'Re: IPv6 ICMP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: IPv6 ICMP
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2002-01-31 9:17:35
[Download RAW message or body]

In some email I received from Martti Kuparinen, sie wrote:
> Hi!
> 
> Is "proto ipv6-icmp ... icmp-type ..." supposed to work
> with IPF 3.4.23?
> 
> I have these two rules in /etc/ipf6.conf:
> 
> pass in  quick proto tcp from any to any port = 22
> pass in  quick proto ipv6-icmp from any to any icmp-type echo
> 
> and "ipfstat -6hi" produces this output:
> 
> 0 pass in quick proto tcp from any to any port = 22
> 0 pass in quick proto ipv6-icmp from any to any
> 
> Please note that there's no "icmp-type echo" in the second rule.

The below patch should fix this.  It will make "icmp-type <not-number>"
fail.  If you'd like to see it done, email me a suitable patch for parse.c.

Darren

Index: parse.c
===================================================================
RCS file: /devel/CVS/IP-Filter/Attic/parse.c,v
retrieving revision 2.24.2.17
diff -c -r2.24.2.17 parse.c
*** parse.c	2002/01/28 05:48:30	2.24.2.17
--- parse.c	2002/01/31 09:15:39
***************
*** 989,995 ****
  	if (!**cp)
  		return -1;
  
! 	if (isdigit(***cp)) {
  		if (!ratoi(**cp, &i, 0, 255)) {
  			fprintf(stderr,
  				"%d: Invalid icmp-type (%s) specified\n",
--- 989,995 ----
  	if (!**cp)
  		return -1;
  
! 	if (isdigit(***cp) || (fp->fr_proto == IPPROTO_ICMPV6)) {
  		if (!ratoi(**cp, &i, 0, 255)) {
  			fprintf(stderr,
  				"%d: Invalid icmp-type (%s) specified\n",
***************
*** 1288,1294 ****
  			printf(" frag");
  		}
  	}
! 	if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm) {
  		int	type = fp->fr_icmp, code;
  
  		type = ntohs(fp->fr_icmp);
--- 1288,1294 ----
  			printf(" frag");
  		}
  	}
! 	if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm != 0) {
  		int	type = fp->fr_icmp, code;
  
  		type = ntohs(fp->fr_icmp);
***************
*** 1299,1304 ****
--- 1299,1314 ----
  			printf(" icmp-type %s", icmptypes[type]);
  		else
  			printf(" icmp-type %d", type);
+ 		if (ntohs(fp->fr_icmpm) & 0xff)
+ 			printf(" code %d", code);
+ 	}
+ 	if (fp->fr_proto == IPPROTO_ICMPV6 && fp->fr_icmpm != 0) {
+ 		int	type = fp->fr_icmp, code;
+ 
+ 		type = ntohs(fp->fr_icmp);
+ 		code = type & 0xff;
+ 		type /= 256;
+ 		printf(" icmp-type %d", type);
  		if (ntohs(fp->fr_icmpm) & 0xff)
  			printf(" code %d", code);
  	}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic