From d0218ea4573837d775c3e605913a45021f1526b9 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Mon, 29 Jul 2013 00:30:56 +0200 Subject: src: Add icmpv6 support This patch adds ICMPv6 support to nftables. It is now possible to write rules such as: nft add rule ip6 filter input icmpv6 type nd-router-advert accept Signed-off-by: Eric Leblond Signed-off-by: Pablo Neira Ayuso --- include/datatype.h | 2 ++ include/payload.h | 14 ++++++++++++++ 2 files changed, 16 insertions(+) (limited to 'include') diff --git a/include/datatype.h b/include/datatype.h index 053fbd93..239d5ea5 100644 --- a/include/datatype.h +++ b/include/datatype.h @@ -32,6 +32,7 @@ * @TYPE_CT_STATE: conntrack state (bitmask subtype) * @TYPE_CT_DIR: conntrack direction * @TYPE_CT_STATUS: conntrack status (bitmask subtype) + * @TYPE_ICMP6_TYPE: ICMPv6 type codes (integer subtype) */ enum datatypes { TYPE_INVALID, @@ -62,6 +63,7 @@ enum datatypes { TYPE_CT_STATE, TYPE_CT_DIR, TYPE_CT_STATUS, + TYPE_ICMP6_TYPE, __TYPE_MAX }; #define TYPE_MAX (__TYPE_MAX - 1) diff --git a/include/payload.h b/include/payload.h index 8f5398b7..c9cc84f3 100644 --- a/include/payload.h +++ b/include/payload.h @@ -197,6 +197,18 @@ enum icmp_hdr_fields { ICMPHDR_MTU, }; +enum icmp6_hdr_fields { + ICMP6HDR_INVALID, + ICMP6HDR_TYPE, + ICMP6HDR_CODE, + ICMP6HDR_CHECKSUM, + ICMP6HDR_PPTR, + ICMP6HDR_MTU, + ICMP6HDR_ID, + ICMP6HDR_SEQ, + ICMP6HDR_MAXDELAY, +}; + enum ip6_hdr_fields { IP6HDR_INVALID, IP6HDR_VERSION, @@ -207,6 +219,7 @@ enum ip6_hdr_fields { IP6HDR_HOPLIMIT, IP6HDR_SADDR, IP6HDR_DADDR, + IP6HDR_PROTOCOL, }; enum ah_hdr_fields { @@ -278,6 +291,7 @@ extern const struct payload_desc payload_udplite; extern const struct payload_desc payload_tcp; extern const struct payload_desc payload_dccp; extern const struct payload_desc payload_sctp; +extern const struct payload_desc payload_icmp6; extern const struct payload_desc payload_ip; extern const struct payload_desc payload_ip6; -- cgit v1.2.3