Add two new dedicated fields to provide the ICMPv6 code and type. While
libnetfilter_conntrack uses the same attribute for both ICMPv4 and v6,
there are no version-agnostic ICMP IEs in IPFIX.
The fields are annotated with the appropriate IPFIX metadata, which is
currently not actually used anywhere. You may call it consistency,
future-proofing or cargo-culting.
Signed-off-by: Corubba Smith <corubba@xxxxxx>
---
input/flow/ulogd_inpflow_NFCT.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 5ac24e5..a4a8f15 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -181,6 +181,8 @@ enum nfct_keys {
NFCT_REPLY_RAW_PKTCOUNT,
NFCT_ICMP_CODE,
NFCT_ICMP_TYPE,
+ NFCT_ICMPV6_CODE,
+ NFCT_ICMPV6_TYPE,
NFCT_CT_MARK,
NFCT_CT_ID,
NFCT_CT_EVENT,
@@ -342,6 +344,24 @@ static struct ulogd_key nfct_okeys[] = {
.field_id = IPFIX_icmpTypeIPv4,
},
},
+ {
+ .type = ULOGD_RET_UINT8,
+ .flags = ULOGD_RETF_NONE,
+ .name = "icmpv6.code",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_icmpCodeIPv6,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT8,
+ .flags = ULOGD_RETF_NONE,
+ .name = "icmpv6.type",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_icmpTypeIPv6,
+ },
+ },
{
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
@@ -547,6 +567,12 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
okey_set_u16(&ret[NFCT_ICMP_TYPE],
nfct_get_attr_u8(ct, ATTR_ICMP_TYPE));
break;
+ case IPPROTO_ICMPV6:
+ okey_set_u16(&ret[NFCT_ICMPV6_CODE],
+ nfct_get_attr_u8(ct, ATTR_ICMP_CODE));
+ okey_set_u16(&ret[NFCT_ICMPV6_TYPE],
+ nfct_get_attr_u8(ct, ATTR_ICMP_TYPE));
+ break;
}
switch (nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO)) {
--
2.48.1
