• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* ebt_arp
2  *
3  * Authors:
4  * Bart De Schuymer <bdschuym@pandora.be>
5  * Tim Gardner <timg@tpi.com>
6  *
7  * April, 2002
8  */
9 
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13 #include <xtables.h>
14 #include <netinet/ether.h>
15 
16 #include <xtables.h>
17 #include <net/if_arp.h>
18 #include <linux/netfilter_bridge/ebt_arp.h>
19 #include "iptables/nft.h"
20 #include "iptables/nft-bridge.h"
21 
22 /* values must correspond with EBT_ARP_* bit positions */
23 enum {
24 	O_OPCODE = 0,
25 	O_HTYPE,
26 	O_PTYPE,
27 	O_SRC_IP,
28 	O_DST_IP,
29 	O_SRC_MAC,
30 	O_DST_MAC,
31 	O_GRAT,
32 };
33 
34 static const struct xt_option_entry brarp_opts[] = {
35 #define ENTRY(n, i, t) { .name = n, .id = i, .type = t, .flags = XTOPT_INVERT }
36 	ENTRY("arp-opcode",     O_OPCODE,  XTTYPE_STRING),
37 	ENTRY("arp-op",         O_OPCODE,  XTTYPE_STRING),
38 	ENTRY("arp-htype",      O_HTYPE,   XTTYPE_STRING),
39 	ENTRY("arp-ptype",      O_PTYPE,   XTTYPE_STRING),
40 	ENTRY("arp-ip-src",     O_SRC_IP,  XTTYPE_HOSTMASK),
41 	ENTRY("arp-ip-dst",     O_DST_IP,  XTTYPE_HOSTMASK),
42 	ENTRY("arp-mac-src",    O_SRC_MAC, XTTYPE_ETHERMACMASK),
43 	ENTRY("arp-mac-dst",    O_DST_MAC, XTTYPE_ETHERMACMASK),
44 	ENTRY("arp-gratuitous", O_GRAT,    XTTYPE_NONE),
45 #undef ENTRY
46 	XTOPT_TABLEEND
47 };
48 
49 /* a few names */
50 static char *opcodes[] =
51 {
52 	"Request",
53 	"Reply",
54 	"Request_Reverse",
55 	"Reply_Reverse",
56 	"DRARP_Request",
57 	"DRARP_Reply",
58 	"DRARP_Error",
59 	"InARP_Request",
60 	"ARP_NAK",
61 };
62 
brarp_print_help(void)63 static void brarp_print_help(void)
64 {
65 	int i;
66 
67 	printf(
68 "arp options:\n"
69 "[!] --arp-opcode  opcode        : ARP opcode (integer or string)\n"
70 "[!] --arp-htype   type          : ARP hardware type (integer or string)\n"
71 "[!] --arp-ptype   type          : ARP protocol type (hexadecimal or string)\n"
72 "[!] --arp-ip-src  address[/mask]: ARP IP source specification\n"
73 "[!] --arp-ip-dst  address[/mask]: ARP IP target specification\n"
74 "[!] --arp-mac-src address[/mask]: ARP MAC source specification\n"
75 "[!] --arp-mac-dst address[/mask]: ARP MAC target specification\n"
76 "[!] --arp-gratuitous            : ARP gratuitous packet\n"
77 " opcode strings: \n");
78 	for (i = 0; i < ARRAY_SIZE(opcodes); i++)
79 		printf(" %d = %s\n", i + 1, opcodes[i]);
80 	printf(
81 " hardware type string: 1 = Ethernet\n"
82 " protocol type string: see "XT_PATH_ETHERTYPES"\n");
83 }
84 
brarp_parse(struct xt_option_call * cb)85 static void brarp_parse(struct xt_option_call *cb)
86 {
87 	struct ebt_arp_info *arpinfo = cb->data;
88 	struct xt_ethertypeent *ent;
89 	long int i;
90 	char *end;
91 
92 
93 	xtables_option_parse(cb);
94 
95 	arpinfo->bitmask |= 1 << cb->entry->id;
96 	if (cb->invert)
97 		arpinfo->invflags |= 1 << cb->entry->id;
98 
99 	switch (cb->entry->id) {
100 	case O_OPCODE:
101 		i = strtol(cb->arg, &end, 10);
102 		if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
103 			for (i = 0; i < ARRAY_SIZE(opcodes); i++)
104 				if (!strcasecmp(opcodes[i], cb->arg))
105 					break;
106 			if (i == ARRAY_SIZE(opcodes))
107 				xtables_error(PARAMETER_PROBLEM,
108 					      "Problem with specified ARP opcode");
109 			i++;
110 		}
111 		arpinfo->opcode = htons(i);
112 		break;
113 	case O_HTYPE:
114 		i = strtol(cb->arg, &end, 10);
115 		if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
116 			if (!strcasecmp("Ethernet", cb->arg))
117 				i = 1;
118 			else
119 				xtables_error(PARAMETER_PROBLEM,
120 					      "Problem with specified ARP hardware type");
121 		}
122 		arpinfo->htype = htons(i);
123 		break;
124 	case O_PTYPE:
125 		i = strtol(cb->arg, &end, 16);
126 		if (i >= 0 && i < (0x1 << 16) && *end == '\0') {
127 			arpinfo->ptype = htons(i);
128 			break;
129 		}
130 		ent = xtables_getethertypebyname(cb->arg);
131 		if (!ent)
132 			xtables_error(PARAMETER_PROBLEM,
133 				      "Problem with specified ARP protocol type");
134 		arpinfo->ptype = htons(ent->e_ethertype);
135 		break;
136 	case O_SRC_IP:
137 		arpinfo->saddr = cb->val.haddr.ip & cb->val.hmask.ip;
138 		arpinfo->smsk = cb->val.hmask.ip;
139 		break;
140 	case O_DST_IP:
141 		arpinfo->daddr = cb->val.haddr.ip & cb->val.hmask.ip;
142 		arpinfo->dmsk = cb->val.hmask.ip;
143 		break;
144 	case O_SRC_MAC:
145 		memcpy(arpinfo->smaddr, cb->val.ethermac, ETH_ALEN);
146 		memcpy(arpinfo->smmsk, cb->val.ethermacmask, ETH_ALEN);
147 		break;
148 	case O_DST_MAC:
149 		memcpy(arpinfo->dmaddr, cb->val.ethermac, ETH_ALEN);
150 		memcpy(arpinfo->dmmsk, cb->val.ethermacmask, ETH_ALEN);
151 		break;
152 	}
153 }
154 
brarp_print(const void * ip,const struct xt_entry_match * match,int numeric)155 static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
156 {
157 	const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
158 
159 	if (arpinfo->bitmask & EBT_ARP_OPCODE) {
160 		int opcode = ntohs(arpinfo->opcode);
161 
162 		if (arpinfo->invflags & EBT_ARP_OPCODE)
163 			printf("! ");
164 		printf("--arp-op ");
165 		if (opcode > 0 && opcode <= ARRAY_SIZE(opcodes))
166 			printf("%s ", opcodes[opcode - 1]);
167 		else
168 			printf("%d ", opcode);
169 	}
170 	if (arpinfo->bitmask & EBT_ARP_HTYPE) {
171 		if (arpinfo->invflags & EBT_ARP_HTYPE)
172 			printf("! ");
173 		printf("--arp-htype %d ", ntohs(arpinfo->htype));
174 	}
175 	if (arpinfo->bitmask & EBT_ARP_PTYPE) {
176 		if (arpinfo->invflags & EBT_ARP_PTYPE)
177 			printf("! ");
178 		printf("--arp-ptype 0x%x ", ntohs(arpinfo->ptype));
179 	}
180 	if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
181 		if (arpinfo->invflags & EBT_ARP_SRC_IP)
182 			printf("! ");
183 		printf("--arp-ip-src %s%s ",
184 		       xtables_ipaddr_to_numeric((void *)&arpinfo->saddr),
185 		       xtables_ipmask_to_numeric((void *)&arpinfo->smsk));
186 	}
187 	if (arpinfo->bitmask & EBT_ARP_DST_IP) {
188 		if (arpinfo->invflags & EBT_ARP_DST_IP)
189 			printf("! ");
190 		printf("--arp-ip-dst %s%s ",
191 		       xtables_ipaddr_to_numeric((void *)&arpinfo->daddr),
192 		       xtables_ipmask_to_numeric((void *)&arpinfo->dmsk));
193 	}
194 	if (arpinfo->bitmask & EBT_ARP_SRC_MAC) {
195 		if (arpinfo->invflags & EBT_ARP_SRC_MAC)
196 			printf("! ");
197 		printf("--arp-mac-src ");
198 		xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
199 		printf(" ");
200 	}
201 	if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
202 		if (arpinfo->invflags & EBT_ARP_DST_MAC)
203 			printf("! ");
204 		printf("--arp-mac-dst ");
205 		xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
206 		printf(" ");
207 	}
208 	if (arpinfo->bitmask & EBT_ARP_GRAT) {
209 		if (arpinfo->invflags & EBT_ARP_GRAT)
210 			printf("! ");
211 		printf("--arp-gratuitous ");
212 	}
213 }
214 
215 static struct xtables_match brarp_match = {
216 	.name		= "arp",
217 	.version	= XTABLES_VERSION,
218 	.family		= NFPROTO_BRIDGE,
219 	.size		= XT_ALIGN(sizeof(struct ebt_arp_info)),
220 	.userspacesize	= XT_ALIGN(sizeof(struct ebt_arp_info)),
221 	.help		= brarp_print_help,
222 	.x6_parse	= brarp_parse,
223 	.print		= brarp_print,
224 	.x6_options	= brarp_opts,
225 };
226 
_init(void)227 void _init(void)
228 {
229 	xtables_register_match(&brarp_match);
230 }
231