tr-bridge: Only receive 802.2 LLC frames on the ethernet side

This should prevent bridging any kind of IP/ARP/... stuff to TR.
This commit is contained in:
Harald Welte 2022-04-07 21:43:45 +02:00
parent 715c902eb7
commit 8e888081c7
1 changed files with 7 additions and 7 deletions

View File

@ -128,19 +128,19 @@ static int enable_promisc(int sk, int ifindex)
return 0; return 0;
} }
static int open_packet_socket(int ifindex) static int open_packet_socket(int ifindex, int proto)
{ {
struct sockaddr_ll addr; struct sockaddr_ll addr;
int fd, rc; int fd, rc;
memset(&addr, 0, sizeof(addr)); memset(&addr, 0, sizeof(addr));
addr.sll_family = AF_PACKET; addr.sll_family = AF_PACKET;
addr.sll_protocol = htons(ETH_P_ALL); addr.sll_protocol = htons(proto);
addr.sll_ifindex = ifindex; addr.sll_ifindex = ifindex;
/* we want only packets for _other_ hosts, not packets sent by us or received for us locally */ /* we want only packets for _other_ hosts, not packets sent by us or received for us locally */
addr.sll_pkttype = PACKET_OTHERHOST; addr.sll_pkttype = PACKET_OTHERHOST;
fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); fd = socket(AF_PACKET, SOCK_RAW, htons(proto));
if (fd < 0) { if (fd < 0) {
fprintf(stderr, "Can not create AF_PACKET socket. Are you root or have CAP_NET_RAW?\n"); fprintf(stderr, "Can not create AF_PACKET socket. Are you root or have CAP_NET_RAW?\n");
return fd; return fd;
@ -165,7 +165,7 @@ static int open_packet_socket(int ifindex)
return fd; return fd;
} }
static int open_packet_socket_for_netdev(const char *ifname) static int open_packet_socket_for_netdev(const char *ifname, int proto)
{ {
int rc; int rc;
@ -175,7 +175,7 @@ static int open_packet_socket_for_netdev(const char *ifname)
return rc; return rc;
} }
return open_packet_socket(rc); return open_packet_socket(rc, proto);
} }
@ -316,13 +316,13 @@ int main(int argc, char **argv)
tr_name = argv[1]; tr_name = argv[1];
eth_name = argv[2]; eth_name = argv[2];
bst.tr.socket = open_packet_socket_for_netdev(tr_name); bst.tr.socket = open_packet_socket_for_netdev(tr_name, htons(ETH_P_ALL));
if (bst.tr.socket < 0) { if (bst.tr.socket < 0) {
fprintf(stderr, "Error opening TR\n"); fprintf(stderr, "Error opening TR\n");
exit(1); exit(1);
} }
bst.eth.socket = open_packet_socket_for_netdev(eth_name); bst.eth.socket = open_packet_socket_for_netdev(eth_name, htons(ETH_P_802_2));
if (bst.eth.socket < 0) { if (bst.eth.socket < 0) {
fprintf(stderr, "Error opening ETH\n"); fprintf(stderr, "Error opening ETH\n");
exit(1); exit(1);