[PATCH 1/3] Add ICMPv6 support in libnetfilter

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/3] Add ICMPv6 support in libnetfilter_conntrack
@ 2008-03-24  2:05 Krzysztof Oledzki
  2008-03-25 14:24 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Krzysztof Oledzki @ 2008-03-24  2:05 UTC (permalink / raw)
  To: pablo, netfilter-devel


This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,
but only for the new API - deprecated/extensions was left unchanged.

Before:
# conntrack -E
    [NEW] unknown  58 30 src=::1 dst=::1 [UNREPLIED] src=::1 dst=::1
 [UPDATE] unknown  58 30 src=::1 dst=::1 src=::1 dst=::1
[DESTROY] unknown  58 src=::1 dst=::1 packets=1 bytes=104 src=::1 dst=::1 packets=0 bytes=0

After:
# conntrack -E 
    [NEW] icmpv6   58 30 src=::1 dst=::1 type=128 code=0 id=38737 [UNREPLIED] src=::1 dst=::1 type=129 code=0 id=38737
 [UPDATE] icmpv6   58 30 src=::1 dst=::1 type=128 code=0 id=38737 src=::1 dst=::1 type=129 code=0 id=38737
[DESTROY] icmpv6   58 src=::1 dst=::1 type=128 code=0 id=38737 packets=1 bytes=104 src=::1 dst=::1 type=129 code=0 id=38737 packets=0 bytes=0

Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>

diff -Nur libnetfilter_conntrack-20080309-orig/src/conntrack/build.c libnetfilter_conntrack-20080309-tmp/src/conntrack/build.c
--- libnetfilter_conntrack-20080309-orig/src/conntrack/build.c	2008-02-09 21:01:39.000000000 +0100
+++ libnetfilter_conntrack-20080309-tmp/src/conntrack/build.c	2008-03-23 20:30:05.000000000 +0100
@@ -55,6 +55,7 @@
 		nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT,
 			       &t->l4dst.tcp.port, sizeof(u_int16_t));
 		break;
+
 	case IPPROTO_ICMP:
 		nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_CODE,
 			       &t->l4dst.icmp.code, sizeof(u_int8_t));
@@ -63,6 +64,16 @@
 		nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_ID,
 			       &t->l4src.icmp.id, sizeof(u_int16_t));
 		break;
+
+	case IPPROTO_ICMPV6:
+		nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_CODE,
+			       &t->l4dst.icmp.code, sizeof(u_int8_t));
+		nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_TYPE,
+			       &t->l4dst.icmp.type, sizeof(u_int8_t));
+		nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMPV6_ID,
+			       &t->l4src.icmp.id, sizeof(u_int16_t));
+		break;
+
 	default:
 		break;
 	}
diff -Nur libnetfilter_conntrack-20080309-orig/src/conntrack/parse.c libnetfilter_conntrack-20080309-tmp/src/conntrack/parse.c
--- libnetfilter_conntrack-20080309-orig/src/conntrack/parse.c	2008-02-09 21:01:39.000000000 +0100
+++ libnetfilter_conntrack-20080309-tmp/src/conntrack/parse.c	2008-03-23 20:26:57.000000000 +0100
@@ -152,6 +152,24 @@
 			*(u_int16_t *)NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]);
 		set_bit(ATTR_ICMP_ID, set);
 	}
+
+	if (tb[CTA_PROTO_ICMPV6_TYPE-1]) {
+		tuple->l4dst.icmp.type =
+			*(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_TYPE-1]);
+		set_bit(ATTR_ICMP_TYPE, set);
+	}
+	
+	if (tb[CTA_PROTO_ICMPV6_CODE-1]) {
+		tuple->l4dst.icmp.code =
+			*(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_CODE-1]);
+		set_bit(ATTR_ICMP_CODE, set);
+	}
+	
+	if (tb[CTA_PROTO_ICMPV6_ID-1]) {
+		tuple->l4src.icmp.id =
+			*(u_int16_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_ID-1]);
+		set_bit(ATTR_ICMP_ID, set);
+	}
 }
 
 void __parse_tuple(const struct nfattr *attr,
diff -Nur libnetfilter_conntrack-20080309-orig/src/conntrack/snprintf_default.c libnetfilter_conntrack-20080309-tmp/src/conntrack/snprintf_default.c
--- libnetfilter_conntrack-20080309-orig/src/conntrack/snprintf_default.c	2008-02-22 23:59:18.000000000 +0100
+++ libnetfilter_conntrack-20080309-tmp/src/conntrack/snprintf_default.c	2008-03-23 20:28:24.000000000 +0100
@@ -12,6 +12,7 @@
         [IPPROTO_UDP] = "udp",
         [IPPROTO_UDPLITE] = "udplite",
         [IPPROTO_ICMP] = "icmp",
+        [IPPROTO_ICMPV6] = "icmpv6",
         [IPPROTO_SCTP] = "sctp"
 };
 
@@ -144,7 +145,9 @@
 			        ntohs(tuple->l4src.tcp.port),
 			        ntohs(tuple->l4dst.tcp.port));
 		break;
+
 	case IPPROTO_ICMP:
+	case IPPROTO_ICMPV6:
 		/* The ID only makes sense some ICMP messages but we want to
 		 * display the same output that /proc/net/ip_conntrack does */
 		return (snprintf(buf, len, "type=%d code=%d id=%d ",
diff -Nur libnetfilter_conntrack-20080309-orig/src/conntrack/snprintf_xml.c libnetfilter_conntrack-20080309-tmp/src/conntrack/snprintf_xml.c
--- libnetfilter_conntrack-20080309-orig/src/conntrack/snprintf_xml.c	2008-02-22 23:59:18.000000000 +0100
+++ libnetfilter_conntrack-20080309-tmp/src/conntrack/snprintf_xml.c	2008-03-23 20:33:20.000000000 +0100
@@ -57,6 +57,7 @@
         [IPPROTO_UDP] = "udp",
         [IPPROTO_UDPLITE] = "udplite",
         [IPPROTO_ICMP] = "icmp",
+        [IPPROTO_ICMPV6] = "icmp6",
         [IPPROTO_SCTP] = "sctp"
 };
 static char *l3proto2str[AF_MAX] = {

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 1/3] Add ICMPv6 support in libnetfilter_conntrack
  2008-03-24  2:05 [PATCH 1/3] Add ICMPv6 support in libnetfilter_conntrack Krzysztof Oledzki
@ 2008-03-25 14:24 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2008-03-25 14:24 UTC (permalink / raw)
  To: Krzysztof Oledzki; +Cc: netfilter-devel

Krzysztof Oledzki wrote:
> This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,
> but only for the new API - deprecated/extensions was left unchanged.

Applied. Thanks Krzysztof.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-03-25 14:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-24  2:05 [PATCH 1/3] Add ICMPv6 support in libnetfilter_conntrack Krzysztof Oledzki
2008-03-25 14:24 ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.