[En-Nut-Discussion] src ip filtering addition

Damian Slee damian at commtech.com.au
Thu Sep 18 09:32:13 CEST 2003 

Hi,
I have made a change to allow/drop IP in packets, ie filter.  
Can this be added to CVS? Attached modified ipin.c, ip.h from cvs yesterday.

Summary
-------
I have a callback function that I register with,
NutIpSetInputFilter(NutIpFilterFunc callbackFunc).

The callback receives the source IP address as a parmater.  It returns 0 for allow, -1 for deny.  The developer implements their own rule table.


e.g.  Allows all devices on subnet 192.168.0.0/255.255.255.0 to talk to ethernut.
u_long myFilterIp;
u_long myFilterMask;

int MyNutIpFilter(u_long  ip_src)
{
	if ((ip_src & myFilterMask) == myFilterIp)
		return 0;
	return -1;
}

main()
{
	// Do DHCP....
...
	myFilterIp = inet_addr("192.168.0.0");
	myFilterMask = inet_addr("255.255.255.0");
	NutIpSetInputFilter(MyNutIpFilter);
...
}

-----------------------------------------------------------
Changes to ipin.c
Addition
NutIpFilterFunc NutIpFilter = 0;
void NutIpSetInputFilter(NutIpFilterFunc callbackFunc)
{
	NutIpFilter = callbackFunc;
}

Change
void NutIpInput(NUTDEVICE * dev, NETBUF * nb)
{
...
    /*
     * Silently discard datagrams of different IP version
     * and fragmented datagrams, and Filtered IP datagrams
     */
    if (ip->ip_v != IPVERSION
        || (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) != 0
		||  (NutIpFilter && NutIpFilter(ip->ip_src)))
	{
        NutNetBufFree(nb);
        return;
    }
...
}

Commtech Wireless
www.commtech.com.au (Australia)
www.commtechwireless.com (USA)
PO Box 1037
OPDC  WA  6916
Ph:+61 8 9242 5651
Fax:+61 8 9242 5652

Confidentiality/Limited Liability Statement
 
This message contains privileged and confidential information intended
only for the use of the addressee named above.  If you are not the 
intended recipient of this message, you must not disseminate, copy or 
take any action in reliance on it.  If you have received this message 
in error, please notify Commtech Wireless Pty Ltd immediately.  Any 
views expressed in this message are those of the individual sender, 
except where the sender specifically states them to be the views of 
Commtech Wireless. Additionally if prices are quoted in this document
 then you may consider this document to be an official quotation and the
 prices quoted are valid for a period of fourteen days from the date of this document.
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ip.h
Type: application/octet-stream
Size: 7380 bytes
Desc: ip.h
URL: <http://lists.egnite.de/pipermail/en-nut-discussion/attachments/20030918/ddca6ae8/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipin.c
Type: application/octet-stream
Size: 9047 bytes
Desc: ipin.c
URL: <http://lists.egnite.de/pipermail/en-nut-discussion/attachments/20030918/ddca6ae8/attachment-0003.obj>

More information about the En-Nut-Discussion mailing list