-
Notifications
You must be signed in to change notification settings - Fork 2
/
tc.c
100 lines (89 loc) · 2.73 KB
/
tc.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "tc.h"
#include "log.h"
#include <stdio.h>
#include <stdlib.h>
/*
* if=eth0
*
* # qdisc anlegen:
* tc qdisc add dev $if ingress
*
* # alles sperren:
* tc filter add dev $if protocol all parent ffff: prio 65535 basic match "u32(u16 0x4305 0xffff at -2)" flowid :1 action drop
*
* # eine mac frei schalten:
* tc filter add dev $if protocol all parent ffff: prio 99 basic match "u32(u32 0xf81a67a5 0xffffffff at -8)" and "u32(u16 0xf4cb 0xffff at -4)" flowid :1 action pass
*
* # qdisc anzeigen
* tc qdisc
*
* # qdisc löschen
* tc qdisc del dev $if ingress
*
* # filter anzeigen
* tc filter show dev $if ingress
*/
extern const char *g_interface;
void tc_add_qdisc_ingress()
{
char cmd[2048];
snprintf(cmd, 2048, "tc qdisc add dev %s ingress", g_interface);
log_trace("CMD: %s\n", cmd);
system(cmd);
}
void tc_del_qdisc_ingress()
{
char cmd[2048];
snprintf(cmd, 2048, "tc qdisc del dev %s ingress", g_interface);
log_trace("CMD: %s\n", cmd);
system(cmd);
}
void tc_block_all()
{
char cmd[2048];
snprintf(cmd, 2048, "tc filter add dev %s protocol all parent ffff: prio 65535 basic match \"u32(u16 0x4305 0xffff at -2)\" flowid :1 action drop", g_interface);
log_trace("CMD: %s\n", cmd);
system(cmd);
}
void tc_allow_mac(const uint8_t mac[], uint8_t prio)
{
char cmd[2048];
char mac32[9];
char mac16[5];
snprintf(mac32, 9, "%02x%02x%02x%02x", mac[0], mac[1], mac[2], mac[3]);
snprintf(mac16, 5, "%02x%02x", mac[4], mac[5]);
snprintf(cmd, 2048, "tc filter add dev %s protocol all parent ffff: prio %d "
"basic match \"u32(u32 0x%s 0x%s at -8)\" "
"and \"u32(u16 0x%s 0x%s at -4)\" flowid :1 action pass",
g_interface, prio, mac32, mac32, mac16, mac16);
log_trace("CMD: %s\n", cmd);
system(cmd);
}
void tc_disallow_mac(const uint8_t mac[], uint8_t prio)
{
char cmd[2048];
char mac32[9];
char mac16[5];
snprintf(mac32, 9, "%02x%02x%02x%02x", mac[0], mac[1], mac[2], mac[3]);
snprintf(mac16, 5, "%02x%02x", mac[4], mac[5]);
snprintf(cmd, 2048, "tc filter delete dev %s protocol all parent ffff: prio %d "
"basic match \"u32(u32 0x%s 0x%s at -8)\" "
"and \"u32(u16 0x%s 0x%s at -4)\" flowid :1 action pass",
g_interface, prio, mac32, mac32, mac16, mac16);
log_trace("CMD: %s\n", cmd);
system(cmd);
}
void tc_start()
{
log_debug("[t] Removing old qdisc.\n");
tc_del_qdisc_ingress(); // in case a old session is sill there
log_debug("[t] Adding qdisc.\n");
tc_add_qdisc_ingress();
log_debug("[t] Blocking all batman-adv traffic.\n");
tc_block_all();
}
void tc_stop()
{
log_debug("[t] Removing qdisc.\n");
tc_del_qdisc_ingress();
}