diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-26 17:22:32 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-26 17:50:19 +0200 |
commit | 08d2f049367153d2c3b03c95b2ca7256cdf3521d (patch) | |
tree | 35b291e94c051a50d1473d21932f6a27ff8498b5 /tests/py/ip6 | |
parent | 1ab1fcbc19a82e03d229586b8fd5b16396a9fab7 (diff) |
src: promote 'reject with icmp CODE' syntax
The kernel already assumes that that ICMP type to reject a packet is
destination-unreachable, hence the user specifies the *ICMP code*.
Simplify the syntax to:
... reject with icmp port-unreachable
this removes the 'type' keyword before the ICMP code to reject the
packet with.
IIRC, the original intention is to leave room for future extensions that
allow to specify both the ICMP type and the ICMP code, this is however
not possible with the current inconsistent syntax.
Update manpages which also refer to ICMP type.
Adjust tests/py to the new syntax.
Fixes: 5fdd0b6a0600 ("nft: complete reject support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6')
-rw-r--r-- | tests/py/ip6/reject.t | 18 | ||||
-rw-r--r-- | tests/py/ip6/reject.t.payload.ip6 | 14 |
2 files changed, 16 insertions, 16 deletions
diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t index 79f3d557..bfdd094e 100644 --- a/tests/py/ip6/reject.t +++ b/tests/py/ip6/reject.t @@ -3,14 +3,14 @@ *ip6;test-ip6;output reject;ok -reject with icmpv6 type no-route;ok -reject with icmpv6 type admin-prohibited;ok -reject with icmpv6 type addr-unreachable;ok -reject with icmpv6 type port-unreachable;ok;reject -reject with icmpv6 type policy-fail;ok -reject with icmpv6 type reject-route;ok -reject with icmpv6 type 3;ok;reject with icmpv6 type addr-unreachable +reject with icmpv6 no-route;ok +reject with icmpv6 admin-prohibited;ok +reject with icmpv6 addr-unreachable;ok +reject with icmpv6 port-unreachable;ok;reject +reject with icmpv6 policy-fail;ok +reject with icmpv6 reject-route;ok +reject with icmpv6 3;ok;reject with icmpv6 addr-unreachable mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset -reject with icmpv6 type host-unreachable;fail -reject with icmp type host-unreachable;fail +reject with icmpv6 host-unreachable;fail +reject with icmp host-unreachable;fail diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6 index 9f90734e..3d4321b0 100644 --- a/tests/py/ip6/reject.t.payload.ip6 +++ b/tests/py/ip6/reject.t.payload.ip6 @@ -2,31 +2,31 @@ ip6 test-ip6 output [ reject type 0 code 4 ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route ip6 test-ip6 output [ reject type 0 code 0 ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited ip6 test-ip6 output [ reject type 0 code 1 ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable ip6 test-ip6 output [ reject type 0 code 3 ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable ip6 test-ip6 output [ reject type 0 code 4 ] -# reject with icmpv6 type policy-fail +# reject with icmpv6 policy-fail ip6 test-ip6 output [ reject type 0 code 5 ] -# reject with icmpv6 type reject-route +# reject with icmpv6 reject-route ip6 test-ip6 output [ reject type 0 code 6 ] -# reject with icmpv6 type 3 +# reject with icmpv6 3 ip6 test-ip6 output [ reject type 0 code 3 ] |