From 845dc5b01cefe918597061f3b0534fd2a7b4ee1d Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Tue, 25 Mar 2008 14:32:49 +0000 Subject: This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack, but only for the new API - deprecated/extensions was left unchanged. Signed-off-by: Krzysztof Oledzki --- src/conntrack/build.c | 11 +++++++++++ src/conntrack/parse.c | 18 ++++++++++++++++++ src/conntrack/snprintf_default.c | 3 +++ src/conntrack/snprintf_xml.c | 1 + 4 files changed, 33 insertions(+) (limited to 'src/conntrack') diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 37dded0..cf65ef3 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -55,6 +55,7 @@ void __build_tuple_proto(struct nfnlhdr *req, nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT, &t->l4dst.tcp.port, sizeof(u_int16_t)); break; + case IPPROTO_ICMP: nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_CODE, &t->l4dst.icmp.code, sizeof(u_int8_t)); @@ -63,6 +64,16 @@ void __build_tuple_proto(struct nfnlhdr *req, nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_ID, &t->l4src.icmp.id, sizeof(u_int16_t)); break; + + case IPPROTO_ICMPV6: + nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_CODE, + &t->l4dst.icmp.code, sizeof(u_int8_t)); + nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_TYPE, + &t->l4dst.icmp.type, sizeof(u_int8_t)); + nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_ID, + &t->l4src.icmp.id, sizeof(u_int16_t)); + break; + default: break; } diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c index 6fc7732..e5e62c8 100644 --- a/src/conntrack/parse.c +++ b/src/conntrack/parse.c @@ -152,6 +152,24 @@ static void __parse_proto(const struct nfattr *attr, *(u_int16_t *)NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]); set_bit(ATTR_ICMP_ID, set); } + + if (tb[CTA_PROTO_ICMPV6_TYPE-1]) { + tuple->l4dst.icmp.type = + *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_TYPE-1]); + set_bit(ATTR_ICMP_TYPE, set); + } + + if (tb[CTA_PROTO_ICMPV6_CODE-1]) { + tuple->l4dst.icmp.code = + *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_CODE-1]); + set_bit(ATTR_ICMP_CODE, set); + } + + if (tb[CTA_PROTO_ICMPV6_ID-1]) { + tuple->l4src.icmp.id = + *(u_int16_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_ID-1]); + set_bit(ATTR_ICMP_ID, set); + } } void __parse_tuple(const struct nfattr *attr, diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c index 675be7a..5811290 100644 --- a/src/conntrack/snprintf_default.c +++ b/src/conntrack/snprintf_default.c @@ -12,6 +12,7 @@ static char *proto2str[IPPROTO_MAX] = { [IPPROTO_UDP] = "udp", [IPPROTO_UDPLITE] = "udplite", [IPPROTO_ICMP] = "icmp", + [IPPROTO_ICMPV6] = "icmpv6", [IPPROTO_SCTP] = "sctp" }; @@ -144,7 +145,9 @@ int __snprintf_proto(char *buf, ntohs(tuple->l4src.tcp.port), ntohs(tuple->l4dst.tcp.port)); break; + case IPPROTO_ICMP: + case IPPROTO_ICMPV6: /* The ID only makes sense some ICMP messages but we want to * display the same output that /proc/net/ip_conntrack does */ return (snprintf(buf, len, "type=%d code=%d id=%d ", diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c index 0bd4443..8b6d0cf 100644 --- a/src/conntrack/snprintf_xml.c +++ b/src/conntrack/snprintf_xml.c @@ -57,6 +57,7 @@ static char *proto2str[IPPROTO_MAX] = { [IPPROTO_UDP] = "udp", [IPPROTO_UDPLITE] = "udplite", [IPPROTO_ICMP] = "icmp", + [IPPROTO_ICMPV6] = "icmp6", [IPPROTO_SCTP] = "sctp" }; static char *l3proto2str[AF_MAX] = { -- cgit v1.2.3