feat(icmp): add ICMPv6 Multicast Listener Discovery (MLD) types
Resolves: RHEL-13254
This commit is contained in:
parent
3092542327
commit
6135aca0e5
131
0006-v2.1.0-feat-icmp-add-ICMPv6-Multicast-Listener-Disco.patch
Normal file
131
0006-v2.1.0-feat-icmp-add-ICMPv6-Multicast-Listener-Disco.patch
Normal file
@ -0,0 +1,131 @@
|
||||
From 6f221d65193cda838e241a18dd07b6da2ae22f78 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 29 Nov 2023 17:02:07 +0100
|
||||
Subject: [PATCH 06/22] v2.1.0: feat(icmp): add ICMPv6 Multicast Listener
|
||||
Discovery (MLD) types
|
||||
|
||||
Note that ip6tables does not support these ICMPv6 types. Currently,
|
||||
the name of the ICMP types in firewalld must correspond to the names
|
||||
in iptables. As ip6tables doesn't support it, it does not. If ip6tables
|
||||
adds support for "mld-listener-query", but calls it differently, we have
|
||||
a problem. Nothing that can be done about that.
|
||||
|
||||
`man nft` also lists an alias "mld-listener-reduction" (for
|
||||
"mld-listener-done", type 132). That alias is not supported. Use the
|
||||
name as from RFC 4890.
|
||||
|
||||
(cherry picked from commit dd88bbf812e0a50766b69c2bf12470ecf9d2466a)
|
||||
---
|
||||
config/Makefile.am | 4 ++++
|
||||
config/icmptypes/mld-listener-done.xml | 7 +++++++
|
||||
config/icmptypes/mld-listener-query.xml | 7 +++++++
|
||||
config/icmptypes/mld-listener-report.xml | 7 +++++++
|
||||
config/icmptypes/mld2-listener-report.xml | 7 +++++++
|
||||
po/POTFILES.in | 4 ++++
|
||||
src/firewall/core/nftables.py | 4 ++++
|
||||
7 files changed, 40 insertions(+)
|
||||
create mode 100644 config/icmptypes/mld-listener-done.xml
|
||||
create mode 100644 config/icmptypes/mld-listener-query.xml
|
||||
create mode 100644 config/icmptypes/mld-listener-report.xml
|
||||
create mode 100644 config/icmptypes/mld2-listener-report.xml
|
||||
|
||||
diff --git a/config/Makefile.am b/config/Makefile.am
|
||||
index 47f30c1566e0..edae25fd9de0 100644
|
||||
--- a/config/Makefile.am
|
||||
+++ b/config/Makefile.am
|
||||
@@ -83,6 +83,10 @@ CONFIG_FILES = \
|
||||
icmptypes/host-unknown.xml \
|
||||
icmptypes/host-unreachable.xml \
|
||||
icmptypes/ip-header-bad.xml \
|
||||
+ icmptypes/mld-listener-done.xml \
|
||||
+ icmptypes/mld-listener-query.xml \
|
||||
+ icmptypes/mld-listener-report.xml \
|
||||
+ icmptypes/mld2-listener-report.xml \
|
||||
icmptypes/neighbour-advertisement.xml \
|
||||
icmptypes/neighbour-solicitation.xml \
|
||||
icmptypes/network-prohibited.xml \
|
||||
diff --git a/config/icmptypes/mld-listener-done.xml b/config/icmptypes/mld-listener-done.xml
|
||||
new file mode 100644
|
||||
index 000000000000..09b8bbba5b90
|
||||
--- /dev/null
|
||||
+++ b/config/icmptypes/mld-listener-done.xml
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" encoding="utf-8"?>
|
||||
+<icmptype>
|
||||
+ <short>MLD Listener Done</short>
|
||||
+ <description>ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Done (type 132) (RFC 4890 section 4.4.1). Also known as mld-listener-reduction to nft.</description>
|
||||
+ <destination ipv4="no"/>
|
||||
+ <destination ipv6="yes"/>
|
||||
+</icmptype>
|
||||
diff --git a/config/icmptypes/mld-listener-query.xml b/config/icmptypes/mld-listener-query.xml
|
||||
new file mode 100644
|
||||
index 000000000000..418685578d1d
|
||||
--- /dev/null
|
||||
+++ b/config/icmptypes/mld-listener-query.xml
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" encoding="utf-8"?>
|
||||
+<icmptype>
|
||||
+ <short>MLD Listener Query</short>
|
||||
+ <description>ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Query (type 130) (RFC 4890 section 4.4.1).</description>
|
||||
+ <destination ipv4="no"/>
|
||||
+ <destination ipv6="yes"/>
|
||||
+</icmptype>
|
||||
diff --git a/config/icmptypes/mld-listener-report.xml b/config/icmptypes/mld-listener-report.xml
|
||||
new file mode 100644
|
||||
index 000000000000..98fb4161b298
|
||||
--- /dev/null
|
||||
+++ b/config/icmptypes/mld-listener-report.xml
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" encoding="utf-8"?>
|
||||
+<icmptype>
|
||||
+ <short>MLD Listener Report</short>
|
||||
+ <description>ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Report (type 131) (RFC 4890 section 4.4.1).</description>
|
||||
+ <destination ipv4="no"/>
|
||||
+ <destination ipv6="yes"/>
|
||||
+</icmptype>
|
||||
diff --git a/config/icmptypes/mld2-listener-report.xml b/config/icmptypes/mld2-listener-report.xml
|
||||
new file mode 100644
|
||||
index 000000000000..faee68c95b20
|
||||
--- /dev/null
|
||||
+++ b/config/icmptypes/mld2-listener-report.xml
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" encoding="utf-8"?>
|
||||
+<icmptype>
|
||||
+ <short>MLDv2 Multicast Listener Report</short>
|
||||
+ <description>ICMPv6 Link-Local Multicast Listener Discovery (MDLv2) of type Multicast Listener Report (type 143) (RFC 4890 section 4.4.1).</description>
|
||||
+ <destination ipv4="no"/>
|
||||
+ <destination ipv6="yes"/>
|
||||
+</icmptype>
|
||||
diff --git a/po/POTFILES.in b/po/POTFILES.in
|
||||
index 1c990542ac4d..adeebdee3f55 100644
|
||||
--- a/po/POTFILES.in
|
||||
+++ b/po/POTFILES.in
|
||||
@@ -15,6 +15,10 @@ config/icmptypes/host-redirect.xml
|
||||
config/icmptypes/host-unknown.xml
|
||||
config/icmptypes/host-unreachable.xml
|
||||
config/icmptypes/ip-header-bad.xml
|
||||
+config/icmptypes/mld-listener-done.xml
|
||||
+config/icmptypes/mld-listener-query.xml
|
||||
+config/icmptypes/mld-listener-report.xml
|
||||
+config/icmptypes/mld2-listener-report.xml
|
||||
config/icmptypes/neighbour-advertisement.xml
|
||||
config/icmptypes/neighbour-solicitation.xml
|
||||
config/icmptypes/network-prohibited.xml
|
||||
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
||||
index 6ad4b9168403..3df3fa3c3742 100644
|
||||
--- a/src/firewall/core/nftables.py
|
||||
+++ b/src/firewall/core/nftables.py
|
||||
@@ -140,6 +140,10 @@ ICMP_TYPES_FRAGMENTS = {
|
||||
"echo-reply": _icmp_types_fragments("icmpv6", "echo-reply"),
|
||||
"echo-request": _icmp_types_fragments("icmpv6", "echo-request"),
|
||||
"failed-policy": _icmp_types_fragments("icmpv6", "destination-unreachable", 5),
|
||||
+ "mld-listener-done": _icmp_types_fragments("icmpv6", "mld-listener-done"),
|
||||
+ "mld-listener-query": _icmp_types_fragments("icmpv6", "mld-listener-query"),
|
||||
+ "mld-listener-report": _icmp_types_fragments("icmpv6", "mld-listener-report"),
|
||||
+ "mld2-listener-report": _icmp_types_fragments("icmpv6", "mld2-listener-report"),
|
||||
"neighbour-advertisement": _icmp_types_fragments("icmpv6", "nd-neighbor-advert"),
|
||||
"neighbour-solicitation": _icmp_types_fragments("icmpv6", "nd-neighbor-solicit"),
|
||||
"no-route": _icmp_types_fragments("icmpv6", "destination-unreachable", 0),
|
||||
--
|
||||
2.43.5
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||
Name: firewalld
|
||||
Version: 1.3.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
URL: http://www.firewalld.org
|
||||
License: GPLv2+
|
||||
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2
|
||||
@ -10,6 +10,7 @@ Patch2: 0002-v1.4.0-test-atlocal-pass-EBTABLES-to-testsuite.patch
|
||||
Patch3: 0003-v1.4.0-feat-direct-avoid-iptables-flush-if-using-nft.patch
|
||||
Patch4: 0004-v1.4.0-test-direct-avoid-iptables-flush-if-using-nft.patch
|
||||
Patch5: 0005-v2.0.0-feat-service-add-OpenTelemetry-OTLP-service.patch
|
||||
Patch6: 0006-v2.1.0-feat-icmp-add-ICMPv6-Multicast-Listener-Disco.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -233,6 +234,9 @@ rm -rf %{buildroot}%{_datadir}/firewalld/testsuite
|
||||
%{_mandir}/man1/firewall-config*.1*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 01 2024 Eric Garver <egarver@redhat.com> - 1.3.4-3
|
||||
- feat(icmp): add ICMPv6 Multicast Listener Discovery (MLD) types
|
||||
|
||||
* Mon Jul 01 2024 Eric Garver <egarver@redhat.com> - 1.3.4-2
|
||||
- feat(service): add OpenTelemetry (OTLP) service
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user