From 1ce26a23a164ad85b17216d35a17be76601379ef Mon Sep 17 00:00:00 2001
From: David Schmitz <schmitz@lrz.de>
Date: Fri, 19 May 2023 09:46:58 +0000
Subject: [PATCH] fix/ipv6_rules_implicit_icmp6: add setting
 NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 to enable/disable implicit ipv6
 addresses+proto=icmp <-> proto=icmpv6

---
 flowspy/settings.py.dist | 3 +++
 utils/flowspec_utils.py  | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/flowspy/settings.py.dist b/flowspy/settings.py.dist
index ecf4dfa4..4555ec22 100644
--- a/flowspy/settings.py.dist
+++ b/flowspy/settings.py.dist
@@ -531,6 +531,9 @@ NETCONF_MAX_RETRY_BEFORE_ERROR = 5
 # Actually apply the rules
 COMMIT = True
 
+#
+NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 = False
+
 ##############################################################################
 ##############################################################################
 # Netconf Device credentials
diff --git a/utils/flowspec_utils.py b/utils/flowspec_utils.py
index a0777317..bf1645fe 100644
--- a/utils/flowspec_utils.py
+++ b/utils/flowspec_utils.py
@@ -7,14 +7,16 @@ logger = flowspec.logging_utils.logger_init_default(__name__, "flowspec_utils.lo
 def map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol_str):
     logger.info("map__ip_proto__for__ip_version__to_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
     if ip_version==6 and protocol_str=='icmp': 
-        protocol_str='icmp6'
+        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') and settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
+          protocol_str='icmp6'
     logger.info("map__ip_proto__for__ip_version__to_flowspec(): returning protocol_str="+str(protocol_str))
     return protocol_str
 
 def map__ip_proto__for__ip_version__from_flowspec(ip_version, protocol_str):
     logger.info("map__ip_proto__for__ip_version__from_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
     if ip_version==6 and protocol_str=='icmp6': 
-        protocol_str='icmp'
+        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') and settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
+          protocol_str='icmp'
     logger.info("map__ip_proto__for__ip_version__from_flowspec(): returning protocol_str="+str(protocol_str))
     return protocol_str
 
-- 
GitLab