batman-adv: set the isolation mark in the skb if needed

If a broadcast packet is coming from a client marked as isolated, then mark the skb using the isolation mark so that netfilter (or any other application) can recognise them. The mark is written in the skb based on the mask value: only bits set in the mask are substitued by those in the mark value Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
author: Antonio Quartulli <antonio@open-mesh.com> 2013-11-16 06:03:52 -0500
committer: Antonio Quartulli <antonio@meshcoding.com> 2014-01-08 14:49:46 -0500
commit: 42cb0bef0176572e2e826b49d697c653eedd7fce (patch)
tree: c21910441be29c1f17325e577dbb60719c0fe1a7 /net
parent: eceb22ae0bdcb49daff9989f91fb3388fa501a69 (diff)
3 files changed, 44 insertions, 2 deletions
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index e126d74da6b8..c50f64337f55 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -399,9 +399,23 @@ void batadv_interface_rx(struct net_device *soft_iface,
                batadv_tt_add_temporary_global_entry(bat_priv, orig_node,
                                                     ethhdr->h_source, vid);
-        if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest,
+        if (is_multicast_ether_addr(ethhdr->h_dest)) {
-                                  vid))
+                /* set the mark on broadcast packets if AP isolation is ON and
+                 * the packet is coming from an "isolated" client
+                 */
+                if (batadv_vlan_ap_isola_get(bat_priv, vid) &&
+                    batadv_tt_global_is_isolated(bat_priv, ethhdr->h_source,
+                                                 vid)) {
+                        /* save bits in skb->mark not covered by the mask and
+                         * apply the mark on the rest
+                         */
+                        skb->mark &= ~bat_priv->isolation_mark_mask;
+                        skb->mark |= bat_priv->isolation_mark;
+                }
+        } else if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source,
+                                         ethhdr->h_dest, vid)) {
                goto dropped;
+        }
        netif_rx(skb);
        goto out;
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index 1337b6925f52..63d25705cec6 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -3577,3 +3577,29 @@ int batadv_tt_init(struct batadv_priv *bat_priv)
        return 1;
 }
+/**
+ * batadv_tt_global_is_isolated - check if a client is marked as isolated
+ * @bat_priv: the bat priv with all the soft interface information
+ * @addr: the mac address of the client
+ * @vid: the identifier of the VLAN where this client is connected
+ *
+ * Returns true if the client is marked with the TT_CLIENT_ISOLA flag, false
+ * otherwise
+ */
+bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
+                                  const uint8_t *addr, unsigned short vid)
+{
+        struct batadv_tt_global_entry *tt;
+        bool ret;
+        tt = batadv_tt_global_hash_find(bat_priv, addr, vid);
+        if (!tt)
+                return false;
+        ret = tt->common.flags & BATADV_TT_CLIENT_ISOLA;
+        batadv_tt_global_entry_free_ref(tt);
+        return ret;
+}
diff --git a/net/batman-adv/translation-table.h b/net/batman-adv/translation-table.h
index 0e7023eda2ed..daa8ab728f71 100644
--- a/net/batman-adv/translation-table.h
+++ b/net/batman-adv/translation-table.h
@@ -48,5 +48,7 @@ bool batadv_tt_add_temporary_global_entry(struct batadv_priv *bat_priv,
                                          struct batadv_orig_node *orig_node,
                                          const unsigned char *addr,
                                          unsigned short vid);
+bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
+                                  const uint8_t *addr, unsigned short vid);
 #endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
author	Antonio Quartulli <antonio@open-mesh.com>	2013-11-16 06:03:52 -0500
committer	Antonio Quartulli <antonio@meshcoding.com>	2014-01-08 14:49:46 -0500
commit	42cb0bef0176572e2e826b49d697c653eedd7fce (patch)
tree	c21910441be29c1f17325e577dbb60719c0fe1a7 /net
parent	eceb22ae0bdcb49daff9989f91fb3388fa501a69 (diff)

diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c index e126d74da6b8..c50f64337f55 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c
@@ -399,9 +399,23 @@ void batadv_interface_rx(struct net_device *soft_iface,
399	batadv_tt_add_temporary_global_entry(bat_priv, orig_node,	399	batadv_tt_add_temporary_global_entry(bat_priv, orig_node,
400	ethhdr->h_source, vid);	400	ethhdr->h_source, vid);
401		401
402	if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest,	402	if (is_multicast_ether_addr(ethhdr->h_dest)) {
403	vid))	403	/* set the mark on broadcast packets if AP isolation is ON and
		404	* the packet is coming from an "isolated" client
		405	*/
		406	if (batadv_vlan_ap_isola_get(bat_priv, vid) &&
		407	batadv_tt_global_is_isolated(bat_priv, ethhdr->h_source,
		408	vid)) {
		409	/* save bits in skb->mark not covered by the mask and
		410	* apply the mark on the rest
		411	*/
		412	skb->mark &= ~bat_priv->isolation_mark_mask;
		413	skb->mark \|= bat_priv->isolation_mark;
		414	}
		415	} else if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source,
		416	ethhdr->h_dest, vid)) {
404	goto dropped;	417	goto dropped;
		418	}
405		419
406	netif_rx(skb);	420	netif_rx(skb);
407	goto out;	421	goto out;


diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 1337b6925f52..63d25705cec6 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c
@@ -3577,3 +3577,29 @@ int batadv_tt_init(struct batadv_priv *bat_priv)
3577		3577
3578	return 1;	3578	return 1;
3579	}	3579	}
		3580
		3581	/**
		3582	* batadv_tt_global_is_isolated - check if a client is marked as isolated
		3583	* @bat_priv: the bat priv with all the soft interface information
		3584	* @addr: the mac address of the client
		3585	* @vid: the identifier of the VLAN where this client is connected
		3586	*
		3587	* Returns true if the client is marked with the TT_CLIENT_ISOLA flag, false
		3588	* otherwise
		3589	*/
		3590	bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
		3591	const uint8_t *addr, unsigned short vid)
		3592	{
		3593	struct batadv_tt_global_entry *tt;
		3594	bool ret;
		3595
		3596	tt = batadv_tt_global_hash_find(bat_priv, addr, vid);
		3597	if (!tt)
		3598	return false;
		3599
		3600	ret = tt->common.flags & BATADV_TT_CLIENT_ISOLA;
		3601
		3602	batadv_tt_global_entry_free_ref(tt);
		3603
		3604	return ret;
		3605	}


diff --git a/net/batman-adv/translation-table.h b/net/batman-adv/translation-table.h index 0e7023eda2ed..daa8ab728f71 100644 --- a/net/batman-adv/translation-table.h +++ b/net/batman-adv/translation-table.h
@@ -48,5 +48,7 @@ bool batadv_tt_add_temporary_global_entry(struct batadv_priv *bat_priv,
48	struct batadv_orig_node *orig_node,	48	struct batadv_orig_node *orig_node,
49	const unsigned char *addr,	49	const unsigned char *addr,
50	unsigned short vid);	50	unsigned short vid);
		51	bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
		52	const uint8_t *addr, unsigned short vid);
51		53
52	#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */	54	#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */