diff options
Diffstat (limited to 'src/conntrack')
-rw-r--r-- | src/conntrack/setter.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index 5ba8e40..62be3e6 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -6,6 +6,26 @@ */ #include "internal.h" +#include <linux/icmp.h> +#include <linux/icmpv6.h> + +static const u_int8_t invmap_icmp[] = { + [ICMP_ECHO] = ICMP_ECHOREPLY + 1, + [ICMP_ECHOREPLY] = ICMP_ECHO + 1, + [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, + [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, + [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, + [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, + [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, + [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1 +}; + +static u_int8_t invmap_icmpv6[] = { + [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1, + [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1, + [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1, + [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1 +}; static void set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value) { @@ -69,17 +89,40 @@ static void set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value) static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value) { + u_int8_t rtype; + ct->tuple[__DIR_ORIG].l4dst.icmp.type = *((u_int8_t *) value); + + switch(ct->tuple[__DIR_ORIG].l3protonum) { + case AF_INET: + rtype = invmap_icmp[*((u_int8_t *) value)]; + break; + + case AF_INET6: + rtype = invmap_icmpv6[*((u_int8_t *) value) - 128]; + break; + + default: + rtype = 0; /* not found */ + } + + if (rtype) + ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1; + else + ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* will fail with -EINVAL */ + } static void set_attr_icmp_code(struct nf_conntrack *ct, const void *value) { ct->tuple[__DIR_ORIG].l4dst.icmp.code = *((u_int8_t *) value); + ct->tuple[__DIR_REPL].l4dst.icmp.code = *((u_int8_t *) value); } static void set_attr_icmp_id(struct nf_conntrack *ct, const void *value) { ct->tuple[__DIR_ORIG].l4src.icmp.id = *((u_int16_t *) value); + ct->tuple[__DIR_REPL].l4src.icmp.id = *((u_int16_t *) value); } static void set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value) |