mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-05 02:19:51 +00:00
c15bf6e699
The attached patch adds gratuitous arp filtering, more precisely: it allows checking that the IPv4 source address matches the IPv4 destination address inside the ARP header. It also adds a check for the hardware address type when matching MAC addresses (nothing critical, just for better consistency). Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Acked-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
34 lines
789 B
C
34 lines
789 B
C
#ifndef __LINUX_BRIDGE_EBT_ARP_H
|
|
#define __LINUX_BRIDGE_EBT_ARP_H
|
|
|
|
#define EBT_ARP_OPCODE 0x01
|
|
#define EBT_ARP_HTYPE 0x02
|
|
#define EBT_ARP_PTYPE 0x04
|
|
#define EBT_ARP_SRC_IP 0x08
|
|
#define EBT_ARP_DST_IP 0x10
|
|
#define EBT_ARP_SRC_MAC 0x20
|
|
#define EBT_ARP_DST_MAC 0x40
|
|
#define EBT_ARP_GRAT 0x80
|
|
#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
|
|
EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \
|
|
EBT_ARP_GRAT)
|
|
#define EBT_ARP_MATCH "arp"
|
|
|
|
struct ebt_arp_info
|
|
{
|
|
__be16 htype;
|
|
__be16 ptype;
|
|
__be16 opcode;
|
|
__be32 saddr;
|
|
__be32 smsk;
|
|
__be32 daddr;
|
|
__be32 dmsk;
|
|
unsigned char smaddr[ETH_ALEN];
|
|
unsigned char smmsk[ETH_ALEN];
|
|
unsigned char dmaddr[ETH_ALEN];
|
|
unsigned char dmmsk[ETH_ALEN];
|
|
uint8_t bitmask;
|
|
uint8_t invflags;
|
|
};
|
|
|
|
#endif
|