diff options
author | Álvaro Neira Ayuso <alvaroneay@gmail.com> | 2014-06-11 18:49:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-16 11:50:44 +0200 |
commit | 11b2bb2fc0652dce73c78e7b0cee5c32c5af80e8 (patch) | |
tree | 42dbc49c6364a2e352d27be65d22166d1a552089 | |
parent | 27619ffbe503ed4d9e59a02e81db9a7ac49d37af (diff) |
reject: Use protocol context for indicating the reject type
This patch uses the protocol context to initialize the reject type
considering if the transport protocol is tcp, udp, etc. Before this
patch, this was left unset.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 12 | ||||
-rw-r--r-- | src/netlink_delinearize.c | 1 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 2330bbb2..c15cd55f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1132,6 +1132,18 @@ static int stmt_evaluate_meta(struct eval_ctx *ctx, struct stmt *stmt) static int stmt_evaluate_reject(struct eval_ctx *ctx, struct stmt *stmt) { + struct proto_ctx *pctx = &ctx->pctx; + const struct proto_desc *base; + + base = pctx->protocol[PROTO_BASE_TRANSPORT_HDR].desc; + if (base == NULL) + return -1; + + if (strcmp(base->name, "tcp") == 0) + stmt->reject.type = NFT_REJECT_TCP_RST; + else + stmt->reject.type = NFT_REJECT_ICMP_UNREACH; + stmt->flags |= STMT_F_TERMINAL; return 0; } diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 5c6ca800..a98c68fc 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -456,6 +456,7 @@ static void netlink_parse_reject(struct netlink_parse_ctx *ctx, struct stmt *stmt; stmt = reject_stmt_alloc(loc); + stmt->reject.type = nft_rule_expr_get_u32(expr, NFT_EXPR_REJECT_TYPE); list_add_tail(&stmt->list, &ctx->rule->stmts); } |