nfct: add icmpv6

Add two new dedicated fields to provide the ICMPv6 code and type. While
libnetfilter_conntrack uses the same attribute for both ICMPv4 and v6,
there are no version-agnostic ICMP IEs in IPFIX.

The fields are annotated with the appropriate IPFIX metadata, which is
currently not actually used anywhere. You may call it consistency,
future-proofing or cargo-culting.

Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index bdfd7dd038b9fea041ac3d81f52adc424990e9b3..fe827a7aa68e0f940e519a0a39b0d78c630fcca9 100644 (file)
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -181,6 +181,8 @@ enum nfct_keys {
        NFCT_REPLY_RAW_PKTCOUNT,
        NFCT_ICMP_CODE,
        NFCT_ICMP_TYPE,
+       NFCT_ICMPV6_CODE,
+       NFCT_ICMPV6_TYPE,
        NFCT_CT_MARK,
        NFCT_CT_ID,
        NFCT_CT_EVENT,
@@ -342,6 +344,24 @@ static struct ulogd_key nfct_okeys[] = {
                        .field_id       = IPFIX_icmpTypeIPv4,
                },
        },
+       {
+               .type   = ULOGD_RET_UINT8,
+               .flags  = ULOGD_RETF_NONE,
+               .name   = "icmpv6.code",
+               .ipfix  = {
+                       .vendor         = IPFIX_VENDOR_IETF,
+                       .field_id       = IPFIX_icmpCodeIPv6,
+               },
+       },
+       {
+               .type   = ULOGD_RET_UINT8,
+               .flags  = ULOGD_RETF_NONE,
+               .name   = "icmpv6.type",
+               .ipfix  = {
+                       .vendor         = IPFIX_VENDOR_IETF,
+                       .field_id       = IPFIX_icmpTypeIPv6,
+               },
+       },
        {
                .type   = ULOGD_RET_UINT32,
                .flags  = ULOGD_RETF_NONE,
@@ -547,6 +567,12 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
                okey_set_u16(&ret[NFCT_ICMP_TYPE],
                             nfct_get_attr_u8(ct, ATTR_ICMP_TYPE));
                break;
+       case IPPROTO_ICMPV6:
+               okey_set_u16(&ret[NFCT_ICMPV6_CODE],
+                            nfct_get_attr_u8(ct, ATTR_ICMP_CODE));
+               okey_set_u16(&ret[NFCT_ICMPV6_TYPE],
+                            nfct_get_attr_u8(ct, ATTR_ICMP_TYPE));
+               break;
        }
 
        switch (nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO)) {