1 /*
2  * Copyright (c) 2014 The DragonFly Project.  All rights reserved.
3  *
4  * This code is derived from software contributed to The DragonFly Project
5  * by Bill Yuan <bycn82@dragonflybsd.org>
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in
15  *    the documentation and/or other materials provided with the
16  *    distribution.
17  * 3. Neither the name of The DragonFly Project nor the names of its
18  *    contributors may be used to endorse or promote products derived
19  *    from this software without specific, prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
25  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include <sys/param.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
38 #include <sys/mbuf.h>
39 #include <sys/socketvar.h>
40 #include <sys/sysctl.h>
41 #include <sys/systimer.h>
42 #include <sys/thread2.h>
43 
44 #include <net/ethernet.h>
45 #include <net/netmsg2.h>
46 #include <net/netisr2.h>
47 #include <net/route.h>
48 
49 #include <netinet/in_var.h>
50 #include <netinet/ip_var.h>
51 
52 #include <net/ipfw3/ip_fw.h>
53 #include <net/ipfw3/ip_fw3_table.h>
54 
55 #include "ip_fw3_layer2.h"
56 
57 extern struct ipfw_context      *ipfw_ctx[MAXCPU];
58 
59 void
60 check_layer2(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
61 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len)
62 {
63 	*cmd_val = ((*args)->eh != NULL);
64 	*cmd_ctl = IP_FW_CTL_NO;
65 }
66 
67 void
68 check_mac(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
69 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len)
70 {
71 	*cmd_ctl = IP_FW_CTL_NO;
72 	if ((*args)->eh != NULL) {
73 		uint32_t *want = (uint32_t *)((ipfw_insn_mac *)cmd)->addr;
74 		uint32_t *mask = (uint32_t *)((ipfw_insn_mac *)cmd)->mask;
75 		uint32_t *hdr = (uint32_t *)(*args)->eh;
76 		*cmd_val =
77 			(want[0] == (hdr[0] & mask[0]) &&
78 			 want[1] == (hdr[1] & mask[1]) &&
79 			 want[2] == (hdr[2] & mask[2]));
80 	} else {
81 		*cmd_val = IP_FW_NOT_MATCH;
82 	}
83 }
84 
85 void
86 check_mac_from(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
87 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len)
88 {
89 	*cmd_ctl = IP_FW_CTL_NO;
90 	if ((*args)->eh != NULL) {
91 		uint16_t *want = (uint16_t *)((ipfw_insn_mac *)cmd)->addr;
92 		uint16_t *mask = (uint16_t *)((ipfw_insn_mac *)cmd)->mask;
93 		uint16_t *hdr = (uint16_t *)(*args)->eh;
94 		*cmd_val =
95 			(want[3] == (hdr[3] & mask[3]) &&
96 			 want[4] == (hdr[4] & mask[4]) &&
97 			 want[5] == (hdr[5] & mask[5]));
98 	} else {
99 		*cmd_val = IP_FW_NOT_MATCH;
100 	}
101 }
102 
103 void
104 check_mac_from_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
105 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len)
106 {
107         struct ipfw_context *ctx = ipfw_ctx[mycpuid];
108         struct ipfw_table_context *table_ctx;
109         struct radix_node_head *rnh;
110         struct table_mac_entry *ent = NULL;
111 
112         table_ctx = ctx->table_ctx;
113         table_ctx += cmd->arg1;
114         rnh = table_ctx->node;
115 
116         *cmd_ctl = IP_FW_CTL_NO;
117         *cmd_val = IP_FW_NOT_MATCH;
118         if ((*args)->eh != NULL) {
119                 struct sockaddr sa;
120                 sa.sa_len = 8;
121                 strncpy(sa.sa_data, (*args)->eh->ether_shost, 6);
122                 ent = (struct table_mac_entry *)rnh->rnh_lookup((char *)&sa,
123 								NULL, rnh);
124                 if(ent != NULL)
125                         *cmd_val = IP_FW_MATCH;
126         }
127 }
128 
129 void
130 check_mac_to(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
131 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len)
132 {
133 	*cmd_ctl = IP_FW_CTL_NO;
134 	if ((*args)->eh != NULL) {
135 		uint16_t *want = (uint16_t *)((ipfw_insn_mac *)cmd)->addr;
136 		uint16_t *mask = (uint16_t *)((ipfw_insn_mac *)cmd)->mask;
137 		uint16_t *hdr = (uint16_t *)(*args)->eh;
138 		*cmd_val =
139 			(want[0] == (hdr[0] & mask[0]) &&
140 			 want[1] == (hdr[1] & mask[1]) &&
141 			 want[2] == (hdr[2] & mask[2]));
142 	} else {
143 		*cmd_val = IP_FW_NOT_MATCH;
144 	}
145 }
146 
147 void
148 check_mac_to_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
149 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len)
150 {
151         struct ipfw_context *ctx = ipfw_ctx[mycpuid];
152         struct ipfw_table_context *table_ctx;
153         struct radix_node_head *rnh;
154         struct table_mac_entry *ent = NULL;
155 
156         table_ctx = ctx->table_ctx;
157         table_ctx += cmd->arg1;
158         rnh = table_ctx->node;
159 
160         *cmd_ctl = IP_FW_CTL_NO;
161         *cmd_val = IP_FW_NOT_MATCH;
162         if ((*args)->eh != NULL) {
163                 struct sockaddr sa;
164                 sa.sa_len = 8;
165                 strncpy(sa.sa_data, (*args)->eh->ether_dhost, 6);
166                 ent = (struct table_mac_entry *)rnh->rnh_lookup((char *)&sa,
167 								NULL, rnh);
168                 if(ent != NULL)
169                         *cmd_val = IP_FW_MATCH;
170         }
171 }
172 
173 static int
174 ipfw3_layer2_init(void)
175 {
176 	register_ipfw_module(MODULE_LAYER2_ID, MODULE_LAYER2_NAME);
177 	register_ipfw_filter_funcs(MODULE_LAYER2_ID,
178 			O_LAYER2_LAYER2, (filter_func)check_layer2);
179 	register_ipfw_filter_funcs(MODULE_LAYER2_ID,
180 			O_LAYER2_MAC, (filter_func)check_mac);
181         register_ipfw_filter_funcs(MODULE_LAYER2_ID,
182 			O_LAYER2_MAC_SRC, (filter_func)check_mac_from);
183         register_ipfw_filter_funcs(MODULE_LAYER2_ID,
184 			O_LAYER2_MAC_DST, (filter_func)check_mac_to);
185         register_ipfw_filter_funcs(MODULE_LAYER2_ID,
186 			O_LAYER2_MAC_SRC_LOOKUP,
187 			(filter_func)check_mac_from_lookup);
188         register_ipfw_filter_funcs(MODULE_LAYER2_ID,
189 			O_LAYER2_MAC_DST_LOOKUP,
190 			(filter_func)check_mac_to_lookup);
191 	return 0;
192 }
193 
194 static int
195 ipfw3_layer2_stop(void)
196 {
197 	return unregister_ipfw_module(MODULE_LAYER2_ID);
198 }
199 
200 static int
201 ipfw3_layer2_modevent(module_t mod, int type, void *data)
202 {
203 	switch (type) {
204 		case MOD_LOAD:
205 			return ipfw3_layer2_init();
206 		case MOD_UNLOAD:
207 			return ipfw3_layer2_stop();
208 		default:
209 			break;
210 	}
211 	return 0;
212 }
213 
214 static moduledata_t ipfw3_layer2_mod = {
215 	"ipfw3_layer2",
216 	ipfw3_layer2_modevent,
217 	NULL
218 };
219 DECLARE_MODULE(ipfw3_layer2, ipfw3_layer2_mod, SI_SUB_PROTO_END, SI_ORDER_ANY);
220 MODULE_DEPEND(ipfw3_layer2, ipfw3_basic, 1, 1, 1);
221 MODULE_VERSION(ipfw3_layer2, 1);
222