1*a71a9546SAutomerger Merge Worker /* ebt_arp
2*a71a9546SAutomerger Merge Worker *
3*a71a9546SAutomerger Merge Worker * Authors:
4*a71a9546SAutomerger Merge Worker * Bart De Schuymer <[email protected]>
5*a71a9546SAutomerger Merge Worker * Tim Gardner <[email protected]>
6*a71a9546SAutomerger Merge Worker *
7*a71a9546SAutomerger Merge Worker * April, 2002
8*a71a9546SAutomerger Merge Worker */
9*a71a9546SAutomerger Merge Worker
10*a71a9546SAutomerger Merge Worker #include <stdio.h>
11*a71a9546SAutomerger Merge Worker #include <string.h>
12*a71a9546SAutomerger Merge Worker #include <stdlib.h>
13*a71a9546SAutomerger Merge Worker #include <getopt.h>
14*a71a9546SAutomerger Merge Worker #include <xtables.h>
15*a71a9546SAutomerger Merge Worker #include <netinet/ether.h>
16*a71a9546SAutomerger Merge Worker
17*a71a9546SAutomerger Merge Worker #include <xtables.h>
18*a71a9546SAutomerger Merge Worker #include <net/if_arp.h>
19*a71a9546SAutomerger Merge Worker #include <linux/netfilter_bridge/ebt_arp.h>
20*a71a9546SAutomerger Merge Worker #include "iptables/nft.h"
21*a71a9546SAutomerger Merge Worker #include "iptables/nft-bridge.h"
22*a71a9546SAutomerger Merge Worker
23*a71a9546SAutomerger Merge Worker #define ARP_OPCODE '1'
24*a71a9546SAutomerger Merge Worker #define ARP_HTYPE '2'
25*a71a9546SAutomerger Merge Worker #define ARP_PTYPE '3'
26*a71a9546SAutomerger Merge Worker #define ARP_IP_S '4'
27*a71a9546SAutomerger Merge Worker #define ARP_IP_D '5'
28*a71a9546SAutomerger Merge Worker #define ARP_MAC_S '6'
29*a71a9546SAutomerger Merge Worker #define ARP_MAC_D '7'
30*a71a9546SAutomerger Merge Worker #define ARP_GRAT '8'
31*a71a9546SAutomerger Merge Worker
32*a71a9546SAutomerger Merge Worker static const struct option brarp_opts[] = {
33*a71a9546SAutomerger Merge Worker { "arp-opcode" , required_argument, 0, ARP_OPCODE },
34*a71a9546SAutomerger Merge Worker { "arp-op" , required_argument, 0, ARP_OPCODE },
35*a71a9546SAutomerger Merge Worker { "arp-htype" , required_argument, 0, ARP_HTYPE },
36*a71a9546SAutomerger Merge Worker { "arp-ptype" , required_argument, 0, ARP_PTYPE },
37*a71a9546SAutomerger Merge Worker { "arp-ip-src" , required_argument, 0, ARP_IP_S },
38*a71a9546SAutomerger Merge Worker { "arp-ip-dst" , required_argument, 0, ARP_IP_D },
39*a71a9546SAutomerger Merge Worker { "arp-mac-src" , required_argument, 0, ARP_MAC_S },
40*a71a9546SAutomerger Merge Worker { "arp-mac-dst" , required_argument, 0, ARP_MAC_D },
41*a71a9546SAutomerger Merge Worker { "arp-gratuitous", no_argument, 0, ARP_GRAT },
42*a71a9546SAutomerger Merge Worker XT_GETOPT_TABLEEND,
43*a71a9546SAutomerger Merge Worker };
44*a71a9546SAutomerger Merge Worker
45*a71a9546SAutomerger Merge Worker /* a few names */
46*a71a9546SAutomerger Merge Worker static char *opcodes[] =
47*a71a9546SAutomerger Merge Worker {
48*a71a9546SAutomerger Merge Worker "Request",
49*a71a9546SAutomerger Merge Worker "Reply",
50*a71a9546SAutomerger Merge Worker "Request_Reverse",
51*a71a9546SAutomerger Merge Worker "Reply_Reverse",
52*a71a9546SAutomerger Merge Worker "DRARP_Request",
53*a71a9546SAutomerger Merge Worker "DRARP_Reply",
54*a71a9546SAutomerger Merge Worker "DRARP_Error",
55*a71a9546SAutomerger Merge Worker "InARP_Request",
56*a71a9546SAutomerger Merge Worker "ARP_NAK",
57*a71a9546SAutomerger Merge Worker };
58*a71a9546SAutomerger Merge Worker
brarp_print_help(void)59*a71a9546SAutomerger Merge Worker static void brarp_print_help(void)
60*a71a9546SAutomerger Merge Worker {
61*a71a9546SAutomerger Merge Worker int i;
62*a71a9546SAutomerger Merge Worker
63*a71a9546SAutomerger Merge Worker printf(
64*a71a9546SAutomerger Merge Worker "arp options:\n"
65*a71a9546SAutomerger Merge Worker "--arp-opcode [!] opcode : ARP opcode (integer or string)\n"
66*a71a9546SAutomerger Merge Worker "--arp-htype [!] type : ARP hardware type (integer or string)\n"
67*a71a9546SAutomerger Merge Worker "--arp-ptype [!] type : ARP protocol type (hexadecimal or string)\n"
68*a71a9546SAutomerger Merge Worker "--arp-ip-src [!] address[/mask]: ARP IP source specification\n"
69*a71a9546SAutomerger Merge Worker "--arp-ip-dst [!] address[/mask]: ARP IP target specification\n"
70*a71a9546SAutomerger Merge Worker "--arp-mac-src [!] address[/mask]: ARP MAC source specification\n"
71*a71a9546SAutomerger Merge Worker "--arp-mac-dst [!] address[/mask]: ARP MAC target specification\n"
72*a71a9546SAutomerger Merge Worker "[!] --arp-gratuitous : ARP gratuitous packet\n"
73*a71a9546SAutomerger Merge Worker " opcode strings: \n");
74*a71a9546SAutomerger Merge Worker for (i = 0; i < ARRAY_SIZE(opcodes); i++)
75*a71a9546SAutomerger Merge Worker printf(" %d = %s\n", i + 1, opcodes[i]);
76*a71a9546SAutomerger Merge Worker printf(
77*a71a9546SAutomerger Merge Worker " hardware type string: 1 = Ethernet\n"
78*a71a9546SAutomerger Merge Worker " protocol type string: see "XT_PATH_ETHERTYPES"\n");
79*a71a9546SAutomerger Merge Worker }
80*a71a9546SAutomerger Merge Worker
81*a71a9546SAutomerger Merge Worker #define OPT_OPCODE 0x01
82*a71a9546SAutomerger Merge Worker #define OPT_HTYPE 0x02
83*a71a9546SAutomerger Merge Worker #define OPT_PTYPE 0x04
84*a71a9546SAutomerger Merge Worker #define OPT_IP_S 0x08
85*a71a9546SAutomerger Merge Worker #define OPT_IP_D 0x10
86*a71a9546SAutomerger Merge Worker #define OPT_MAC_S 0x20
87*a71a9546SAutomerger Merge Worker #define OPT_MAC_D 0x40
88*a71a9546SAutomerger Merge Worker #define OPT_GRAT 0x80
89*a71a9546SAutomerger Merge Worker
90*a71a9546SAutomerger Merge Worker static int
brarp_parse(int c,char ** argv,int invert,unsigned int * flags,const void * entry,struct xt_entry_match ** match)91*a71a9546SAutomerger Merge Worker brarp_parse(int c, char **argv, int invert, unsigned int *flags,
92*a71a9546SAutomerger Merge Worker const void *entry, struct xt_entry_match **match)
93*a71a9546SAutomerger Merge Worker {
94*a71a9546SAutomerger Merge Worker struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data;
95*a71a9546SAutomerger Merge Worker struct in_addr *ipaddr, ipmask;
96*a71a9546SAutomerger Merge Worker long int i;
97*a71a9546SAutomerger Merge Worker char *end;
98*a71a9546SAutomerger Merge Worker unsigned char *maddr;
99*a71a9546SAutomerger Merge Worker unsigned char *mmask;
100*a71a9546SAutomerger Merge Worker unsigned int ipnr;
101*a71a9546SAutomerger Merge Worker
102*a71a9546SAutomerger Merge Worker switch (c) {
103*a71a9546SAutomerger Merge Worker case ARP_OPCODE:
104*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_OPCODE);
105*a71a9546SAutomerger Merge Worker if (invert)
106*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_OPCODE;
107*a71a9546SAutomerger Merge Worker i = strtol(optarg, &end, 10);
108*a71a9546SAutomerger Merge Worker if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
109*a71a9546SAutomerger Merge Worker for (i = 0; i < ARRAY_SIZE(opcodes); i++)
110*a71a9546SAutomerger Merge Worker if (!strcasecmp(opcodes[i], optarg))
111*a71a9546SAutomerger Merge Worker break;
112*a71a9546SAutomerger Merge Worker if (i == ARRAY_SIZE(opcodes))
113*a71a9546SAutomerger Merge Worker xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP opcode");
114*a71a9546SAutomerger Merge Worker i++;
115*a71a9546SAutomerger Merge Worker }
116*a71a9546SAutomerger Merge Worker arpinfo->opcode = htons(i);
117*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_OPCODE;
118*a71a9546SAutomerger Merge Worker break;
119*a71a9546SAutomerger Merge Worker
120*a71a9546SAutomerger Merge Worker case ARP_HTYPE:
121*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_HTYPE);
122*a71a9546SAutomerger Merge Worker if (invert)
123*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_HTYPE;
124*a71a9546SAutomerger Merge Worker i = strtol(optarg, &end, 10);
125*a71a9546SAutomerger Merge Worker if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
126*a71a9546SAutomerger Merge Worker if (!strcasecmp("Ethernet", argv[optind - 1]))
127*a71a9546SAutomerger Merge Worker i = 1;
128*a71a9546SAutomerger Merge Worker else
129*a71a9546SAutomerger Merge Worker xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP hardware type");
130*a71a9546SAutomerger Merge Worker }
131*a71a9546SAutomerger Merge Worker arpinfo->htype = htons(i);
132*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_HTYPE;
133*a71a9546SAutomerger Merge Worker break;
134*a71a9546SAutomerger Merge Worker case ARP_PTYPE: {
135*a71a9546SAutomerger Merge Worker uint16_t proto;
136*a71a9546SAutomerger Merge Worker
137*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_PTYPE);
138*a71a9546SAutomerger Merge Worker if (invert)
139*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_PTYPE;
140*a71a9546SAutomerger Merge Worker
141*a71a9546SAutomerger Merge Worker i = strtol(optarg, &end, 16);
142*a71a9546SAutomerger Merge Worker if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
143*a71a9546SAutomerger Merge Worker struct xt_ethertypeent *ent;
144*a71a9546SAutomerger Merge Worker
145*a71a9546SAutomerger Merge Worker ent = xtables_getethertypebyname(argv[optind - 1]);
146*a71a9546SAutomerger Merge Worker if (!ent)
147*a71a9546SAutomerger Merge Worker xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP "
148*a71a9546SAutomerger Merge Worker "protocol type");
149*a71a9546SAutomerger Merge Worker proto = ent->e_ethertype;
150*a71a9546SAutomerger Merge Worker
151*a71a9546SAutomerger Merge Worker } else
152*a71a9546SAutomerger Merge Worker proto = i;
153*a71a9546SAutomerger Merge Worker arpinfo->ptype = htons(proto);
154*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_PTYPE;
155*a71a9546SAutomerger Merge Worker break;
156*a71a9546SAutomerger Merge Worker }
157*a71a9546SAutomerger Merge Worker
158*a71a9546SAutomerger Merge Worker case ARP_IP_S:
159*a71a9546SAutomerger Merge Worker case ARP_IP_D:
160*a71a9546SAutomerger Merge Worker xtables_ipparse_any(optarg, &ipaddr, &ipmask, &ipnr);
161*a71a9546SAutomerger Merge Worker if (c == ARP_IP_S) {
162*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_IP_S);
163*a71a9546SAutomerger Merge Worker arpinfo->saddr = ipaddr->s_addr;
164*a71a9546SAutomerger Merge Worker arpinfo->smsk = ipmask.s_addr;
165*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_SRC_IP;
166*a71a9546SAutomerger Merge Worker } else {
167*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_IP_D);
168*a71a9546SAutomerger Merge Worker arpinfo->daddr = ipaddr->s_addr;
169*a71a9546SAutomerger Merge Worker arpinfo->dmsk = ipmask.s_addr;
170*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_DST_IP;
171*a71a9546SAutomerger Merge Worker }
172*a71a9546SAutomerger Merge Worker free(ipaddr);
173*a71a9546SAutomerger Merge Worker if (invert) {
174*a71a9546SAutomerger Merge Worker if (c == ARP_IP_S)
175*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_SRC_IP;
176*a71a9546SAutomerger Merge Worker else
177*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_DST_IP;
178*a71a9546SAutomerger Merge Worker }
179*a71a9546SAutomerger Merge Worker break;
180*a71a9546SAutomerger Merge Worker case ARP_MAC_S:
181*a71a9546SAutomerger Merge Worker case ARP_MAC_D:
182*a71a9546SAutomerger Merge Worker if (c == ARP_MAC_S) {
183*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_MAC_S);
184*a71a9546SAutomerger Merge Worker maddr = arpinfo->smaddr;
185*a71a9546SAutomerger Merge Worker mmask = arpinfo->smmsk;
186*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_SRC_MAC;
187*a71a9546SAutomerger Merge Worker } else {
188*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_MAC_D);
189*a71a9546SAutomerger Merge Worker maddr = arpinfo->dmaddr;
190*a71a9546SAutomerger Merge Worker mmask = arpinfo->dmmsk;
191*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_DST_MAC;
192*a71a9546SAutomerger Merge Worker }
193*a71a9546SAutomerger Merge Worker if (invert) {
194*a71a9546SAutomerger Merge Worker if (c == ARP_MAC_S)
195*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_SRC_MAC;
196*a71a9546SAutomerger Merge Worker else
197*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_DST_MAC;
198*a71a9546SAutomerger Merge Worker }
199*a71a9546SAutomerger Merge Worker if (xtables_parse_mac_and_mask(optarg, maddr, mmask))
200*a71a9546SAutomerger Merge Worker xtables_error(PARAMETER_PROBLEM, "Problem with ARP MAC address argument");
201*a71a9546SAutomerger Merge Worker break;
202*a71a9546SAutomerger Merge Worker case ARP_GRAT:
203*a71a9546SAutomerger Merge Worker EBT_CHECK_OPTION(flags, OPT_GRAT);
204*a71a9546SAutomerger Merge Worker arpinfo->bitmask |= EBT_ARP_GRAT;
205*a71a9546SAutomerger Merge Worker if (invert)
206*a71a9546SAutomerger Merge Worker arpinfo->invflags |= EBT_ARP_GRAT;
207*a71a9546SAutomerger Merge Worker break;
208*a71a9546SAutomerger Merge Worker default:
209*a71a9546SAutomerger Merge Worker return 0;
210*a71a9546SAutomerger Merge Worker }
211*a71a9546SAutomerger Merge Worker return 1;
212*a71a9546SAutomerger Merge Worker }
213*a71a9546SAutomerger Merge Worker
brarp_print(const void * ip,const struct xt_entry_match * match,int numeric)214*a71a9546SAutomerger Merge Worker static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
215*a71a9546SAutomerger Merge Worker {
216*a71a9546SAutomerger Merge Worker const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
217*a71a9546SAutomerger Merge Worker
218*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_OPCODE) {
219*a71a9546SAutomerger Merge Worker int opcode = ntohs(arpinfo->opcode);
220*a71a9546SAutomerger Merge Worker printf("--arp-op ");
221*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_OPCODE)
222*a71a9546SAutomerger Merge Worker printf("! ");
223*a71a9546SAutomerger Merge Worker if (opcode > 0 && opcode <= ARRAY_SIZE(opcodes))
224*a71a9546SAutomerger Merge Worker printf("%s ", opcodes[opcode - 1]);
225*a71a9546SAutomerger Merge Worker else
226*a71a9546SAutomerger Merge Worker printf("%d ", opcode);
227*a71a9546SAutomerger Merge Worker }
228*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_HTYPE) {
229*a71a9546SAutomerger Merge Worker printf("--arp-htype ");
230*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_HTYPE)
231*a71a9546SAutomerger Merge Worker printf("! ");
232*a71a9546SAutomerger Merge Worker printf("%d ", ntohs(arpinfo->htype));
233*a71a9546SAutomerger Merge Worker }
234*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_PTYPE) {
235*a71a9546SAutomerger Merge Worker printf("--arp-ptype ");
236*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_PTYPE)
237*a71a9546SAutomerger Merge Worker printf("! ");
238*a71a9546SAutomerger Merge Worker printf("0x%x ", ntohs(arpinfo->ptype));
239*a71a9546SAutomerger Merge Worker }
240*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
241*a71a9546SAutomerger Merge Worker printf("--arp-ip-src ");
242*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_SRC_IP)
243*a71a9546SAutomerger Merge Worker printf("! ");
244*a71a9546SAutomerger Merge Worker printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->saddr),
245*a71a9546SAutomerger Merge Worker xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->smsk));
246*a71a9546SAutomerger Merge Worker }
247*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_DST_IP) {
248*a71a9546SAutomerger Merge Worker printf("--arp-ip-dst ");
249*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_DST_IP)
250*a71a9546SAutomerger Merge Worker printf("! ");
251*a71a9546SAutomerger Merge Worker printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->daddr),
252*a71a9546SAutomerger Merge Worker xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->dmsk));
253*a71a9546SAutomerger Merge Worker }
254*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_SRC_MAC) {
255*a71a9546SAutomerger Merge Worker printf("--arp-mac-src ");
256*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_SRC_MAC)
257*a71a9546SAutomerger Merge Worker printf("! ");
258*a71a9546SAutomerger Merge Worker xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
259*a71a9546SAutomerger Merge Worker printf(" ");
260*a71a9546SAutomerger Merge Worker }
261*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
262*a71a9546SAutomerger Merge Worker printf("--arp-mac-dst ");
263*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_DST_MAC)
264*a71a9546SAutomerger Merge Worker printf("! ");
265*a71a9546SAutomerger Merge Worker xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
266*a71a9546SAutomerger Merge Worker printf(" ");
267*a71a9546SAutomerger Merge Worker }
268*a71a9546SAutomerger Merge Worker if (arpinfo->bitmask & EBT_ARP_GRAT) {
269*a71a9546SAutomerger Merge Worker if (arpinfo->invflags & EBT_ARP_GRAT)
270*a71a9546SAutomerger Merge Worker printf("! ");
271*a71a9546SAutomerger Merge Worker printf("--arp-gratuitous ");
272*a71a9546SAutomerger Merge Worker }
273*a71a9546SAutomerger Merge Worker }
274*a71a9546SAutomerger Merge Worker
275*a71a9546SAutomerger Merge Worker static struct xtables_match brarp_match = {
276*a71a9546SAutomerger Merge Worker .name = "arp",
277*a71a9546SAutomerger Merge Worker .version = XTABLES_VERSION,
278*a71a9546SAutomerger Merge Worker .family = NFPROTO_BRIDGE,
279*a71a9546SAutomerger Merge Worker .size = XT_ALIGN(sizeof(struct ebt_arp_info)),
280*a71a9546SAutomerger Merge Worker .userspacesize = XT_ALIGN(sizeof(struct ebt_arp_info)),
281*a71a9546SAutomerger Merge Worker .help = brarp_print_help,
282*a71a9546SAutomerger Merge Worker .parse = brarp_parse,
283*a71a9546SAutomerger Merge Worker .print = brarp_print,
284*a71a9546SAutomerger Merge Worker .extra_opts = brarp_opts,
285*a71a9546SAutomerger Merge Worker };
286*a71a9546SAutomerger Merge Worker
_init(void)287*a71a9546SAutomerger Merge Worker void _init(void)
288*a71a9546SAutomerger Merge Worker {
289*a71a9546SAutomerger Merge Worker xtables_register_match(&brarp_match);
290*a71a9546SAutomerger Merge Worker }
291