diff options
Diffstat (limited to 'meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch')
-rw-r--r-- | meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch | 147 |
1 files changed, 0 insertions, 147 deletions
diff --git a/meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch b/meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch deleted file mode 100644 index 4d9e9d11a..000000000 --- a/meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch +++ /dev/null | |||
@@ -1,147 +0,0 @@ | |||
1 | From 9ade8fb75f8963375b45b3f2973b8bb7aa66ad76 Mon Sep 17 00:00:00 2001 | ||
2 | From: Phil Sutter <phil@nwl.cc> | ||
3 | Date: Thu, 16 Mar 2017 13:43:20 +0100 | ||
4 | Subject: [PATCH] proto: Add some exotic ICMPv6 types | ||
5 | |||
6 | This adds support for matching on inverse ND messages as defined by | ||
7 | RFC3122 (not implemented in Linux) and MLDv2 as defined by RFC3810. | ||
8 | |||
9 | Note that ICMPV6_MLD2_REPORT macro is defined in linux/icmpv6.h but | ||
10 | including that header leads to conflicts with symbols defined in | ||
11 | netinet/icmp6.h. | ||
12 | |||
13 | In addition to the above, "mld-listener-done" is introduced as an alias | ||
14 | for "mld-listener-reduction". | ||
15 | |||
16 | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||
17 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||
18 | --- | ||
19 | Upstream-Status: Backport | ||
20 | Signed-off-by: André Draszik <adraszik@tycoint.com> | ||
21 | src/proto.c | 8 ++++++++ | ||
22 | tests/py/ip6/icmpv6.t | 8 ++++++-- | ||
23 | tests/py/ip6/icmpv6.t.payload.ip6 | 34 +++++++++++++++++++++++++++++++++- | ||
24 | 3 files changed, 47 insertions(+), 3 deletions(-) | ||
25 | |||
26 | diff --git a/src/proto.c b/src/proto.c | ||
27 | index fb96530..79e9dbf 100644 | ||
28 | --- a/src/proto.c | ||
29 | +++ b/src/proto.c | ||
30 | @@ -632,6 +632,10 @@ const struct proto_desc proto_ip = { | ||
31 | |||
32 | #include <netinet/icmp6.h> | ||
33 | |||
34 | +#define IND_NEIGHBOR_SOLICIT 141 | ||
35 | +#define IND_NEIGHBOR_ADVERT 142 | ||
36 | +#define ICMPV6_MLD2_REPORT 143 | ||
37 | + | ||
38 | static const struct symbol_table icmp6_type_tbl = { | ||
39 | .base = BASE_DECIMAL, | ||
40 | .symbols = { | ||
41 | @@ -643,6 +647,7 @@ static const struct symbol_table icmp6_type_tbl = { | ||
42 | SYMBOL("echo-reply", ICMP6_ECHO_REPLY), | ||
43 | SYMBOL("mld-listener-query", MLD_LISTENER_QUERY), | ||
44 | SYMBOL("mld-listener-report", MLD_LISTENER_REPORT), | ||
45 | + SYMBOL("mld-listener-done", MLD_LISTENER_REDUCTION), | ||
46 | SYMBOL("mld-listener-reduction", MLD_LISTENER_REDUCTION), | ||
47 | SYMBOL("nd-router-solicit", ND_ROUTER_SOLICIT), | ||
48 | SYMBOL("nd-router-advert", ND_ROUTER_ADVERT), | ||
49 | @@ -650,6 +655,9 @@ static const struct symbol_table icmp6_type_tbl = { | ||
50 | SYMBOL("nd-neighbor-advert", ND_NEIGHBOR_ADVERT), | ||
51 | SYMBOL("nd-redirect", ND_REDIRECT), | ||
52 | SYMBOL("router-renumbering", ICMP6_ROUTER_RENUMBERING), | ||
53 | + SYMBOL("ind-neighbor-solicit", IND_NEIGHBOR_SOLICIT), | ||
54 | + SYMBOL("ind-neighbor-advert", IND_NEIGHBOR_ADVERT), | ||
55 | + SYMBOL("mld2-listener-report", ICMPV6_MLD2_REPORT), | ||
56 | SYMBOL_LIST_END | ||
57 | }, | ||
58 | }; | ||
59 | diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t | ||
60 | index afbd451..a898fe3 100644 | ||
61 | --- a/tests/py/ip6/icmpv6.t | ||
62 | +++ b/tests/py/ip6/icmpv6.t | ||
63 | @@ -11,7 +11,8 @@ icmpv6 type echo-request accept;ok | ||
64 | icmpv6 type echo-reply accept;ok | ||
65 | icmpv6 type mld-listener-query accept;ok | ||
66 | icmpv6 type mld-listener-report accept;ok | ||
67 | -icmpv6 type mld-listener-reduction accept;ok | ||
68 | +icmpv6 type mld-listener-done accept;ok | ||
69 | +icmpv6 type mld-listener-reduction accept;ok;icmpv6 type mld-listener-done accept | ||
70 | icmpv6 type nd-router-solicit accept;ok | ||
71 | icmpv6 type nd-router-advert accept;ok | ||
72 | icmpv6 type nd-neighbor-solicit accept;ok | ||
73 | @@ -19,8 +20,11 @@ icmpv6 type nd-neighbor-advert accept;ok | ||
74 | icmpv6 type nd-redirect accept;ok | ||
75 | icmpv6 type parameter-problem accept;ok | ||
76 | icmpv6 type router-renumbering accept;ok | ||
77 | +icmpv6 type ind-neighbor-solicit accept;ok | ||
78 | +icmpv6 type ind-neighbor-advert accept;ok | ||
79 | +icmpv6 type mld2-listener-report accept;ok | ||
80 | icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok | ||
81 | -icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok | ||
82 | +icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept;ok | ||
83 | icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok | ||
84 | icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok | ||
85 | |||
86 | diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6 | ||
87 | index 9fe2496..30f58ca 100644 | ||
88 | --- a/tests/py/ip6/icmpv6.t.payload.ip6 | ||
89 | +++ b/tests/py/ip6/icmpv6.t.payload.ip6 | ||
90 | @@ -54,6 +54,14 @@ ip6 test-ip6 input | ||
91 | [ cmp eq reg 1 0x00000083 ] | ||
92 | [ immediate reg 0 accept ] | ||
93 | |||
94 | +# icmpv6 type mld-listener-done accept | ||
95 | +ip6 test-ip6 input | ||
96 | + [ payload load 1b @ network header + 6 => reg 1 ] | ||
97 | + [ cmp eq reg 1 0x0000003a ] | ||
98 | + [ payload load 1b @ transport header + 0 => reg 1 ] | ||
99 | + [ cmp eq reg 1 0x00000084 ] | ||
100 | + [ immediate reg 0 accept ] | ||
101 | + | ||
102 | # icmpv6 type mld-listener-reduction accept | ||
103 | ip6 test-ip6 input | ||
104 | [ payload load 1b @ network header + 6 => reg 1 ] | ||
105 | @@ -118,6 +126,30 @@ ip6 test-ip6 input | ||
106 | [ cmp eq reg 1 0x0000008a ] | ||
107 | [ immediate reg 0 accept ] | ||
108 | |||
109 | +# icmpv6 type ind-neighbor-solicit accept | ||
110 | +ip6 test-ip6 input | ||
111 | + [ payload load 1b @ network header + 6 => reg 1 ] | ||
112 | + [ cmp eq reg 1 0x0000003a ] | ||
113 | + [ payload load 1b @ transport header + 0 => reg 1 ] | ||
114 | + [ cmp eq reg 1 0x0000008d ] | ||
115 | + [ immediate reg 0 accept ] | ||
116 | + | ||
117 | +# icmpv6 type ind-neighbor-advert accept | ||
118 | +ip6 test-ip6 input | ||
119 | + [ payload load 1b @ network header + 6 => reg 1 ] | ||
120 | + [ cmp eq reg 1 0x0000003a ] | ||
121 | + [ payload load 1b @ transport header + 0 => reg 1 ] | ||
122 | + [ cmp eq reg 1 0x0000008e ] | ||
123 | + [ immediate reg 0 accept ] | ||
124 | + | ||
125 | +# icmpv6 type mld2-listener-report accept | ||
126 | +ip6 test-ip6 input | ||
127 | + [ payload load 1b @ network header + 6 => reg 1 ] | ||
128 | + [ cmp eq reg 1 0x0000003a ] | ||
129 | + [ payload load 1b @ transport header + 0 => reg 1 ] | ||
130 | + [ cmp eq reg 1 0x0000008f ] | ||
131 | + [ immediate reg 0 accept ] | ||
132 | + | ||
133 | # icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept | ||
134 | __set%d test-ip6 3 | ||
135 | __set%d test-ip6 0 | ||
136 | @@ -129,7 +161,7 @@ ip6 test-ip6 input | ||
137 | [ lookup reg 1 set __set%d ] | ||
138 | [ immediate reg 0 accept ] | ||
139 | |||
140 | -# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept | ||
141 | +# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept | ||
142 | __set%d test-ip6 3 | ||
143 | __set%d test-ip6 0 | ||
144 | element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] | ||
145 | -- | ||
146 | 2.11.0 | ||
147 | |||