diff options
| author | Florian Westphal <fw@strlen.de> | 2020-12-08 17:36:23 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2020-12-09 18:33:53 +0100 |
| commit | be891463f1cd31df6f33ce72ba1ac80de799624a (patch) | |
| tree | 2fc9cabbbdb17d84c1d063c982740a545b18bc4d | |
| parent | a99a377dde8e7af4c5eeb79a476756e379354d71 (diff) | |
src: add auto-dependencies for ipv6 icmp6
Extend the earlier commit to also cover icmpv6.
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | include/proto.h | 4 | ||||
| -rw-r--r-- | src/evaluate.c | 2 | ||||
| -rw-r--r-- | src/payload.c | 33 | ||||
| -rw-r--r-- | src/proto.c | 26 |
4 files changed, 53 insertions, 12 deletions
diff --git a/include/proto.h b/include/proto.h index f383291b..b9217588 100644 --- a/include/proto.h +++ b/include/proto.h @@ -30,6 +30,10 @@ enum icmp_hdr_field_type { PROTO_ICMP_ECHO, /* echo and reply */ PROTO_ICMP_MTU, /* destination unreachable */ PROTO_ICMP_ADDRESS, /* redirect */ + PROTO_ICMP6_MTU, + PROTO_ICMP6_PPTR, + PROTO_ICMP6_ECHO, + PROTO_ICMP6_MGMQ, }; /** diff --git a/src/evaluate.c b/src/evaluate.c index 3eb8e1bf..e776cd01 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -729,7 +729,7 @@ static int __expr_evaluate_payload(struct eval_ctx *ctx, struct expr *expr) payload->payload.offset += ctx->pctx.protocol[base].offset; check_icmp: - if (desc != &proto_icmp) + if (desc != &proto_icmp && desc != &proto_icmp6) return 0; tmpl = expr->payload.tmpl; diff --git a/src/payload.c b/src/payload.c index 54b08f05..7cfa530c 100644 --- a/src/payload.c +++ b/src/payload.c @@ -20,6 +20,7 @@ #include <linux/netfilter.h> #include <linux/if_ether.h> #include <netinet/ip_icmp.h> +#include <netinet/icmp6.h> #include <rule.h> #include <expression.h> @@ -677,8 +678,12 @@ static uint8_t icmp_dep_to_type(enum icmp_hdr_field_type t) case PROTO_ICMP_ANY: BUG("Invalid map for simple dependency"); case PROTO_ICMP_ECHO: return ICMP_ECHO; + case PROTO_ICMP6_ECHO: return ICMP6_ECHO_REQUEST; case PROTO_ICMP_MTU: return ICMP_DEST_UNREACH; case PROTO_ICMP_ADDRESS: return ICMP_REDIRECT; + case PROTO_ICMP6_MTU: return ICMP6_PACKET_TOO_BIG; + case PROTO_ICMP6_MGMQ: return MLD_LISTENER_QUERY; + case PROTO_ICMP6_PPTR: return ICMP6_PARAM_PROB; } BUG("Missing icmp type mapping"); @@ -1023,6 +1028,34 @@ int payload_gen_icmp_dependency(struct eval_ctx *ctx, const struct expr *expr, &icmp_type_type, desc, type); break; + case PROTO_ICMP6_ECHO: + if (ctx->pctx.th_dep.icmp.type == ICMP6_ECHO_REQUEST || + ctx->pctx.th_dep.icmp.type == ICMP6_ECHO_REPLY) + goto done; + + type = ICMP6_ECHO_REQUEST; + if (ctx->pctx.th_dep.icmp.type) + goto bad_proto; + + stmt = __payload_gen_icmp_echo_dependency(ctx, expr, + ICMP6_ECHO_REQUEST, + ICMP6_ECHO_REPLY, + &icmp6_type_type, + desc); + break; + case PROTO_ICMP6_MTU: + case PROTO_ICMP6_MGMQ: + case PROTO_ICMP6_PPTR: + type = icmp_dep_to_type(tmpl->icmp_dep); + if (ctx->pctx.th_dep.icmp.type == type) + goto done; + if (ctx->pctx.th_dep.icmp.type) + goto bad_proto; + stmt = __payload_gen_icmp_simple_dependency(ctx, expr, + &icmp6_type_type, + desc, type); + break; + break; default: BUG("Unhandled icmp dependency code"); } diff --git a/src/proto.c b/src/proto.c index d3371ac6..b75626df 100644 --- a/src/proto.c +++ b/src/proto.c @@ -396,16 +396,19 @@ const struct datatype icmp_type_type = { .sym_tbl = &icmp_type_tbl, }; -#define ICMPHDR_FIELD(__token, __member, __dep) \ +#define ICMP46HDR_FIELD(__token, __struct, __member, __dep) \ { \ .token = (__token), \ .dtype = &integer_type, \ .byteorder = BYTEORDER_BIG_ENDIAN, \ - .offset = offsetof(struct icmphdr, __member) * 8, \ - .len = field_sizeof(struct icmphdr, __member) * 8, \ + .offset = offsetof(__struct, __member) * 8, \ + .len = field_sizeof(__struct, __member) * 8, \ .icmp_dep = (__dep), \ } +#define ICMPHDR_FIELD(__token, __member, __dep) \ + ICMP46HDR_FIELD(__token, struct icmphdr, __member, __dep) + #define ICMPHDR_TYPE(__name, __type, __member) \ HDR_TYPE(__name, __type, struct icmphdr, __member) @@ -822,8 +825,8 @@ const struct datatype icmp6_type_type = { .sym_tbl = &icmp6_type_tbl, }; -#define ICMP6HDR_FIELD(__name, __member) \ - HDR_FIELD(__name, struct icmp6_hdr, __member) +#define ICMP6HDR_FIELD(__token, __member, __dep) \ + ICMP46HDR_FIELD(__token, struct icmp6_hdr, __member, __dep) #define ICMP6HDR_TYPE(__name, __type, __member) \ HDR_TYPE(__name, __type, struct icmp6_hdr, __member) @@ -831,17 +834,18 @@ const struct proto_desc proto_icmp6 = { .name = "icmpv6", .id = PROTO_DESC_ICMPV6, .base = PROTO_BASE_TRANSPORT_HDR, + .protocol_key = ICMP6HDR_TYPE, .checksum_key = ICMP6HDR_CHECKSUM, .checksum_type = NFT_PAYLOAD_CSUM_INET, .templates = { [ICMP6HDR_TYPE] = ICMP6HDR_TYPE("type", &icmp6_type_type, icmp6_type), [ICMP6HDR_CODE] = ICMP6HDR_TYPE("code", &icmpv6_code_type, icmp6_code), - [ICMP6HDR_CHECKSUM] = ICMP6HDR_FIELD("checksum", icmp6_cksum), - [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr), - [ICMP6HDR_MTU] = ICMP6HDR_FIELD("mtu", icmp6_mtu), - [ICMP6HDR_ID] = ICMP6HDR_FIELD("id", icmp6_id), - [ICMP6HDR_SEQ] = ICMP6HDR_FIELD("sequence", icmp6_seq), - [ICMP6HDR_MAXDELAY] = ICMP6HDR_FIELD("max-delay", icmp6_maxdelay), + [ICMP6HDR_CHECKSUM] = ICMP6HDR_FIELD("checksum", icmp6_cksum, PROTO_ICMP_ANY), + [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr, PROTO_ICMP6_PPTR), + [ICMP6HDR_MTU] = ICMP6HDR_FIELD("mtu", icmp6_mtu, PROTO_ICMP6_MTU), + [ICMP6HDR_ID] = ICMP6HDR_FIELD("id", icmp6_id, PROTO_ICMP6_ECHO), + [ICMP6HDR_SEQ] = ICMP6HDR_FIELD("sequence", icmp6_seq, PROTO_ICMP6_ECHO), + [ICMP6HDR_MAXDELAY] = ICMP6HDR_FIELD("max-delay", icmp6_maxdelay, PROTO_ICMP6_MGMQ), }, }; |