batman-adv: set the isolation mark in the skb if needed

If a broadcast packet is coming from a client marked as isolated, then mark the skb using the isolation mark so that netfilter (or any other application) can recognise them. The mark is written in the skb based on the mask value: only bits set in the mask are substitued by those in the mark value Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>

batman-adv: set the isolation mark in the skb if needed
If a broadcast packet is coming from a client marked as isolated, then mark the skb using the isolation mark so that netfilter (or any other application) can recognise them. The mark is written in the skb based on the mask value: only bits set in the mask are substitued by those in the mark value Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Antonio Quartulli · Antonio Quartulli
1 parent eceb22ae0b
Showing 3 changed files with 44 additions and 2 deletions Side-by-side Diff
net/batman-adv/soft-interface.c
net/batman-adv/translation-table.c
net/batman-adv/translation-table.h
@@ -399,9 +399,23 @@
 		batadv_tt_add_temporary_global_entry(bat_priv, orig_node,
 						     ethhdr->h_source, vid);
  
-	if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest,
-				  vid))
+	if (is_multicast_ether_addr(ethhdr->h_dest)) {
+		/* set the mark on broadcast packets if AP isolation is ON and
+		 * the packet is coming from an "isolated" client
+		 */
+		if (batadv_vlan_ap_isola_get(bat_priv, vid) &&
+		    batadv_tt_global_is_isolated(bat_priv, ethhdr->h_source,
+						 vid)) {
+			/* save bits in skb->mark not covered by the mask and
+			 * apply the mark on the rest
+			 */
+			skb->mark &= ~bat_priv->isolation_mark_mask;
+			skb->mark |= bat_priv->isolation_mark;
+		}
+	} else if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source,
+					 ethhdr->h_dest, vid)) {
 		goto dropped;
+	}
  
 	netif_rx(skb);
 	goto out;
@@ -3577,4 +3577,30 @@
  
 	return 1;
 }
+
+/**
+ * batadv_tt_global_is_isolated - check if a client is marked as isolated
+ * @bat_priv: the bat priv with all the soft interface information
+ * @addr: the mac address of the client
+ * @vid: the identifier of the VLAN where this client is connected
+ *
+ * Returns true if the client is marked with the TT_CLIENT_ISOLA flag, false
+ * otherwise
+ */
+bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
+				  const uint8_t *addr, unsigned short vid)
+{
+	struct batadv_tt_global_entry *tt;
+	bool ret;
+
+	tt = batadv_tt_global_hash_find(bat_priv, addr, vid);
+	if (!tt)
+		return false;
+
+	ret = tt->common.flags & BATADV_TT_CLIENT_ISOLA;
+
+	batadv_tt_global_entry_free_ref(tt);
+
+	return ret;
+}
@@ -48,6 +48,8 @@
 					  struct batadv_orig_node *orig_node,
 					  const unsigned char *addr,
 					  unsigned short vid);
+bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
+				  const uint8_t *addr, unsigned short vid);
  
 #endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
...	...	@@ -399,9 +399,23 @@
399	399	batadv_tt_add_temporary_global_entry(bat_priv, orig_node,
400	400	ethhdr->h_source, vid);
401	401
402		- if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest,
403		- vid))
	402	+ if (is_multicast_ether_addr(ethhdr->h_dest)) {
	403	+ /* set the mark on broadcast packets if AP isolation is ON and
	404	+ * the packet is coming from an "isolated" client
	405	+ */
	406	+ if (batadv_vlan_ap_isola_get(bat_priv, vid) &&
	407	+ batadv_tt_global_is_isolated(bat_priv, ethhdr->h_source,
	408	+ vid)) {
	409	+ /* save bits in skb->mark not covered by the mask and
	410	+ * apply the mark on the rest
	411	+ */
	412	+ skb->mark &= ~bat_priv->isolation_mark_mask;
	413	+ skb->mark \|= bat_priv->isolation_mark;
	414	+ }
	415	+ } else if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source,
	416	+ ethhdr->h_dest, vid)) {
404	417	goto dropped;
	418	+ }
405	419
406	420	netif_rx(skb);
407	421	goto out;
...	...	@@ -3577,4 +3577,30 @@
3577	3577
3578	3578	return 1;
3579	3579	}
	3580	+
	3581	+/**
	3582	+ * batadv_tt_global_is_isolated - check if a client is marked as isolated
	3583	+ * @bat_priv: the bat priv with all the soft interface information
	3584	+ * @addr: the mac address of the client
	3585	+ * @vid: the identifier of the VLAN where this client is connected
	3586	+ *
	3587	+ * Returns true if the client is marked with the TT_CLIENT_ISOLA flag, false
	3588	+ * otherwise
	3589	+ */
	3590	+bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
	3591	+ const uint8_t *addr, unsigned short vid)
	3592	+{
	3593	+ struct batadv_tt_global_entry *tt;
	3594	+ bool ret;
	3595	+
	3596	+ tt = batadv_tt_global_hash_find(bat_priv, addr, vid);
	3597	+ if (!tt)
	3598	+ return false;
	3599	+
	3600	+ ret = tt->common.flags & BATADV_TT_CLIENT_ISOLA;
	3601	+
	3602	+ batadv_tt_global_entry_free_ref(tt);
	3603	+
	3604	+ return ret;
	3605	+}
...	...	@@ -48,6 +48,8 @@
48	48	struct batadv_orig_node *orig_node,
49	49	const unsigned char *addr,
50	50	unsigned short vid);
	51	+bool batadv_tt_global_is_isolated(struct batadv_priv *bat_priv,
	52	+ const uint8_t *addr, unsigned short vid);
51	53
52	54	#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */