net: npf: add the ability to do MAC address masked matching

Add the ability to do matching on partial MAC addresses.

Signed-off-by: Nicolas Pitre <npitre@baylibre.com>

include/net/net_pkt_filter.h

@@ -41,15 +41,15 @@ typedef bool (npf_test_fn_t)(struct npf_test *test, struct net_pkt *pkt);
 
 /** @brief common filter test structure to be embedded into larger structures */
 struct npf_test {
-	npf_test_fn_t *fn;	/*< packet condition test function */
+	npf_test_fn_t *fn;	/**< packet condition test function */
 };
 
 /** @brief filter rule structure */
 struct npf_rule {
 	sys_snode_t node;
-	enum net_verdict result;	/*< result if all tests pass */
-	uint32_t nb_tests;		/*< number of tests in this rule */
-	struct npf_test *tests[];	/*< pointers to @ref npf_test instances */
+	enum net_verdict result;	/**< result if all tests pass */
+	uint32_t nb_tests;		/**< number of tests for this rule */
+	struct npf_test *tests[];	/**< pointers to @ref npf_test instances */
 };
 
 /** @brief Default rule list termination for accepting a packet */
@@ -310,6 +310,7 @@ struct npf_test_eth_addr {
 	struct npf_test test;
 	unsigned int nb_addresses;
 	struct net_eth_addr *addresses;
+	struct net_eth_addr mask;
 };
 
 extern npf_test_fn_t npf_eth_src_addr_match;
@@ -333,6 +334,7 @@ extern npf_test_fn_t npf_eth_dst_addr_unmatch;
 		.addresses = (_addr_array), \
 		.nb_addresses = ARRAY_SIZE(_addr_array), \
 		.test.fn = npf_eth_src_addr_match, \
+		.mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \
 	}
 
 /**
@@ -349,6 +351,7 @@ extern npf_test_fn_t npf_eth_dst_addr_unmatch;
 		.addresses = (_addr_array), \
 		.nb_addresses = ARRAY_SIZE(_addr_array), \
 		.test.fn = npf_eth_src_addr_unmatch, \
+		.mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \
 	}
 
 /**
@@ -365,6 +368,7 @@ extern npf_test_fn_t npf_eth_dst_addr_unmatch;
 		.addresses = (_addr_array), \
 		.nb_addresses = ARRAY_SIZE(_addr_array), \
 		.test.fn = npf_eth_dst_addr_match, \
+		.mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \
 	}
 
 /**
@@ -381,6 +385,43 @@ extern npf_test_fn_t npf_eth_dst_addr_unmatch;
 		.addresses = (_addr_array), \
 		.nb_addresses = ARRAY_SIZE(_addr_array), \
 		.test.fn = npf_eth_dst_addr_unmatch, \
+		.mask.addr = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, \
+	}
+
+/**
+ * @brief Statically define a "source address match with mask" packet filter condition
+ *
+ * This tests if the packet source address matches any of the Ethernet
+ * addresses contained in the provided set after applying specified mask.
+ *
+ * @param _name Name of the condition
+ * @param _addr_array Array of <tt>struct net_eth_addr</tt> items to test against
+ * @param ... up to 6 mask bytes
+ */
+#define NPF_ETH_SRC_ADDR_MASK_MATCH(_name, _addr_array, ...) \
+	struct npf_test_eth_addr _name = { \
+		.addresses = (_addr_array), \
+		.nb_addresses = ARRAY_SIZE(_addr_array), \
+		.mask.addr = { __VA_ARGS__ }, \
+		.test.fn = npf_eth_src_addr_match, \
+	}
+
+/**
+ * @brief Statically define a "destination address match with mask" packet filter condition
+ *
+ * This tests if the packet destination address matches any of the Ethernet
+ * addresses contained in the provided set after applying specified mask.
+ *
+ * @param _name Name of the condition
+ * @param _addr_array Array of <tt>struct net_eth_addr</tt> items to test against
+ * @param ... up to 6 mask bytes
+ */
+#define NPF_ETH_DST_ADDR_MASK_MATCH(_name, _addr_array, ...) \
+	struct npf_test_eth_addr _name = { \
+		.addresses = (_addr_array), \
+		.nb_addresses = ARRAY_SIZE(_addr_array), \
+		.mask.addr = { __VA_ARGS__ }, \
+		.test.fn = npf_eth_dst_addr_match, \
 	}
 
 /** @cond INTERNAL_HIDDEN */