5 * Bart De Schuymer <bdschuym@pandora.be>
10 * added ip-sport and ip-dport
11 * Innominate Security Technologies AG <mhopf@innominate.com>
15 #include <linux/netfilter_bridge/ebtables.h>
16 #include <linux/netfilter_bridge/ebt_ip.h>
19 #include <linux/module.h>
26 static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in,
27 const struct net_device *out, const void *data,
30 struct ebt_ip_info *info = (struct ebt_ip_info *)data;
31 union {struct iphdr iph; struct tcpudphdr ports;} u;
33 if (skb_copy_bits(skb, 0, &u.iph, sizeof(u.iph)))
35 if (info->bitmask & EBT_IP_TOS &&
36 FWINV(info->tos != u.iph.tos, EBT_IP_TOS))
38 if (info->bitmask & EBT_IP_SOURCE &&
39 FWINV((u.iph.saddr & info->smsk) !=
40 info->saddr, EBT_IP_SOURCE))
42 if ((info->bitmask & EBT_IP_DEST) &&
43 FWINV((u.iph.daddr & info->dmsk) !=
44 info->daddr, EBT_IP_DEST))
46 if (info->bitmask & EBT_IP_PROTO) {
47 if (FWINV(info->protocol != u.iph.protocol, EBT_IP_PROTO))
49 if (!(info->bitmask & EBT_IP_DPORT) &&
50 !(info->bitmask & EBT_IP_SPORT))
52 if (skb_copy_bits(skb, u.iph.ihl*4, &u.ports,
55 if (info->bitmask & EBT_IP_DPORT) {
56 u.ports.dst = ntohs(u.ports.dst);
57 if (FWINV(u.ports.dst < info->dport[0] ||
58 u.ports.dst > info->dport[1],
62 if (info->bitmask & EBT_IP_SPORT) {
63 u.ports.src = ntohs(u.ports.src);
64 if (FWINV(u.ports.src < info->sport[0] ||
65 u.ports.src > info->sport[1],
73 static int ebt_ip_check(const char *tablename, unsigned int hookmask,
74 const struct ebt_entry *e, void *data, unsigned int datalen)
76 struct ebt_ip_info *info = (struct ebt_ip_info *)data;
78 if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info)))
80 if (e->ethproto != __constant_htons(ETH_P_IP) ||
81 e->invflags & EBT_IPROTO)
83 if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK)
85 if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) {
86 if (info->invflags & EBT_IP_PROTO)
88 if (info->protocol != IPPROTO_TCP &&
89 info->protocol != IPPROTO_UDP)
92 if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
94 if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
99 static struct ebt_match filter_ip =
101 .name = EBT_IP_MATCH,
102 .match = ebt_filter_ip,
103 .check = ebt_ip_check,
107 static int __init init(void)
109 return ebt_register_match(&filter_ip);
112 static void __exit fini(void)
114 ebt_unregister_match(&filter_ip);
119 MODULE_LICENSE("GPL");