extensions: icmp: Support info-request/-reply type names

The intended side-effect here is that iptables-translate will accept
them too. In nftables, the names are supported since basically day 1.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/extensions/libipt_icmp.txlate b/extensions/libipt_icmp.txlate
index e7208d8b874c77e1c2a71ddc1f625c8c1c0d97c0..4315875bb1eb73d85d94549dfb0d65478c14724b 100644 (file)
--- a/extensions/libipt_icmp.txlate
+++ b/extensions/libipt_icmp.txlate
@@ -9,3 +9,9 @@ nft 'add rule ip filter INPUT icmp type != destination-unreachable counter accep
 
 iptables-translate -t filter -A INPUT -m icmp --icmp-type any -j ACCEPT
 nft 'add rule ip filter INPUT ip protocol icmp counter accept'
+
+iptables-translate -t filter -A INPUT -m icmp --icmp-type info-request -j ACCEPT
+nft 'add rule ip filter INPUT icmp type info-request counter accept'
+
+iptables-translate -t filter -A INPUT -m icmp --icmp-type 16 -j ACCEPT
+nft 'add rule ip filter INPUT icmp type info-reply counter accept'

diff --git a/extensions/libxt_icmp.h b/extensions/libxt_icmp.h
index 7a45b4bd2ec6d18983e319aa4f3d8f0505cd55ed..c44aa4b10655774395794e074b91ac27faad92df 100644 (file)
--- a/extensions/libxt_icmp.h
+++ b/extensions/libxt_icmp.h
@@ -52,6 +52,9 @@ static const struct xt_icmp_names {
 
        { "timestamp-reply", 14, 0, 0xFF },
 
+       { "info-request", 15, 0, 0xFF },
+       { "info-reply", 16, 0, 0xFF },
+
        { "address-mask-request", 17, 0, 0xFF },
 
        { "address-mask-reply", 18, 0, 0xFF }