diff options
author | Bart De Schuymer <bdschuym@pandora.be> | 2007-04-13 01:15:06 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-26 01:28:58 -0400 |
commit | c15bf6e699f4c366f2d1e19ac5d7add21c6b5a19 (patch) | |
tree | 2bcd680115a8b07cd6d7493b134ae2d36fe637be /include/linux | |
parent | 516299d2f5b6f9703b9b388faf91898dc636a678 (diff) |
[NETFILTER]: ebt_arp: add gratuitous arp filtering
The attached patch adds gratuitous arp filtering, more precisely: it
allows checking that the IPv4 source address matches the IPv4
destination address inside the ARP header. It also adds a check for the
hardware address type when matching MAC addresses (nothing critical,
just for better consistency).
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Acked-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter_bridge/ebt_arp.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h index 97e4dbde1f89..cbf4843b6b0f 100644 --- a/include/linux/netfilter_bridge/ebt_arp.h +++ b/include/linux/netfilter_bridge/ebt_arp.h | |||
@@ -8,8 +8,10 @@ | |||
8 | #define EBT_ARP_DST_IP 0x10 | 8 | #define EBT_ARP_DST_IP 0x10 |
9 | #define EBT_ARP_SRC_MAC 0x20 | 9 | #define EBT_ARP_SRC_MAC 0x20 |
10 | #define EBT_ARP_DST_MAC 0x40 | 10 | #define EBT_ARP_DST_MAC 0x40 |
11 | #define EBT_ARP_GRAT 0x80 | ||
11 | #define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \ | 12 | #define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \ |
12 | EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC) | 13 | EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \ |
14 | EBT_ARP_GRAT) | ||
13 | #define EBT_ARP_MATCH "arp" | 15 | #define EBT_ARP_MATCH "arp" |
14 | 16 | ||
15 | struct ebt_arp_info | 17 | struct ebt_arp_info |