nfct: add icmpv6

Add two new dedicated fields to provide the ICMPv6 code and type. While
libnetfilter_conntrack uses the same attribute for both ICMPv4 and v6,
there are no version-agnostic ICMP IEs in IPFIX.

The fields are annotated with the appropriate IPFIX metadata, which is
currently not actually used anywhere. You may call it consistency,
future-proofing or cargo-culting.

Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 26 insertions, 0 deletions

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index bdfd7dd..fe827a7 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -181,6 +181,8 @@ enum nfct_keys {
 	NFCT_REPLY_RAW_PKTCOUNT,
 	NFCT_ICMP_CODE,
 	NFCT_ICMP_TYPE,
+	NFCT_ICMPV6_CODE,
+	NFCT_ICMPV6_TYPE,
 	NFCT_CT_MARK,
 	NFCT_CT_ID,
 	NFCT_CT_EVENT,
@@ -343,6 +345,24 @@ static struct ulogd_key nfct_okeys[] = {
 		},
 	},
 	{
+		.type	= ULOGD_RET_UINT8,
+		.flags	= ULOGD_RETF_NONE,
+		.name	= "icmpv6.code",
+		.ipfix	= {
+			.vendor		= IPFIX_VENDOR_IETF,
+			.field_id	= IPFIX_icmpCodeIPv6,
+		},
+	},
+	{
+		.type	= ULOGD_RET_UINT8,
+		.flags	= ULOGD_RETF_NONE,
+		.name	= "icmpv6.type",
+		.ipfix	= {
+			.vendor		= IPFIX_VENDOR_IETF,
+			.field_id	= IPFIX_icmpTypeIPv6,
+		},
+	},
+	{
 		.type	= ULOGD_RET_UINT32,
 		.flags	= ULOGD_RETF_NONE,
 		.name	= "ct.mark",
@@ -547,6 +567,12 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
 		okey_set_u16(&ret[NFCT_ICMP_TYPE],
 			     nfct_get_attr_u8(ct, ATTR_ICMP_TYPE));
 		break;
+	case IPPROTO_ICMPV6:
+		okey_set_u16(&ret[NFCT_ICMPV6_CODE],
+			     nfct_get_attr_u8(ct, ATTR_ICMP_CODE));
+		okey_set_u16(&ret[NFCT_ICMPV6_TYPE],
+			     nfct_get_attr_u8(ct, ATTR_ICMP_TYPE));
+		break;
 	}
 
 	switch (nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO)) {