From 0f44d4f62753535d39d95d83778348bee4e88053 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 4 Sep 2018 13:53:59 +0200 Subject: proto: fix icmp/icmpv6 code datatype Andrew A. Sabitov says: I'd like to use a set (concatenation) of icmpv6 type and icmpv6 code and check incoming icmpv6 traffic against it: add set inet fw in_icmpv6_types { type icmpv6_type . icmpv6_code; } add element inet fw in_icmpv6_types { 1 . 0 } # no route to destination add element inet fw in_icmpv6_types { 1 . 1 } # communication with destination administratively prohibited # ... add rule inet fw in_icmpv6 icmpv6 type . icmpv6 code @in_icmpv6_types \ limit rate 15/minute accept yields: Error: can not use variable sized data types (integer) in concat expressions icmpv6 type . icmpv6 code @in_icmpv6_types ~~~~~~~~~~~~~~^^^^^^^^^^^ Change 'code' type to the icmp/icmpv6 code type. Needs minor change to test suite as nft will now display human-readable names instead of numeric codes. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1276 Signed-off-by: Florian Westphal --- tests/py/ip/icmp.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/py/ip/icmp.t') diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t index 5a7ce7e0..6c05fb9d 100644 --- a/tests/py/ip/icmp.t +++ b/tests/py/ip/icmp.t @@ -28,8 +28,8 @@ icmp code 33-55;ok icmp code != 33-55;ok icmp code { 33-55};ok icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok -icmp code != { 2, 4, 54, 33, 56};ok +icmp code { 2, 4, 54, 33, 56};ok;icmp code { prot-unreachable, 4, 33, 54, 56} +icmp code != { prot-unreachable, 4, 33, 54, 56};ok icmp checksum 12343 accept;ok icmp checksum != 12343 accept;ok -- cgit v1.2.3