michaelh/zephyr
1
0
Fork 0
Code Releases Activity

net: pkt_filter: Add VLAN support to filtering

Browse source 
The Ethernet matching needs tweaking so that it will also
work with VLAN packets.

Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This commit is contained in:
Jukka Rissanen 2025-04-12 11:08:52 +03:00 committed by Benjamin Cabé
commit 4c01b37bda
3 changed files with 59 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

36
include/zephyr/net/net_pkt_filter.h
View file

@ -58,6 +58,8 @@ enum npf_test_type {
NPF_TEST_TYPE_ETH_DST_ADDR_MASK_MATCH, NPF_TEST_TYPE_ETH_DST_ADDR_MASK_MATCH,
NPF_TEST_TYPE_ETH_TYPE_MATCH, NPF_TEST_TYPE_ETH_TYPE_MATCH,
NPF_TEST_TYPE_ETH_TYPE_UNMATCH, NPF_TEST_TYPE_ETH_TYPE_UNMATCH,
NPF_TEST_TYPE_ETH_VLAN_TYPE_MATCH,
NPF_TEST_TYPE_ETH_VLAN_TYPE_UNMATCH,
}; };
#if defined(CONFIG_NET_PKT_FILTER_LOG_LEVEL_DBG) || \ #if defined(CONFIG_NET_PKT_FILTER_LOG_LEVEL_DBG) || \
@ -604,6 +606,8 @@ struct npf_test_eth_type {
extern npf_test_fn_t npf_eth_type_match; extern npf_test_fn_t npf_eth_type_match;
extern npf_test_fn_t npf_eth_type_unmatch; extern npf_test_fn_t npf_eth_type_unmatch;
extern npf_test_fn_t npf_eth_vlan_type_match;
extern npf_test_fn_t npf_eth_vlan_type_unmatch;
/** @endcond */ /** @endcond */
@ -637,6 +641,38 @@ extern npf_test_fn_t npf_eth_type_unmatch;
.test.type = NPF_TEST_TYPE_ETH_TYPE_UNMATCH,)) \ .test.type = NPF_TEST_TYPE_ETH_TYPE_UNMATCH,)) \
} }
/**
* @brief Statically define an "Ethernet VLAN header type match" packet
* filter condition.
*
* @param _name Name of the condition
* @param _type Ethernet VLAN header type to match
*/
#define NPF_ETH_VLAN_TYPE_MATCH(_name, _type) \
struct npf_test_eth_type _name = { \
.type = htons(_type), \
.test.fn = npf_eth_vlan_type_match, \
IF_ENABLED(NPF_TEST_ENABLE_NAME, \
(.test.name = "eth vlan type", \
.test.type = NPF_TEST_TYPE_ETH_VLAN_TYPE_MATCH,)) \
}
/**
* @brief Statically define an "Ethernet VLAN header type unmatch" packet
* filter condition.
*
* @param _name Name of the condition
* @param _type Ethernet VLAN header type to exclude
*/
#define NPF_ETH_VLAN_TYPE_UNMATCH(_name, _type) \
struct npf_test_eth_type _name = { \
.type = htons(_type), \
.test.fn = npf_eth_vlan_type_unmatch, \
IF_ENABLED(NPF_TEST_ENABLE_NAME, \
(.test.name = "!eth vlan type", \
.test.type = NPF_TEST_TYPE_ETH_VLAN_TYPE_UNMATCH,)) \
}
/** Type of the packet filter rule. */ /** Type of the packet filter rule. */
enum npf_rule_type { enum npf_rule_type {
NPF_RULE_TYPE_UNKNOWN = 0, /**< Unknown rule type */ NPF_RULE_TYPE_UNKNOWN = 0, /**< Unknown rule type */

4
subsys/net/pkt_filter/base.c
View file

@ -449,7 +449,9 @@ const char *npf_test_get_str(struct npf_test *test, char *buf, size_t len)
buf[pos] = ']'; buf[pos] = ']';
} else if (test->type == NPF_TEST_TYPE_ETH_TYPE_MATCH || } else if (test->type == NPF_TEST_TYPE_ETH_TYPE_MATCH ||
test->type == NPF_TEST_TYPE_ETH_TYPE_UNMATCH) { test->type == NPF_TEST_TYPE_ETH_TYPE_UNMATCH ||
test->type == NPF_TEST_TYPE_ETH_VLAN_TYPE_MATCH ||
test->type == NPF_TEST_TYPE_ETH_VLAN_TYPE_UNMATCH) {
struct npf_test_eth_type *test_eth = struct npf_test_eth_type *test_eth =
CONTAINER_OF(test, struct npf_test_eth_type, test); CONTAINER_OF(test, struct npf_test_eth_type, test);

20
subsys/net/pkt_filter/ethernet.c
View file

@ -83,3 +83,23 @@ bool npf_eth_type_unmatch(struct npf_test *test, struct net_pkt *pkt)
{ {
return !npf_eth_type_match(test, pkt); return !npf_eth_type_match(test, pkt);
} }
bool npf_eth_vlan_type_match(struct npf_test *test, struct net_pkt *pkt)
{
struct npf_test_eth_type *test_eth_type =
CONTAINER_OF(test, struct npf_test_eth_type, test);
struct net_eth_vlan_hdr *eth_hdr =
(struct net_eth_vlan_hdr *)NET_ETH_HDR(pkt);
/* note: type_match->type is assumed to be in network order already */
NET_DBG("proto type 0x%04x pkt 0x%04x",
ntohs(test_eth_type->type),
ntohs(eth_hdr->type));
return eth_hdr->type == test_eth_type->type;
}
bool npf_eth_vlan_type_unmatch(struct npf_test *test, struct net_pkt *pkt)
{
return !npf_eth_vlan_type_match(test, pkt);
}