERTYPES"\n");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]64}
65
66static void init(struct ebt_entry_match *match)
67{
68 struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
69
70 arpinfo->invflags = 0;
71 arpinfo->bitmask = 0;
72}
73
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]74/* defined in ebt_ip.c */
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]75void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]76
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]77/* defined in ebtables.c */
Bart De Schuymera5dde3b2003-07-23 21:02:23 +0000[diff] [blame]78int get_mac_and_mask(char *from, char *to, char *mask);
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]79
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]80#define OPT_OPCODE 0x01
81#define OPT_HTYPE 0x02
82#define OPT_PTYPE 0x04
83#define OPT_IP_S 0x08
84#define OPT_IP_D 0x10
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]85#define OPT_MAC_S 0x20
86#define OPT_MAC_D 0x40
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]87static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
88 unsigned int *flags, struct ebt_entry_match **match)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]89{
90 struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data;
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]91 long int i;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]92 char *end;
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]93 uint32_t *addr;
94 uint32_t *mask;
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]95 char *maddr;
96 char *mmask;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]97
98 switch (c) {
99 case ARP_OPCODE:
100 check_option(flags, OPT_OPCODE);
101 if (check_inverse(optarg))
102 arpinfo->invflags |= EBT_ARP_OPCODE;
103
104 if (optind > argc)
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]105 print_error("Missing ARP opcode argument");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]106 i = strtol(argv[optind - 1], &end, 10);
107 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]108 for (i = 0; i < NUMOPCODES; i++)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]109 if (!strcasecmp(opcodes[i], optarg))
110 break;
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]111 if (i == NUMOPCODES)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]112 print_error("Problem with specified "
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]113 "ARP opcode");
114 i++;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]115 }
116 arpinfo->opcode = htons(i);
117 arpinfo->bitmask |= EBT_ARP_OPCODE;
118 break;
119
120 case ARP_HTYPE:
121 check_option(flags, OPT_HTYPE);
122 if (check_inverse(optarg))
123 arpinfo->invflags |= EBT_ARP_HTYPE;
124
125 if (optind > argc)
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]126 print_error("Missing ARP hardware type argument");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]127 i = strtol(argv[optind - 1], &end, 10);
128 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
129 if (!strcasecmp("Ethernet", argv[optind - 1]))
130 i = 1;
131 else
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]132 print_error("Problem with specified ARP "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]133 "hardware type");
134 }
135 arpinfo->htype = htons(i);
136 arpinfo->bitmask |= EBT_ARP_HTYPE;
137 break;
138
139 case ARP_PTYPE:
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]140 {
141 uint16_t proto;
142
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]143 check_option(flags, OPT_PTYPE);
144 if (check_inverse(optarg))
145 arpinfo->invflags |= EBT_ARP_PTYPE;
146
147 if (optind > argc)
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]148 print_error("Missing ARP protocol type argument");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]149 i = strtol(argv[optind - 1], &end, 16);
150 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
Bart De Schuymerc1939b12002-11-20 19:41:54 +0000[diff] [blame]151 struct ethertypeent *ent;
152
153 ent = getethertypebyname(argv[optind - 1]);
154 if (!ent)
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]155 print_error("Problem with specified ARP "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]156 "protocol type");
Bart De Schuymerc1939b12002-11-20 19:41:54 +0000[diff] [blame]157 proto = ent->e_ethertype;
158
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]159 } else
160 proto = i;
161 arpinfo->ptype = htons(proto);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]162 arpinfo->bitmask |= EBT_ARP_PTYPE;
163 break;
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]164 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]165
166 case ARP_IP_S:
167 case ARP_IP_D:
168 if (c == ARP_IP_S) {
169 check_option(flags, OPT_IP_S);
170 addr = &arpinfo->saddr;
171 mask = &arpinfo->smsk;
172 arpinfo->bitmask |= EBT_ARP_SRC_IP;
173 } else {
174 check_option(flags, OPT_IP_D);
175 addr = &arpinfo->daddr;
176 mask = &arpinfo->dmsk;
177 arpinfo->bitmask |= EBT_ARP_DST_IP;
178 }
179 if (check_inverse(optarg)) {
180 if (c == ARP_IP_S)
181 arpinfo->invflags |= EBT_ARP_SRC_IP;
182 else
183 arpinfo->invflags |= EBT_ARP_DST_IP;
184 }
185 if (optind > argc)
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]186 print_error("Missing ARP IP address argument");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]187 parse_ip_address(argv[optind - 1], addr, mask);
188 break;
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]189
190 case ARP_MAC_S:
191 case ARP_MAC_D:
192 if (c == ARP_MAC_S) {
193 check_option(flags, OPT_MAC_S);
194 maddr = arpinfo->smaddr;
195 mmask = arpinfo->smmsk;
196 arpinfo->bitmask |= EBT_ARP_SRC_MAC;
197 } else {
198 check_option(flags, OPT_MAC_D);
199 maddr = arpinfo->dmaddr;
200 mmask = arpinfo->dmmsk;
201 arpinfo->bitmask |= EBT_ARP_DST_MAC;
202 }
203 if (check_inverse(optarg)) {
204 if (c == ARP_MAC_S)
205 arpinfo->invflags |= EBT_ARP_SRC_MAC;
206 else
207 arpinfo->invflags |= EBT_ARP_DST_MAC;
208 }
209 if (optind > argc)
210 print_error("Missing ARP MAC address argument");
Bart De Schuymera5dde3b2003-07-23 21:02:23 +0000[diff] [blame]211 if (get_mac_and_mask(argv[optind - 1], maddr, mmask))
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]212 print_error("Problem with ARP MAC address argument");
213 break;
214
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]215 default:
216 return 0;
217 }
218 return 1;
219}
220
221static void final_check(const struct ebt_u_entry *entry,
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]222 const struct ebt_entry_match *match, const char *name,
Bart De Schuymerc9b52932002-08-24 13:26:34 +0000[diff] [blame]223 unsigned int hookmask, unsigned int time)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]224{
Bart De Schuymer40573192002-08-29 16:48:36 +0000[diff] [blame]225 if ((entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP) ||
Bart De Schuymerb2632c52002-08-09 18:57:05 +0000[diff] [blame]226 entry->invflags & EBT_IPROTO)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]227 print_error("For (R)ARP filtering the protocol must be "
228 "specified as ARP or RARP");
229}
230
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]231/* defined in the ebt_ip.c */
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]232char *mask_to_dotted(uint32_t mask);
233
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]234static void print(const struct ebt_u_entry *entry,
235 const struct ebt_entry_match *match)
236{
237 struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
238 int i;
239
240 if (arpinfo->bitmask & EBT_ARP_OPCODE) {
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]241 int opcode = ntohs(arpinfo->opcode);
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]242 printf("--arp-op ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]243 if (arpinfo->invflags & EBT_ARP_OPCODE)
244 printf("! ");
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]245 if (opcode > 0 && opcode <= NUMOPCODES)
246 printf("%s ", opcodes[opcode - 1]);
247 else
248 printf("%d ", opcode);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]249 }
250 if (arpinfo->bitmask & EBT_ARP_HTYPE) {
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]251 printf("--arp-htype ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]252 if (arpinfo->invflags & EBT_ARP_HTYPE)
253 printf("! ");
254 printf("%d ", ntohs(arpinfo->htype));
255 }
256 if (arpinfo->bitmask & EBT_ARP_PTYPE) {
Bart De Schuymerc1939b12002-11-20 19:41:54 +0000[diff] [blame]257 struct ethertypeent *ent;
258
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]259 printf("--arp-ptype ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]260 if (arpinfo->invflags & EBT_ARP_PTYPE)
261 printf("! ");
Bart De Schuymerc1939b12002-11-20 19:41:54 +0000[diff] [blame]262 ent = getethertypebynumber(ntohs(arpinfo->ptype));
263 if (!ent)
Bart De Schuymer9cfd6542002-08-13 16:08:08 +0000[diff] [blame]264 printf("0x%x ", ntohs(arpinfo->ptype));
265 else
Bart De Schuymerc1939b12002-11-20 19:41:54 +0000[diff] [blame]266 printf("%s ", ent->e_name);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]267 }
268 if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]269 printf("--arp-ip-src ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]270 if (arpinfo->invflags & EBT_ARP_SRC_IP)
271 printf("! ");
272 for (i = 0; i < 4; i++)
273 printf("%d%s", ((unsigned char *)&arpinfo->saddr)[i],
274 (i == 3) ? "" : ".");
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]275 printf("%s ", mask_to_dotted(arpinfo->smsk));
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]276 }
277 if (arpinfo->bitmask & EBT_ARP_DST_IP) {
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]278 printf("--arp-ip-dst ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]279 if (arpinfo->invflags & EBT_ARP_DST_IP)
280 printf("! ");
281 for (i = 0; i < 4; i++)
282 printf("%d%s", ((unsigned char *)&arpinfo->daddr)[i],
283 (i == 3) ? "" : ".");
Bart De Schuymer41e8a192002-06-23 08:03:12 +0000[diff] [blame]284 printf("%s ", mask_to_dotted(arpinfo->dmsk));
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]285 }
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]286 if (arpinfo->bitmask & EBT_ARP_SRC_MAC) {
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]287 printf("--arp-mac-src ");
288 if (arpinfo->invflags & EBT_ARP_SRC_MAC)
289 printf("! ");
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]290 print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
Bart De Schuymer1446c292003-05-25 09:47:01 +0000[diff] [blame]291 printf(" ");
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]292 }
293 if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]294 printf("--arp-mac-dst ");
295 if (arpinfo->invflags & EBT_ARP_DST_MAC)
296 printf("! ");
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]297 print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
Bart De Schuymer1446c292003-05-25 09:47:01 +0000[diff] [blame]298 printf(" ");
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]299 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]300}
301
302static int compare(const struct ebt_entry_match *m1,
303 const struct ebt_entry_match *m2)
304{
305 struct ebt_arp_info *arpinfo1 = (struct ebt_arp_info *)m1->data;
306 struct ebt_arp_info *arpinfo2 = (struct ebt_arp_info *)m2->data;
307
308 if (arpinfo1->bitmask != arpinfo2->bitmask)
309 return 0;
310 if (arpinfo1->invflags != arpinfo2->invflags)
311 return 0;
312 if (arpinfo1->bitmask & EBT_ARP_OPCODE) {
313 if (arpinfo1->opcode != arpinfo2->opcode)
314 return 0;
315 }
316 if (arpinfo1->bitmask & EBT_ARP_HTYPE) {
317 if (arpinfo1->htype != arpinfo2->htype)
318 return 0;
319 }
320 if (arpinfo1->bitmask & EBT_ARP_PTYPE) {
321 if (arpinfo1->ptype != arpinfo2->ptype)
322 return 0;
323 }
324 if (arpinfo1->bitmask & EBT_ARP_SRC_IP) {
325 if (arpinfo1->saddr != arpinfo2->saddr)
326 return 0;
327 if (arpinfo1->smsk != arpinfo2->smsk)
328 return 0;
329 }
330 if (arpinfo1->bitmask & EBT_ARP_DST_IP) {
331 if (arpinfo1->daddr != arpinfo2->daddr)
332 return 0;
333 if (arpinfo1->dmsk != arpinfo2->dmsk)
334 return 0;
335 }
Bart De Schuymerf46b2632003-05-01 20:18:00 +0000[diff] [blame]336 if (arpinfo1->bitmask & EBT_ARP_SRC_MAC) {
337 if (arpinfo1->smaddr != arpinfo2->smaddr)
338 return 0;
339 if (arpinfo1->smmsk != arpinfo2->smmsk)
340 return 0;
341 }
342 if (arpinfo1->bitmask & EBT_ARP_DST_MAC) {
343 if (arpinfo1->dmaddr != arpinfo2->dmaddr)
344 return 0;
345 if (arpinfo1->dmmsk != arpinfo2->dmmsk)
346 return 0;
347 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]348 return 1;
349}
350
351static struct ebt_u_match arp_match =
352{
Bart De Schuymer7cf1cca2003-08-30 16:20:19 +0000[diff] [blame]353 .name = EBT_ARP_MATCH,
354 .size = sizeof(struct ebt_arp_info),
355 .help = print_help,
356 .init = init,
357 .parse = parse,
358 .final_check = final_check,
359 .print = print,
360 .compare = compare,
361 .extra_ops = opts,
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]362};
363
364static void _init(void) __attribute__ ((constructor));
365static void _init(void)
366{
367 register_match(&arp_match);
368}