ct: add ICMPv6 type,code and ID

Add ICMPv6 type, code and ID (if set) by using the already available conntrack atttributes. Currently the ICMPv6 conntrack objects in libnl are without type, code and ID. This e. g. is the output of nl_object_dump() without the patch: ipv6-icmp ::1 <-> ::1 id 0xdd0871f0 family inet6 timeout 30s <NOREPLY,SNAT_INIT,DNAT_INIT> The attached patch tries to solve that. It then looks like ipv6-icmp ::1 <-> ::1 icmp type 128 code 0 id 28253 id 0xdf3a11f0 family inet6 timeout 30s <SNAT_INIT,DNAT_INIT> It is the 'small' approach, because it reuses the existing ICMP attributes of the conntrack object (currently only used for IPv4). This way I can avoid to add new _icmp6_get_, _icmp6_set_ and _icmp6_test_ functions. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Thomas Graf <tgraf@suug.ch>
2013-03-31 21:16:21 +02:00 · 2013-03-31 21:16:21 +02:00 · 18152ca916
commit 18152ca916
parent ff567100d6
1 changed files with 43 additions and 16 deletions
--- a/lib/netfilter/ct.c
+++ b/lib/netfilter/ct.c
@ -174,15 +174,28 @@ static int ct_parse_proto(struct nfnl_ct *ct, int repl, struct nlattr *attr)
 	if (tb[CTA_PROTO_DST_PORT])
 		nfnl_ct_set_dst_port(ct, repl,
 			ntohs(nla_get_u16(tb[CTA_PROTO_DST_PORT])));
-	if (tb[CTA_PROTO_ICMP_ID])
-		nfnl_ct_set_icmp_id(ct, repl,
-			ntohs(nla_get_u16(tb[CTA_PROTO_ICMP_ID])));
-	if (tb[CTA_PROTO_ICMP_TYPE])
-		nfnl_ct_set_icmp_type(ct, repl,
+
+	if (ct->ct_family == AF_INET) {
+		if (tb[CTA_PROTO_ICMP_ID])
+			nfnl_ct_set_icmp_id(ct, repl,
+				ntohs(nla_get_u16(tb[CTA_PROTO_ICMP_ID])));
+		if (tb[CTA_PROTO_ICMP_TYPE])
+			nfnl_ct_set_icmp_type(ct, repl,
 				nla_get_u8(tb[CTA_PROTO_ICMP_TYPE]));
-	if (tb[CTA_PROTO_ICMP_CODE])
-		nfnl_ct_set_icmp_code(ct, repl,
+		if (tb[CTA_PROTO_ICMP_CODE])
+			nfnl_ct_set_icmp_code(ct, repl,
 				nla_get_u8(tb[CTA_PROTO_ICMP_CODE]));
+	} else if (ct->ct_family == AF_INET6) {
+		if (tb[CTA_PROTO_ICMPV6_ID])
+			nfnl_ct_set_icmp_id(ct, repl,
+			    ntohs(nla_get_u16(tb[CTA_PROTO_ICMPV6_ID])));
+		if (tb[CTA_PROTO_ICMPV6_TYPE])
+			nfnl_ct_set_icmp_type(ct, repl,
+				nla_get_u8(tb[CTA_PROTO_ICMPV6_TYPE]));
+		if (tb[CTA_PROTO_ICMPV6_CODE])
+			nfnl_ct_set_icmp_code(ct, repl,
+				nla_get_u8(tb[CTA_PROTO_ICMPV6_CODE]));
+	}

 	return 0;
 }
@ -426,17 +439,31 @@ static int nfnl_ct_build_tuple(struct nl_msg *msg, const struct nfnl_ct *ct,
 		NLA_PUT_U16(msg, CTA_PROTO_DST_PORT,
 			htons(nfnl_ct_get_dst_port(ct, repl)));

-	if (nfnl_ct_test_icmp_id(ct, repl))
-		NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID,
-			htons(nfnl_ct_get_icmp_id(ct, repl)));
+	if (family == AF_INET) {
+		if (nfnl_ct_test_icmp_id(ct, repl))
+			NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID,
+						htons(nfnl_ct_get_icmp_id(ct, repl)));

-	if (nfnl_ct_test_icmp_type(ct, repl))
-		NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE,
-			    nfnl_ct_get_icmp_type(ct, repl));
+		if (nfnl_ct_test_icmp_type(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE,
+					   nfnl_ct_get_icmp_type(ct, repl));

-	if (nfnl_ct_test_icmp_code(ct, repl))
-		NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE,
-			    nfnl_ct_get_icmp_code(ct, repl));
+		if (nfnl_ct_test_icmp_code(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE,
+					   nfnl_ct_get_icmp_code(ct, repl));
+	} else if (family == AF_INET6) {
+		if (nfnl_ct_test_icmp_id(ct, repl))
+			NLA_PUT_U16(msg, CTA_PROTO_ICMPV6_ID,
+						htons(nfnl_ct_get_icmp_id(ct, repl)));
+
+		if (nfnl_ct_test_icmp_type(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMPV6_TYPE,
+					   nfnl_ct_get_icmp_type(ct, repl));
+
+		if (nfnl_ct_test_icmp_code(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMPV6_CODE,
+					   nfnl_ct_get_icmp_code(ct, repl));
+	}

 	nla_nest_end(msg, proto);