1 /* ebt_arp
2 *
3 * Authors:
4 * Bart De Schuymer <[email protected]>
5 * Tim Gardner <[email protected]>
6 *
7 * April, 2002
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13 #include <getopt.h>
14 #include <xtables.h>
15 #include <netinet/ether.h>
16
17 #include <xtables.h>
18 #include <net/if_arp.h>
19 #include <linux/netfilter_bridge/ebt_arp.h>
20 #include "iptables/nft.h"
21 #include "iptables/nft-bridge.h"
22
23 #define ARP_OPCODE '1'
24 #define ARP_HTYPE '2'
25 #define ARP_PTYPE '3'
26 #define ARP_IP_S '4'
27 #define ARP_IP_D '5'
28 #define ARP_MAC_S '6'
29 #define ARP_MAC_D '7'
30 #define ARP_GRAT '8'
31
32 static const struct option brarp_opts[] = {
33 { "arp-opcode" , required_argument, 0, ARP_OPCODE },
34 { "arp-op" , required_argument, 0, ARP_OPCODE },
35 { "arp-htype" , required_argument, 0, ARP_HTYPE },
36 { "arp-ptype" , required_argument, 0, ARP_PTYPE },
37 { "arp-ip-src" , required_argument, 0, ARP_IP_S },
38 { "arp-ip-dst" , required_argument, 0, ARP_IP_D },
39 { "arp-mac-src" , required_argument, 0, ARP_MAC_S },
40 { "arp-mac-dst" , required_argument, 0, ARP_MAC_D },
41 { "arp-gratuitous", no_argument, 0, ARP_GRAT },
42 XT_GETOPT_TABLEEND,
43 };
44
45 /* a few names */
46 static char *opcodes[] =
47 {
48 "Request",
49 "Reply",
50 "Request_Reverse",
51 "Reply_Reverse",
52 "DRARP_Request",
53 "DRARP_Reply",
54 "DRARP_Error",
55 "InARP_Request",
56 "ARP_NAK",
57 };
58
brarp_print_help(void)59 static void brarp_print_help(void)
60 {
61 int i;
62
63 printf(
64 "arp options:\n"
65 "--arp-opcode [!] opcode : ARP opcode (integer or string)\n"
66 "--arp-htype [!] type : ARP hardware type (integer or string)\n"
67 "--arp-ptype [!] type : ARP protocol type (hexadecimal or string)\n"
68 "--arp-ip-src [!] address[/mask]: ARP IP source specification\n"
69 "--arp-ip-dst [!] address[/mask]: ARP IP target specification\n"
70 "--arp-mac-src [!] address[/mask]: ARP MAC source specification\n"
71 "--arp-mac-dst [!] address[/mask]: ARP MAC target specification\n"
72 "[!] --arp-gratuitous : ARP gratuitous packet\n"
73 " opcode strings: \n");
74 for (i = 0; i < ARRAY_SIZE(opcodes); i++)
75 printf(" %d = %s\n", i + 1, opcodes[i]);
76 printf(
77 " hardware type string: 1 = Ethernet\n"
78 " protocol type string: see "XT_PATH_ETHERTYPES"\n");
79 }
80
81 #define OPT_OPCODE 0x01
82 #define OPT_HTYPE 0x02
83 #define OPT_PTYPE 0x04
84 #define OPT_IP_S 0x08
85 #define OPT_IP_D 0x10
86 #define OPT_MAC_S 0x20
87 #define OPT_MAC_D 0x40
88 #define OPT_GRAT 0x80
89
90 static int
brarp_parse(int c,char ** argv,int invert,unsigned int * flags,const void * entry,struct xt_entry_match ** match)91 brarp_parse(int c, char **argv, int invert, unsigned int *flags,
92 const void *entry, struct xt_entry_match **match)
93 {
94 struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data;
95 struct in_addr *ipaddr, ipmask;
96 long int i;
97 char *end;
98 unsigned char *maddr;
99 unsigned char *mmask;
100 unsigned int ipnr;
101
102 switch (c) {
103 case ARP_OPCODE:
104 EBT_CHECK_OPTION(flags, OPT_OPCODE);
105 if (invert)
106 arpinfo->invflags |= EBT_ARP_OPCODE;
107 i = strtol(optarg, &end, 10);
108 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
109 for (i = 0; i < ARRAY_SIZE(opcodes); i++)
110 if (!strcasecmp(opcodes[i], optarg))
111 break;
112 if (i == ARRAY_SIZE(opcodes))
113 xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP opcode");
114 i++;
115 }
116 arpinfo->opcode = htons(i);
117 arpinfo->bitmask |= EBT_ARP_OPCODE;
118 break;
119
120 case ARP_HTYPE:
121 EBT_CHECK_OPTION(flags, OPT_HTYPE);
122 if (invert)
123 arpinfo->invflags |= EBT_ARP_HTYPE;
124 i = strtol(optarg, &end, 10);
125 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
126 if (!strcasecmp("Ethernet", argv[optind - 1]))
127 i = 1;
128 else
129 xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP hardware type");
130 }
131 arpinfo->htype = htons(i);
132 arpinfo->bitmask |= EBT_ARP_HTYPE;
133 break;
134 case ARP_PTYPE: {
135 uint16_t proto;
136
137 EBT_CHECK_OPTION(flags, OPT_PTYPE);
138 if (invert)
139 arpinfo->invflags |= EBT_ARP_PTYPE;
140
141 i = strtol(optarg, &end, 16);
142 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
143 struct xt_ethertypeent *ent;
144
145 ent = xtables_getethertypebyname(argv[optind - 1]);
146 if (!ent)
147 xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP "
148 "protocol type");
149 proto = ent->e_ethertype;
150
151 } else
152 proto = i;
153 arpinfo->ptype = htons(proto);
154 arpinfo->bitmask |= EBT_ARP_PTYPE;
155 break;
156 }
157
158 case ARP_IP_S:
159 case ARP_IP_D:
160 xtables_ipparse_any(optarg, &ipaddr, &ipmask, &ipnr);
161 if (c == ARP_IP_S) {
162 EBT_CHECK_OPTION(flags, OPT_IP_S);
163 arpinfo->saddr = ipaddr->s_addr;
164 arpinfo->smsk = ipmask.s_addr;
165 arpinfo->bitmask |= EBT_ARP_SRC_IP;
166 } else {
167 EBT_CHECK_OPTION(flags, OPT_IP_D);
168 arpinfo->daddr = ipaddr->s_addr;
169 arpinfo->dmsk = ipmask.s_addr;
170 arpinfo->bitmask |= EBT_ARP_DST_IP;
171 }
172 free(ipaddr);
173 if (invert) {
174 if (c == ARP_IP_S)
175 arpinfo->invflags |= EBT_ARP_SRC_IP;
176 else
177 arpinfo->invflags |= EBT_ARP_DST_IP;
178 }
179 break;
180 case ARP_MAC_S:
181 case ARP_MAC_D:
182 if (c == ARP_MAC_S) {
183 EBT_CHECK_OPTION(flags, OPT_MAC_S);
184 maddr = arpinfo->smaddr;
185 mmask = arpinfo->smmsk;
186 arpinfo->bitmask |= EBT_ARP_SRC_MAC;
187 } else {
188 EBT_CHECK_OPTION(flags, OPT_MAC_D);
189 maddr = arpinfo->dmaddr;
190 mmask = arpinfo->dmmsk;
191 arpinfo->bitmask |= EBT_ARP_DST_MAC;
192 }
193 if (invert) {
194 if (c == ARP_MAC_S)
195 arpinfo->invflags |= EBT_ARP_SRC_MAC;
196 else
197 arpinfo->invflags |= EBT_ARP_DST_MAC;
198 }
199 if (xtables_parse_mac_and_mask(optarg, maddr, mmask))
200 xtables_error(PARAMETER_PROBLEM, "Problem with ARP MAC address argument");
201 break;
202 case ARP_GRAT:
203 EBT_CHECK_OPTION(flags, OPT_GRAT);
204 arpinfo->bitmask |= EBT_ARP_GRAT;
205 if (invert)
206 arpinfo->invflags |= EBT_ARP_GRAT;
207 break;
208 default:
209 return 0;
210 }
211 return 1;
212 }
213
brarp_print(const void * ip,const struct xt_entry_match * match,int numeric)214 static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
215 {
216 const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
217
218 if (arpinfo->bitmask & EBT_ARP_OPCODE) {
219 int opcode = ntohs(arpinfo->opcode);
220 printf("--arp-op ");
221 if (arpinfo->invflags & EBT_ARP_OPCODE)
222 printf("! ");
223 if (opcode > 0 && opcode <= ARRAY_SIZE(opcodes))
224 printf("%s ", opcodes[opcode - 1]);
225 else
226 printf("%d ", opcode);
227 }
228 if (arpinfo->bitmask & EBT_ARP_HTYPE) {
229 printf("--arp-htype ");
230 if (arpinfo->invflags & EBT_ARP_HTYPE)
231 printf("! ");
232 printf("%d ", ntohs(arpinfo->htype));
233 }
234 if (arpinfo->bitmask & EBT_ARP_PTYPE) {
235 printf("--arp-ptype ");
236 if (arpinfo->invflags & EBT_ARP_PTYPE)
237 printf("! ");
238 printf("0x%x ", ntohs(arpinfo->ptype));
239 }
240 if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
241 printf("--arp-ip-src ");
242 if (arpinfo->invflags & EBT_ARP_SRC_IP)
243 printf("! ");
244 printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->saddr),
245 xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->smsk));
246 }
247 if (arpinfo->bitmask & EBT_ARP_DST_IP) {
248 printf("--arp-ip-dst ");
249 if (arpinfo->invflags & EBT_ARP_DST_IP)
250 printf("! ");
251 printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->daddr),
252 xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->dmsk));
253 }
254 if (arpinfo->bitmask & EBT_ARP_SRC_MAC) {
255 printf("--arp-mac-src ");
256 if (arpinfo->invflags & EBT_ARP_SRC_MAC)
257 printf("! ");
258 xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
259 printf(" ");
260 }
261 if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
262 printf("--arp-mac-dst ");
263 if (arpinfo->invflags & EBT_ARP_DST_MAC)
264 printf("! ");
265 xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
266 printf(" ");
267 }
268 if (arpinfo->bitmask & EBT_ARP_GRAT) {
269 if (arpinfo->invflags & EBT_ARP_GRAT)
270 printf("! ");
271 printf("--arp-gratuitous ");
272 }
273 }
274
275 static struct xtables_match brarp_match = {
276 .name = "arp",
277 .version = XTABLES_VERSION,
278 .family = NFPROTO_BRIDGE,
279 .size = XT_ALIGN(sizeof(struct ebt_arp_info)),
280 .userspacesize = XT_ALIGN(sizeof(struct ebt_arp_info)),
281 .help = brarp_print_help,
282 .parse = brarp_parse,
283 .print = brarp_print,
284 .extra_opts = brarp_opts,
285 };
286
_init(void)287 void _init(void)
288 {
289 xtables_register_match(&brarp_match);
290 }
291