From d2f8615312361cd061c48c292cdddbea3a0b5465 Mon Sep 17 00:00:00 2001
From: David Schmitz <schmitz@lrz.de>
Date: Wed, 21 Jun 2023 13:28:11 +0000
Subject: [PATCH] fix/ipv6_rules_implicit_icmp6: add setting
 NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 to enable/disable implicit ipv6
 addresses+proto=icmp <-> proto=icmpv6

---
 utils/flowspec_utils.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/flowspec_utils.py b/utils/flowspec_utils.py
index 0393ebd9..b9600057 100644
--- a/utils/flowspec_utils.py
+++ b/utils/flowspec_utils.py
@@ -9,8 +9,8 @@ logger = flowspec.logging_utils.logger_init_default(__name__, "flowspec_utils.lo
 def map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol_str):
     logger.info("map__ip_proto__for__ip_version__to_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
     if ip_version==6 and protocol_str=='icmp': 
-        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6'):
-            if settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
+        # default for missing NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 now is True
+        if not hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') or settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
               protocol_str='icmp6'
     logger.info("map__ip_proto__for__ip_version__to_flowspec(): returning protocol_str="+str(protocol_str))
     return protocol_str
@@ -18,8 +18,8 @@ def map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol_str):
 def map__ip_proto__for__ip_version__from_flowspec(ip_version, protocol_str):
     logger.info("map__ip_proto__for__ip_version__from_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
     if ip_version==6 and protocol_str=='icmp6': 
-        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6'): 
-            if settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
+        # default for missing NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 now is True
+        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') or settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
               protocol_str='icmp'
     logger.info("map__ip_proto__for__ip_version__from_flowspec(): returning protocol_str="+str(protocol_str))
     return protocol_str
-- 
GitLab