diff mbox

[nft,v2,1/2] proto: Add some exotic ICMPv6 types

Message ID 20170316124321.23399-1-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show

Commit Message

Phil Sutter March 16, 2017, 12:43 p.m. UTC 
This adds support for matching on inverse ND messages as defined by
RFC3122 (not implemented in Linux) and MLDv2 as defined by RFC3810.

Note that ICMPV6_MLD2_REPORT macro is defined in linux/icmpv6.h but
including that header leads to conflicts with symbols defined in
netinet/icmp6.h.

In addition to the above, "mld-listener-done" is introduced as an alias
for "mld-listener-reduction".

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v1:
- Reordered symbols in icmp6_type_tbl:
  - mld-listener-done is the preferred alias
  - order new symbols by the number they represent
- Add tests for new types and adjust existing ones for
  mld-listener-done.
---
 src/proto.c                       |  8 ++++++++
 tests/py/ip6/icmpv6.t             |  8 ++++++--
 tests/py/ip6/icmpv6.t.payload.ip6 | 34 +++++++++++++++++++++++++++++++++-
 3 files changed, 47 insertions(+), 3 deletions(-)

Comments

Pablo Neira Ayuso March 17, 2017, 11:45 a.m. UTC | #1 
On Thu, Mar 16, 2017 at 01:43:20PM +0100, Phil Sutter wrote:
> This adds support for matching on inverse ND messages as defined by
> RFC3122 (not implemented in Linux) and MLDv2 as defined by RFC3810.
> 
> Note that ICMPV6_MLD2_REPORT macro is defined in linux/icmpv6.h but
> including that header leads to conflicts with symbols defined in
> netinet/icmp6.h.
> 
> In addition to the above, "mld-listener-done" is introduced as an alias
> for "mld-listener-reduction".

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/src/proto.c b/src/proto.c
index fb965304e59d9..79e9dbf2b33e8 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -632,6 +632,10 @@  const struct proto_desc proto_ip = {
 
 #include <netinet/icmp6.h>
 
+#define IND_NEIGHBOR_SOLICIT	141
+#define IND_NEIGHBOR_ADVERT	142
+#define ICMPV6_MLD2_REPORT	143
+
 static const struct symbol_table icmp6_type_tbl = {
 	.base		= BASE_DECIMAL,
 	.symbols	= {
@@ -643,6 +647,7 @@  static const struct symbol_table icmp6_type_tbl = {
 		SYMBOL("echo-reply",			ICMP6_ECHO_REPLY),
 		SYMBOL("mld-listener-query",		MLD_LISTENER_QUERY),
 		SYMBOL("mld-listener-report",		MLD_LISTENER_REPORT),
+		SYMBOL("mld-listener-done",		MLD_LISTENER_REDUCTION),
 		SYMBOL("mld-listener-reduction",	MLD_LISTENER_REDUCTION),
 		SYMBOL("nd-router-solicit",		ND_ROUTER_SOLICIT),
 		SYMBOL("nd-router-advert",		ND_ROUTER_ADVERT),
@@ -650,6 +655,9 @@  static const struct symbol_table icmp6_type_tbl = {
 		SYMBOL("nd-neighbor-advert",		ND_NEIGHBOR_ADVERT),
 		SYMBOL("nd-redirect",			ND_REDIRECT),
 		SYMBOL("router-renumbering",		ICMP6_ROUTER_RENUMBERING),
+		SYMBOL("ind-neighbor-solicit",		IND_NEIGHBOR_SOLICIT),
+		SYMBOL("ind-neighbor-advert",		IND_NEIGHBOR_ADVERT),
+		SYMBOL("mld2-listener-report",		ICMPV6_MLD2_REPORT),
 		SYMBOL_LIST_END
 	},
 };
diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t
index afbd45166f3a8..a898fe30c24c7 100644
--- a/tests/py/ip6/icmpv6.t
+++ b/tests/py/ip6/icmpv6.t
@@ -11,7 +11,8 @@  icmpv6 type echo-request accept;ok
 icmpv6 type echo-reply accept;ok
 icmpv6 type mld-listener-query accept;ok
 icmpv6 type mld-listener-report accept;ok
-icmpv6 type mld-listener-reduction accept;ok
+icmpv6 type mld-listener-done accept;ok
+icmpv6 type mld-listener-reduction accept;ok;icmpv6 type mld-listener-done accept
 icmpv6 type nd-router-solicit accept;ok
 icmpv6 type nd-router-advert accept;ok
 icmpv6 type nd-neighbor-solicit accept;ok
@@ -19,8 +20,11 @@  icmpv6 type nd-neighbor-advert accept;ok
 icmpv6 type nd-redirect accept;ok
 icmpv6 type parameter-problem accept;ok
 icmpv6 type router-renumbering accept;ok
+icmpv6 type ind-neighbor-solicit accept;ok
+icmpv6 type ind-neighbor-advert accept;ok
+icmpv6 type mld2-listener-report accept;ok
 icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok
-icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok
+icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept;ok
 icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok
 icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok
 
diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6
index 9fe24963718a0..30f58ca3615bd 100644
--- a/tests/py/ip6/icmpv6.t.payload.ip6
+++ b/tests/py/ip6/icmpv6.t.payload.ip6
@@ -54,6 +54,14 @@  ip6 test-ip6 input
   [ cmp eq reg 1 0x00000083 ]
   [ immediate reg 0 accept ]
 
+# icmpv6 type mld-listener-done accept
+ip6 test-ip6 input
+  [ payload load 1b @ network header + 6 => reg 1 ]
+  [ cmp eq reg 1 0x0000003a ]
+  [ payload load 1b @ transport header + 0 => reg 1 ]
+  [ cmp eq reg 1 0x00000084 ]
+  [ immediate reg 0 accept ]
+
 # icmpv6 type mld-listener-reduction accept
 ip6 test-ip6 input
   [ payload load 1b @ network header + 6 => reg 1 ]
@@ -118,6 +126,30 @@  ip6 test-ip6 input
   [ cmp eq reg 1 0x0000008a ]
   [ immediate reg 0 accept ]
 
+# icmpv6 type ind-neighbor-solicit accept
+ip6 test-ip6 input
+  [ payload load 1b @ network header + 6 => reg 1 ]
+  [ cmp eq reg 1 0x0000003a ]
+  [ payload load 1b @ transport header + 0 => reg 1 ]
+  [ cmp eq reg 1 0x0000008d ]
+  [ immediate reg 0 accept ]
+
+# icmpv6 type ind-neighbor-advert accept
+ip6 test-ip6 input
+  [ payload load 1b @ network header + 6 => reg 1 ]
+  [ cmp eq reg 1 0x0000003a ]
+  [ payload load 1b @ transport header + 0 => reg 1 ]
+  [ cmp eq reg 1 0x0000008e ]
+  [ immediate reg 0 accept ]
+
+# icmpv6 type mld2-listener-report accept
+ip6 test-ip6 input
+  [ payload load 1b @ network header + 6 => reg 1 ]
+  [ cmp eq reg 1 0x0000003a ]
+  [ payload load 1b @ transport header + 0 => reg 1 ]
+  [ cmp eq reg 1 0x0000008f ]
+  [ immediate reg 0 accept ]
+
 # icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept
 __set%d test-ip6 3
 __set%d test-ip6 0
@@ -129,7 +161,7 @@  ip6 test-ip6 input
   [ lookup reg 1 set __set%d ]
   [ immediate reg 0 accept ]
 
-# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept
+# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept
 __set%d test-ip6 3
 __set%d test-ip6 0
 	element 0000008a  : 0 [end]	element 00000084  : 0 [end]	element 00000003  : 0 [end]	element 00000085  : 0 [end]