[En-Nut-Discussion] src ip filtering addition
Damian Slee
damian at commtech.com.au
Thu Sep 18 09:36:31 CEST 2003
Hi,
I have made a change to allow/drop IP in packets, ie filter.
Can this be added to CVS? Attached modified ipin.c, ip.h from cvs yesterday.
Summary
-------
I have a callback function that I register with,
NutIpSetInputFilter(NutIpFilterFunc callbackFunc).
The callback receives the source IP address as a parmater. It returns 0 for allow, -1 for deny. The developer implements their own rule table.
e.g. Allows all devices on subnet 192.168.0.0/255.255.255.0 to talk to ethernut.
u_long myFilterIp;
u_long myFilterMask;
int MyNutIpFilter(u_long ip_src)
{
if ((ip_src & myFilterMask) == myFilterIp)
return 0;
return -1;
}
main()
{
// Do DHCP....
...
myFilterIp = inet_addr("192.168.0.0");
myFilterMask = inet_addr("255.255.255.0");
NutIpSetInputFilter(MyNutIpFilter);
...
}
-----------------------------------------------------------
Changes to ipin.c
Addition
NutIpFilterFunc NutIpFilter = 0;
void NutIpSetInputFilter(NutIpFilterFunc callbackFunc)
{
NutIpFilter = callbackFunc;
}
Change
void NutIpInput(NUTDEVICE * dev, NETBUF * nb)
{
...
/*
* Silently discard datagrams of different IP version
* and fragmented datagrams, and Filtered IP datagrams
*/
if (ip->ip_v != IPVERSION
|| (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) != 0
|| (NutIpFilter && NutIpFilter(ip->ip_src)))
{
NutNetBufFree(nb);
return;
}
...
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipin.zip
Type: application/x-zip-compressed
Size: 5946 bytes
Desc: ipin.zip
URL: <http://lists.egnite.de/pipermail/en-nut-discussion/attachments/20030918/03b1b37f/attachment-0001.bin>
More information about the En-Nut-Discussion
mailing list