Commit 42cb0bef authored by Antonio Quartulli's avatar Antonio Quartulli Committed by Antonio Quartulli

batman-adv: set the isolation mark in the skb if needed

If a broadcast packet is coming from a client marked as
isolated, then mark the skb using the isolation mark so
that netfilter (or any other application) can recognise
them.

The mark is written in the skb based on the mask value:
only bits set in the mask are substitued by those in the
mark value
Signed-off-by: default avatarAntonio Quartulli <antonio@open-mesh.com>
Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
parent eceb22ae
...@@ -399,9 +399,23 @@ void batadv_interface_rx(struct net_device *soft_iface, ...@@ -399,9 +399,23 @@ void batadv_interface_rx(struct net_device *soft_iface,
batadv_tt_add_temporary_global_entry(bat_priv, orig_node, batadv_tt_add_temporary_global_entry(bat_priv, orig_node,
ethhdr->h_source, vid); ethhdr->h_source, vid);
if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest, if (is_multicast_ether_addr(ethhdr->h_dest)) {
vid)) /* set the mark on broadcast packets if AP isolation is ON and
* the packet is coming from an "isolated" client
*/
if (batadv_vlan_ap_isola_get(bat_priv, vid) &&
batadv_tt_global_is_isolated(bat_priv, ethhdr->h_source,
vid)) {
/* save bits in skb->mark not covered by the mask and
* apply the mark on the rest
*/
skb->mark &= ~bat_priv->isolation_mark_mask;
skb->mark |= bat_priv->isolation_mark;
}
} else if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source,
ethhdr->h_dest, vid)) {
goto dropped; goto dropped;
}
netif_rx(skb); netif_rx(skb);
goto out; goto out;
......
...@@ -3577,3 +3577,29 @@ int batadv_tt_init(struct batadv_priv *bat_priv) ...@@ -3577,3 +3577,29 @@ int batadv_tt_init(struct batadv_priv *bat_priv)
return 1; return 1;
} }
/**
* batadv_tt_global_is_isolated - check if a client is marked as isolated
* @bat_priv: the bat priv with all the soft interface information
* @addr: the mac address of the client
* @vid: the identifier of the VLAN where this client is connected
*
* Returns true if the client is marked with the TT_CLIENT_ISOLA flag, false
* otherwise
*/
bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
const uint8_t *addr, unsigned short vid)
{
struct batadv_tt_global_entry *tt;
bool ret;
tt = batadv_tt_global_hash_find(bat_priv, addr, vid);
if (!tt)
return false;
ret = tt->common.flags & BATADV_TT_CLIENT_ISOLA;
batadv_tt_global_entry_free_ref(tt);
return ret;
}
...@@ -48,5 +48,7 @@ bool batadv_tt_add_temporary_global_entry(struct batadv_priv *bat_priv, ...@@ -48,5 +48,7 @@ bool batadv_tt_add_temporary_global_entry(struct batadv_priv *bat_priv,
struct batadv_orig_node *orig_node, struct batadv_orig_node *orig_node,
const unsigned char *addr, const unsigned char *addr,
unsigned short vid); unsigned short vid);
bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
const uint8_t *addr, unsigned short vid);
#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */ #endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment