From 873aed4eabec7194de28db653e997bb57bd2a9ba Mon Sep 17 00:00:00 2001
From: Vadim Kurland <vadim@netcitadel.com>
Date: Fri, 27 Jun 2008 18:50:25 +0000
Subject: [PATCH] should use "-p ipv6-icmp" for ipv6 rules

---
 doc/ChangeLog                             |  5 +++
 src/ipt/PolicyCompiler_PrintRule.cpp      |  8 ++--
 test/ipt/objects-for-regression-tests.fwb | 48 ++++++++++++++++++++++-
 3 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 544f2a137..98cc769cb 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,8 @@
+2008-06-27  Vadim Kurland  <vadim@vk.crocodile.org>
+
+	* ../src/ipt/PolicyCompiler_PrintRule.cpp (PrintRule::_printProtocol):
+	should use "-p ipv6-icmp" for ipv6 rules.
+
 2008-06-26  Vadim Kurland  <vadim@vk.crocodile.org>
 
 	* PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): using
diff --git a/src/ipt/PolicyCompiler_PrintRule.cpp b/src/ipt/PolicyCompiler_PrintRule.cpp
index a67410118..cdc51a2f2 100644
--- a/src/ipt/PolicyCompiler_PrintRule.cpp
+++ b/src/ipt/PolicyCompiler_PrintRule.cpp
@@ -599,13 +599,14 @@ string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
         !UserService::isA(srv)
     )
     {
-        string pn=srv->getProtocolName();
+        string pn = srv->getProtocolName();
         if (pn=="ip") pn="all";
         
-        s= "-p " + pn + " ";
-
         if (pn == "icmp")
         {
+            if (ipt_comp->ipv6) s = "-p ipv6-icmp ";
+            else s = "-p icmp ";
+
             if (ipt_comp->newIptables(version))
             {
                 if (ipt_comp->ipv6) s += " -m icmp6";
@@ -613,6 +614,7 @@ string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
             }
         } else
         {
+            s = "-p " + pn + " ";
             if (pn == "tcp")  s += "-m tcp ";
             if (pn == "udp")  s += "-m udp ";
         }
diff --git a/test/ipt/objects-for-regression-tests.fwb b/test/ipt/objects-for-regression-tests.fwb
index 9a9882ba6..bcd956e43 100644
--- a/test/ipt/objects-for-regression-tests.fwb
+++ b/test/ipt/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1213152525" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1214592406" id="root">
   <Library id="syslib001" name="User" comment="User defined objects" color="#d2ffd0">
     <ObjectGroup id="stdid01_1" name="Objects">
       <ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
@@ -24375,7 +24375,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
           <Option name="verify_interfaces">False</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id4833F62B6131" name="firewall-ipv6-1" host_OS="linux24" inactive="False" lastCompiled="1212115999" lastInstalled="0" lastModified="1212118783" platform="iptables" ro="False" version="">
+      <Firewall id="id4833F62B6131" name="firewall-ipv6-1" host_OS="linux24" inactive="False" lastCompiled="1212115999" lastInstalled="0" lastModified="1214592406" platform="iptables" ro="False" version="">
         <NAT id="id4833F62F6131" name="NAT"/>
         <Policy id="id483F5B7623190" name="Policy_ipv4"/>
         <Policy id="id4833F62E6131" name="Policy">
@@ -24599,6 +24599,46 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
+          <PolicyRule id="id80471535" action="Accept" direction="Both" disabled="False" log="False" position="11">
+            <Src neg="False">
+              <ObjectRef ref="id4833F6316131"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="icmp-ping_request"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id80541535" action="Accept" direction="Both" disabled="False" log="False" position="12">
+            <Src neg="False">
+              <ObjectRef ref="id4833F6346131"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="icmp-ping_request"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
         </Policy>
         <Routing id="id4833F6306131" name="Routing"/>
         <Interface id="id4833F6316131" name="eth0" bridgeport="False" dyn="False" label="" security_level="50" unnum="False" unprotected="False">
@@ -26626,6 +26666,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
     <Interface id="id4848A43B4626" name="ppp0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
     <IntervalRef ref="sysid2"/>
     <IntervalRef ref="sysid2"/>
+    <ObjectRef ref="sysid0"/>
+    <ObjectRef ref="sysid0"/>
+    <ServiceRef ref="sysid1"/>
+    <ServiceRef ref="sysid1"/>
   </Library>
   <Library id="id4387B43718346" name="transfer" color="#FFFFFF" ro="False">
     <ObjectGroup id="id4387B43818346" name="Objects">