src: promote 'reject with icmp CODE' syntax

The kernel already assumes that that ICMP type to reject a packet is destination-unreachable, hence the user specifies the *ICMP code*. Simplify the syntax to: ... reject with icmp port-unreachable this removes the 'type' keyword before the ICMP code to reject the packet with. IIRC, the original intention is to leave room for future extensions that allow to specify both the ICMP type and the ICMP code, this is however not possible with the current inconsistent syntax. Update manpages which also refer to ICMP type. Adjust tests/py to the new syntax. Fixes: 5fdd0b6a0600 ("nft: complete reject support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-07-26 17:22:32 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-07-26 17:50:19 +0200
commit: 08d2f049367153d2c3b03c95b2ca7256cdf3521d (patch)
tree: 35b291e94c051a50d1473d21932f6a27ff8498b5 /doc/statements.txt
parent: 1ab1fcbc19a82e03d229586b8fd5b16396a9fab7 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/statements.txt b/doc/statements.txt
index 097cf2e0..af98e42c 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -163,9 +163,9 @@ REJECT STATEMENT
 ____
 *reject* [ *with* 'REJECT_WITH' ]
 
-'REJECT_WITH' := *icmp type* 'icmp_code' |
-                 *icmpv6 type* 'icmpv6_code' |
-                 *icmpx type* 'icmpx_code' |
+'REJECT_WITH' := *icmp* 'icmp_code' |
+                 *icmpv6* 'icmpv6_code' |
+                 *icmpx* 'icmpx_code' |
                  *tcp reset*
 ____
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-07-26 17:22:32 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-07-26 17:50:19 +0200
commit	08d2f049367153d2c3b03c95b2ca7256cdf3521d (patch)
tree	35b291e94c051a50d1473d21932f6a27ff8498b5 /doc/statements.txt
parent	1ab1fcbc19a82e03d229586b8fd5b16396a9fab7 (diff)