diff options
author | Florian Westphal <fw@strlen.de> | 2018-09-04 13:53:59 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-04 14:57:17 +0200 |
commit | 0f44d4f62753535d39d95d83778348bee4e88053 (patch) | |
tree | a8abdf198af2bd59e718283e54e84dea92aa7f03 /tests/py/ip/icmp.t | |
parent | aab7913f0e9bfd331980a4e6a478d3e350be9e89 (diff) |
proto: fix icmp/icmpv6 code datatype
Andrew A. Sabitov says:
I'd like to use a set (concatenation) of icmpv6 type and icmpv6 code
and check incoming icmpv6 traffic against it:
add set inet fw in_icmpv6_types { type icmpv6_type . icmpv6_code; }
add element inet fw in_icmpv6_types { 1 . 0 } # no route to destination
add element inet fw in_icmpv6_types { 1 . 1 } # communication with destination administratively prohibited
# ...
add rule inet fw in_icmpv6 icmpv6 type . icmpv6 code @in_icmpv6_types \
limit rate 15/minute accept
yields:
Error: can not use variable sized data types (integer) in concat expressions
icmpv6 type . icmpv6 code @in_icmpv6_types
~~~~~~~~~~~~~~^^^^^^^^^^^
Change 'code' type to the icmp/icmpv6 code type.
Needs minor change to test suite as nft will now display
human-readable names instead of numeric codes.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1276
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/py/ip/icmp.t')
-rw-r--r-- | tests/py/ip/icmp.t | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t index 5a7ce7e0..6c05fb9d 100644 --- a/tests/py/ip/icmp.t +++ b/tests/py/ip/icmp.t @@ -28,8 +28,8 @@ icmp code 33-55;ok icmp code != 33-55;ok icmp code { 33-55};ok icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok -icmp code != { 2, 4, 54, 33, 56};ok +icmp code { 2, 4, 54, 33, 56};ok;icmp code { prot-unreachable, 4, 33, 54, 56} +icmp code != { prot-unreachable, 4, 33, 54, 56};ok icmp checksum 12343 accept;ok icmp checksum != 12343 accept;ok |