--- zzzz-none-000/linux-3.18.24/net/netfilter/xt_mac.c 2015-10-31 20:39:51.000000000 +0000 +++ rtl96-5690pro-762/linux-3.18.24/net/netfilter/xt_mac.c 2024-08-14 08:36:37.000000000 +0000 @@ -28,8 +28,56 @@ static bool mac_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_mac_info *info = par->matchinfo; - bool ret; + //bool ret; + int i, invert; + unsigned char info_addr[ETH_ALEN]; + unsigned char pkt_addr[ETH_ALEN]; +#if 1 + if (info->flags & MAC_SRC) { + invert = !!(info->flags & MAC_SRC_INV); + if (info->flags & SRC_MASK) { + for (i=0; isrcaddr[i] & info->srcmask[i]); + pkt_addr[i] = (eth_hdr(skb)->h_source[i] & info->srcmask[i]); + } + if (skb_mac_header(skb) < skb->head + || (skb_mac_header(skb) + ETH_HLEN) > skb->data + || ((!ether_addr_equal(pkt_addr, info_addr)) + ^ invert)) + return 0; + } + else { + if (skb_mac_header(skb) < skb->head + || (skb_mac_header(skb) + ETH_HLEN) > skb->data + || ((!ether_addr_equal(eth_hdr(skb)->h_source, info->srcaddr)) + ^ invert)) + return 0; + } + } + if (info->flags & MAC_DST) { + invert = !!(info->flags & MAC_DST_INV); + if (info->flags & DST_MASK) { + for (i=0; idstaddr[i] & info->dstmask[i]); + pkt_addr[i] = (eth_hdr(skb)->h_dest[i] & info->dstmask[i]); + } + if (skb_mac_header(skb) < skb->head + || (skb_mac_header(skb) + ETH_HLEN) > skb->data + || ((!ether_addr_equal(pkt_addr, info_addr)) + ^ invert)) + return 0; + } + else { + if (skb_mac_header(skb) < skb->head + || (skb_mac_header(skb) + ETH_HLEN) > skb->data + || ((!ether_addr_equal(eth_hdr(skb)->h_dest, info->dstaddr)) + ^ invert)) + return 0; + } + } + return 1; +#else if (skb->dev == NULL || skb->dev->type != ARPHRD_ETHER) return false; if (skb_mac_header(skb) < skb->head) @@ -39,6 +87,7 @@ ret = ether_addr_equal(eth_hdr(skb)->h_source, info->srcaddr); ret ^= info->invert; return ret; +#endif } static struct xt_match mac_mt_reg __read_mostly = {