diff options
author | Alvaro Neira <alvaroneay@gmail.com> | 2014-10-17 14:24:36 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-17 14:57:15 +0200 |
commit | 62e22f533edd67ffe31059d988e716aba84c03fe (patch) | |
tree | 335af0dba7c4eae028a3cca246b90a33cead3749 /src/netlink_delinearize.c | |
parent | 374d25eb6a3c45fe752d852d9d10935ed517e51c (diff) |
delinearize: list the icmpx reason with the string associated
If you add the rule:
nft add rule inet filter input reject with icmpx type host-unreachable
nft list table inet filter
shows:
table inet filter {
chain input {
reject with icmpx type 2
}
}
We have to attach the icmpx datatype when we list the rules that use it. With
this patch if we list the ruleset, the output is:
table inet filter {
chain input {
reject with icmpx type host-unreachable
}
}
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 38618ee8..8f90cc03 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -944,8 +944,10 @@ static void stmt_reject_postprocess(struct rule_pp_ctx rctx, struct stmt *stmt) stmt->reject.expr->dtype = &icmpv6_code_type; break; case NFPROTO_INET: - if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) + if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) { + stmt->reject.expr->dtype = &icmpx_code_type; break; + } base = rctx.pctx.protocol[PROTO_BASE_LL_HDR].desc; desc = rctx.pctx.protocol[PROTO_BASE_NETWORK_HDR].desc; protocol = proto_find_num(base, desc); @@ -960,8 +962,10 @@ static void stmt_reject_postprocess(struct rule_pp_ctx rctx, struct stmt *stmt) stmt->reject.family = protocol; break; case NFPROTO_BRIDGE: - if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) + if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) { + stmt->reject.expr->dtype = &icmpx_code_type; break; + } base = rctx.pctx.protocol[PROTO_BASE_LL_HDR].desc; desc = rctx.pctx.protocol[PROTO_BASE_NETWORK_HDR].desc; protocol = proto_find_num(base, desc); |