5 * Bart De Schuymer <bdschuym@pandora.be>
6 * Stephen Hemminger <shemminger@osdl.org>
11 #include <linux/netfilter_bridge/ebtables.h>
12 #include <linux/netfilter_bridge/ebt_stp.h>
13 #include <linux/etherdevice.h>
14 #include <linux/module.h>
16 #define BPDU_TYPE_CONFIG 0
17 #define BPDU_TYPE_TCN 0x80
28 struct stp_config_pdu
{
36 uint8_t hello_time
[2];
37 uint8_t forward_delay
[2];
40 #define NR16(p) (p[0] << 8 | p[1])
41 #define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3])
43 static int ebt_filter_config(struct ebt_stp_info
*info
,
44 struct stp_config_pdu
*stpc
)
46 struct ebt_stp_config_info
*c
;
52 if ((info
->bitmask
& EBT_STP_FLAGS
) &&
53 FWINV(c
->flags
!= stpc
->flags
, EBT_STP_FLAGS
))
55 if (info
->bitmask
& EBT_STP_ROOTPRIO
) {
56 v16
= NR16(stpc
->root
);
57 if (FWINV(v16
< c
->root_priol
||
58 v16
> c
->root_priou
, EBT_STP_ROOTPRIO
))
61 if (info
->bitmask
& EBT_STP_ROOTADDR
) {
63 for (i
= 0; i
< 6; i
++)
64 verdict
|= (stpc
->root
[2+i
] ^ c
->root_addr
[i
]) &
66 if (FWINV(verdict
!= 0, EBT_STP_ROOTADDR
))
69 if (info
->bitmask
& EBT_STP_ROOTCOST
) {
70 v32
= NR32(stpc
->root_cost
);
71 if (FWINV(v32
< c
->root_costl
||
72 v32
> c
->root_costu
, EBT_STP_ROOTCOST
))
75 if (info
->bitmask
& EBT_STP_SENDERPRIO
) {
76 v16
= NR16(stpc
->sender
);
77 if (FWINV(v16
< c
->sender_priol
||
78 v16
> c
->sender_priou
, EBT_STP_SENDERPRIO
))
81 if (info
->bitmask
& EBT_STP_SENDERADDR
) {
83 for (i
= 0; i
< 6; i
++)
84 verdict
|= (stpc
->sender
[2+i
] ^ c
->sender_addr
[i
]) &
86 if (FWINV(verdict
!= 0, EBT_STP_SENDERADDR
))
89 if (info
->bitmask
& EBT_STP_PORT
) {
90 v16
= NR16(stpc
->port
);
91 if (FWINV(v16
< c
->portl
||
92 v16
> c
->portu
, EBT_STP_PORT
))
95 if (info
->bitmask
& EBT_STP_MSGAGE
) {
96 v16
= NR16(stpc
->msg_age
);
97 if (FWINV(v16
< c
->msg_agel
||
98 v16
> c
->msg_ageu
, EBT_STP_MSGAGE
))
101 if (info
->bitmask
& EBT_STP_MAXAGE
) {
102 v16
= NR16(stpc
->max_age
);
103 if (FWINV(v16
< c
->max_agel
||
104 v16
> c
->max_ageu
, EBT_STP_MAXAGE
))
107 if (info
->bitmask
& EBT_STP_HELLOTIME
) {
108 v16
= NR16(stpc
->hello_time
);
109 if (FWINV(v16
< c
->hello_timel
||
110 v16
> c
->hello_timeu
, EBT_STP_HELLOTIME
))
113 if (info
->bitmask
& EBT_STP_FWDD
) {
114 v16
= NR16(stpc
->forward_delay
);
115 if (FWINV(v16
< c
->forward_delayl
||
116 v16
> c
->forward_delayu
, EBT_STP_FWDD
))
122 static int ebt_filter_stp(const struct sk_buff
*skb
, const struct net_device
*in
,
123 const struct net_device
*out
, const void *data
, unsigned int datalen
)
125 struct ebt_stp_info
*info
= (struct ebt_stp_info
*)data
;
126 struct stp_header _stph
, *sp
;
127 uint8_t header
[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00};
129 sp
= skb_header_pointer(skb
, 0, sizeof(_stph
), &_stph
);
133 /* The stp code only considers these */
134 if (memcmp(sp
, header
, sizeof(header
)))
137 if (info
->bitmask
& EBT_STP_TYPE
138 && FWINV(info
->type
!= sp
->type
, EBT_STP_TYPE
))
141 if (sp
->type
== BPDU_TYPE_CONFIG
&&
142 info
->bitmask
& EBT_STP_CONFIG_MASK
) {
143 struct stp_config_pdu _stpc
, *st
;
145 st
= skb_header_pointer(skb
, sizeof(_stph
),
146 sizeof(_stpc
), &_stpc
);
149 return ebt_filter_config(info
, st
);
154 static int ebt_stp_check(const char *tablename
, unsigned int hookmask
,
155 const struct ebt_entry
*e
, void *data
, unsigned int datalen
)
157 struct ebt_stp_info
*info
= (struct ebt_stp_info
*)data
;
158 int len
= EBT_ALIGN(sizeof(struct ebt_stp_info
));
159 uint8_t bridge_ula
[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 };
160 uint8_t msk
[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
162 if (info
->bitmask
& ~EBT_STP_MASK
|| info
->invflags
& ~EBT_STP_MASK
||
163 !(info
->bitmask
& EBT_STP_MASK
))
167 /* Make sure the match only receives stp frames */
168 if (compare_ether_addr(e
->destmac
, bridge_ula
) ||
169 compare_ether_addr(e
->destmsk
, msk
) || !(e
->bitmask
& EBT_DESTMAC
))
175 static struct ebt_match filter_stp
=
177 .name
= EBT_STP_MATCH
,
178 .match
= ebt_filter_stp
,
179 .check
= ebt_stp_check
,
183 static int __init
ebt_stp_init(void)
185 return ebt_register_match(&filter_stp
);
188 static void __exit
ebt_stp_fini(void)
190 ebt_unregister_match(&filter_stp
);
193 module_init(ebt_stp_init
);
194 module_exit(ebt_stp_fini
);
195 MODULE_LICENSE("GPL");