ct: add ICMPv6 type,code and ID

Add ICMPv6 type, code and ID (if set) by using the already available
conntrack atttributes.

Currently the ICMPv6 conntrack objects in libnl are without type, code
and ID.  This e. g. is the output of nl_object_dump() without the patch:

  ipv6-icmp ::1 <-> ::1
  id 0xdd0871f0 family inet6 timeout 30s <NOREPLY,SNAT_INIT,DNAT_INIT>

The attached patch tries to solve that.  It then looks like

  ipv6-icmp ::1 <-> ::1 icmp type 128 code 0 id 28253
  id 0xdf3a11f0 family inet6 timeout 30s <SNAT_INIT,DNAT_INIT>

It is the 'small' approach, because it reuses the existing ICMP
attributes of the conntrack object (currently only used for IPv4).
This way I can avoid to add new _icmp6_get_, _icmp6_set_ and
_icmp6_test_ functions.

Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Thomas Graf <tgraf@suug.ch>

1 files changed, 45 insertions, 18 deletions

diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c
index 5dde1d1..794932f 100644
--- a/lib/netfilter/ct.c
+++ b/lib/netfilter/ct.c
@@ -174,15 +174,28 @@ static int ct_parse_proto(struct nfnl_ct *ct, int repl, struct nlattr *attr)
 	if (tb[CTA_PROTO_DST_PORT])
 		nfnl_ct_set_dst_port(ct, repl,
 			ntohs(nla_get_u16(tb[CTA_PROTO_DST_PORT])));
-	if (tb[CTA_PROTO_ICMP_ID])
-		nfnl_ct_set_icmp_id(ct, repl,
-			ntohs(nla_get_u16(tb[CTA_PROTO_ICMP_ID])));
-	if (tb[CTA_PROTO_ICMP_TYPE])
-		nfnl_ct_set_icmp_type(ct, repl,
+
+	if (ct->ct_family == AF_INET) {
+		if (tb[CTA_PROTO_ICMP_ID])
+			nfnl_ct_set_icmp_id(ct, repl,
+				ntohs(nla_get_u16(tb[CTA_PROTO_ICMP_ID])));
+		if (tb[CTA_PROTO_ICMP_TYPE])
+			nfnl_ct_set_icmp_type(ct, repl,
 				nla_get_u8(tb[CTA_PROTO_ICMP_TYPE]));
-	if (tb[CTA_PROTO_ICMP_CODE])
-		nfnl_ct_set_icmp_code(ct, repl,
+		if (tb[CTA_PROTO_ICMP_CODE])
+			nfnl_ct_set_icmp_code(ct, repl,
 				nla_get_u8(tb[CTA_PROTO_ICMP_CODE]));
+	} else if (ct->ct_family == AF_INET6) {
+		if (tb[CTA_PROTO_ICMPV6_ID])
+			nfnl_ct_set_icmp_id(ct, repl,
+			    ntohs(nla_get_u16(tb[CTA_PROTO_ICMPV6_ID])));
+		if (tb[CTA_PROTO_ICMPV6_TYPE])
+			nfnl_ct_set_icmp_type(ct, repl,
+				nla_get_u8(tb[CTA_PROTO_ICMPV6_TYPE]));
+		if (tb[CTA_PROTO_ICMPV6_CODE])
+			nfnl_ct_set_icmp_code(ct, repl,
+				nla_get_u8(tb[CTA_PROTO_ICMPV6_CODE]));
+	}
 
 	return 0;
 }
@@ -426,17 +439,31 @@ static int nfnl_ct_build_tuple(struct nl_msg *msg, const struct nfnl_ct *ct,
 		NLA_PUT_U16(msg, CTA_PROTO_DST_PORT,
 			htons(nfnl_ct_get_dst_port(ct, repl)));
 
-	if (nfnl_ct_test_icmp_id(ct, repl))
-		NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID,
-			htons(nfnl_ct_get_icmp_id(ct, repl)));
-
-	if (nfnl_ct_test_icmp_type(ct, repl))
-		NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE,
-			    nfnl_ct_get_icmp_type(ct, repl));
-
-	if (nfnl_ct_test_icmp_code(ct, repl))
-		NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE,
-			    nfnl_ct_get_icmp_code(ct, repl));
+	if (family == AF_INET) {
+		if (nfnl_ct_test_icmp_id(ct, repl))
+			NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID,
+						htons(nfnl_ct_get_icmp_id(ct, repl)));
+
+		if (nfnl_ct_test_icmp_type(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE,
+					   nfnl_ct_get_icmp_type(ct, repl));
+
+		if (nfnl_ct_test_icmp_code(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE,
+					   nfnl_ct_get_icmp_code(ct, repl));
+	} else if (family == AF_INET6) {
+		if (nfnl_ct_test_icmp_id(ct, repl))
+			NLA_PUT_U16(msg, CTA_PROTO_ICMPV6_ID,
+						htons(nfnl_ct_get_icmp_id(ct, repl)));
+
+		if (nfnl_ct_test_icmp_type(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMPV6_TYPE,
+					   nfnl_ct_get_icmp_type(ct, repl));
+
+		if (nfnl_ct_test_icmp_code(ct, repl))
+			NLA_PUT_U8(msg, CTA_PROTO_ICMPV6_CODE,
+					   nfnl_ct_get_icmp_code(ct, repl));
+	}
 
 	nla_nest_end(msg, proto);