diff options
| -rw-r--r-- | doc/sync/alarm/conntrackd.conf | 1 | ||||
| -rw-r--r-- | doc/sync/ftfw/conntrackd.conf | 1 | ||||
| -rw-r--r-- | doc/sync/notrack/conntrackd.conf | 1 | ||||
| -rw-r--r-- | include/network.h | 3 | ||||
| -rw-r--r-- | src/build.c | 9 | ||||
| -rw-r--r-- | src/parse.c | 15 |
6 files changed, 29 insertions, 1 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index 800012f..3424e39 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -332,6 +332,7 @@ General { TCP SCTP DCCP + # ICMP # This requires a Linux kernel >= 2.6.31 } # diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index 81f2de1..df10aca 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -357,6 +357,7 @@ General { TCP SCTP DCCP + # ICMP # This requires a Linux kernel >= 2.6.31 } # diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index 529fbd9..5b9ebbb 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -338,6 +338,7 @@ General { TCP SCTP DCCP + # ICMP # This requires a Linux kernel >= 2.6.31 } # diff --git a/include/network.h b/include/network.h index dfc3015..70812b1 100644 --- a/include/network.h +++ b/include/network.h @@ -217,6 +217,9 @@ enum nta_attr { NTA_SCTP_VTAG_REPL, /* uint32_t */ NTA_DCCP_STATE = 20, /* uint8_t */ NTA_DCCP_ROLE, /* uint8_t */ + NTA_ICMP_TYPE, /* uint8_t */ + NTA_ICMP_CODE, /* uint8_t */ + NTA_ICMP_ID, /* uint16_t */ NTA_MAX }; diff --git a/src/build.c b/src/build.c index defb2ec..6d8b12e 100644 --- a/src/build.c +++ b/src/build.c @@ -124,6 +124,13 @@ static void build_l4proto_dccp(const struct nf_conntrack *ct, struct nethdr *n) __build_u8(ct, ATTR_DCCP_ROLE, n, NTA_DCCP_ROLE); } +static void build_l4proto_icmp(const struct nf_conntrack *ct, struct nethdr *n) +{ + __build_u8(ct, ATTR_ICMP_TYPE, n, NTA_ICMP_TYPE); + __build_u8(ct, ATTR_ICMP_CODE, n, NTA_ICMP_CODE); + __build_u16(ct, ATTR_ICMP_ID, n, NTA_ICMP_ID); +} + #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif @@ -134,9 +141,9 @@ static struct build_l4proto { [IPPROTO_TCP] = { .build = build_l4proto_tcp }, [IPPROTO_SCTP] = { .build = build_l4proto_sctp }, [IPPROTO_DCCP] = { .build = build_l4proto_dccp }, + [IPPROTO_ICMP] = { .build = build_l4proto_icmp }, }; -/* XXX: ICMP not supported */ void build_payload(const struct nf_conntrack *ct, struct nethdr *n) { uint8_t l4proto = nfct_get_attr_u8(ct, ATTR_L4PROTO); diff --git a/src/parse.c b/src/parse.c index b5f257c..e6eefe4 100644 --- a/src/parse.c +++ b/src/parse.c @@ -146,6 +146,21 @@ static struct parser h[NTA_MAX] = { .attr = ATTR_DCCP_ROLE, .size = NTA_SIZE(sizeof(uint8_t)), }, + [NTA_ICMP_TYPE] = { + .parse = parse_u8, + .attr = ATTR_ICMP_TYPE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_ICMP_CODE] = { + .parse = parse_u8, + .attr = ATTR_ICMP_CODE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_ICMP_ID] = { + .parse = parse_u16, + .attr = ATTR_ICMP_ID, + .size = NTA_SIZE(sizeof(uint16_t)), + }, }; static void |