summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-03-25 14:32:49 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-03-25 14:32:49 +0000
commit845dc5b01cefe918597061f3b0534fd2a7b4ee1d (patch)
tree1788dde3561bd096deade15249c0f11c12e23e66
parentea5ae395bef0188a0f3d85444e9ae7abb611e051 (diff)
This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,
but only for the new API - deprecated/extensions was left unchanged. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
-rw-r--r--src/conntrack/build.c11
-rw-r--r--src/conntrack/parse.c18
-rw-r--r--src/conntrack/snprintf_default.c3
-rw-r--r--src/conntrack/snprintf_xml.c1
4 files changed, 33 insertions, 0 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 37dded0..cf65ef3 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -55,6 +55,7 @@ void __build_tuple_proto(struct nfnlhdr *req,
nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT,
&t->l4dst.tcp.port, sizeof(u_int16_t));
break;
+
case IPPROTO_ICMP:
nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_CODE,
&t->l4dst.icmp.code, sizeof(u_int8_t));
@@ -63,6 +64,16 @@ void __build_tuple_proto(struct nfnlhdr *req,
nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_ID,
&t->l4src.icmp.id, sizeof(u_int16_t));
break;
+
+ case IPPROTO_ICMPV6:
+ nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_CODE,
+ &t->l4dst.icmp.code, sizeof(u_int8_t));
+ nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_TYPE,
+ &t->l4dst.icmp.type, sizeof(u_int8_t));
+ nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_ID,
+ &t->l4src.icmp.id, sizeof(u_int16_t));
+ break;
+
default:
break;
}
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 6fc7732..e5e62c8 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -152,6 +152,24 @@ static void __parse_proto(const struct nfattr *attr,
*(u_int16_t *)NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]);
set_bit(ATTR_ICMP_ID, set);
}
+
+ if (tb[CTA_PROTO_ICMPV6_TYPE-1]) {
+ tuple->l4dst.icmp.type =
+ *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_TYPE-1]);
+ set_bit(ATTR_ICMP_TYPE, set);
+ }
+
+ if (tb[CTA_PROTO_ICMPV6_CODE-1]) {
+ tuple->l4dst.icmp.code =
+ *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_CODE-1]);
+ set_bit(ATTR_ICMP_CODE, set);
+ }
+
+ if (tb[CTA_PROTO_ICMPV6_ID-1]) {
+ tuple->l4src.icmp.id =
+ *(u_int16_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_ID-1]);
+ set_bit(ATTR_ICMP_ID, set);
+ }
}
void __parse_tuple(const struct nfattr *attr,
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index 675be7a..5811290 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -12,6 +12,7 @@ static char *proto2str[IPPROTO_MAX] = {
[IPPROTO_UDP] = "udp",
[IPPROTO_UDPLITE] = "udplite",
[IPPROTO_ICMP] = "icmp",
+ [IPPROTO_ICMPV6] = "icmpv6",
[IPPROTO_SCTP] = "sctp"
};
@@ -144,7 +145,9 @@ int __snprintf_proto(char *buf,
ntohs(tuple->l4src.tcp.port),
ntohs(tuple->l4dst.tcp.port));
break;
+
case IPPROTO_ICMP:
+ case IPPROTO_ICMPV6:
/* The ID only makes sense some ICMP messages but we want to
* display the same output that /proc/net/ip_conntrack does */
return (snprintf(buf, len, "type=%d code=%d id=%d ",
diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c
index 0bd4443..8b6d0cf 100644
--- a/src/conntrack/snprintf_xml.c
+++ b/src/conntrack/snprintf_xml.c
@@ -57,6 +57,7 @@ static char *proto2str[IPPROTO_MAX] = {
[IPPROTO_UDP] = "udp",
[IPPROTO_UDPLITE] = "udplite",
[IPPROTO_ICMP] = "icmp",
+ [IPPROTO_ICMPV6] = "icmp6",
[IPPROTO_SCTP] = "sctp"
};
static char *l3proto2str[AF_MAX] = {