From 08d2f049367153d2c3b03c95b2ca7256cdf3521d Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 26 Jul 2021 17:22:32 +0200
Subject: src: promote 'reject with icmp CODE' syntax

The kernel already assumes that that ICMP type to reject a packet is
destination-unreachable, hence the user specifies the *ICMP code*.

Simplify the syntax to:

	... reject with icmp port-unreachable

this removes the 'type' keyword before the ICMP code to reject the
packet with.

IIRC, the original intention is to leave room for future extensions that
allow to specify both the ICMP type and the ICMP code, this is however
not possible with the current inconsistent syntax.

Update manpages which also refer to ICMP type.

Adjust tests/py to the new syntax.

Fixes: 5fdd0b6a0600 ("nft: complete reject support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/netdev/reject.t         | 54 ++++++++++++++++++++--------------------
 tests/py/netdev/reject.t.json    | 42 +++++++++++++++----------------
 tests/py/netdev/reject.t.payload | 42 +++++++++++++++----------------
 3 files changed, 69 insertions(+), 69 deletions(-)

(limited to 'tests/py/netdev')

diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t
index af109086..c66e649c 100644
--- a/tests/py/netdev/reject.t
+++ b/tests/py/netdev/reject.t
@@ -2,39 +2,39 @@
 
 *netdev;test-netdev;ingress
 
-reject with icmp type host-unreachable;ok
-reject with icmp type net-unreachable;ok
-reject with icmp type prot-unreachable;ok
-reject with icmp type port-unreachable;ok
-reject with icmp type net-prohibited;ok
-reject with icmp type host-prohibited;ok
-reject with icmp type admin-prohibited;ok
-
-reject with icmpv6 type no-route;ok
-reject with icmpv6 type admin-prohibited;ok
-reject with icmpv6 type addr-unreachable;ok
-reject with icmpv6 type port-unreachable;ok
-reject with icmpv6 type policy-fail;ok
-reject with icmpv6 type reject-route;ok
+reject with icmp host-unreachable;ok
+reject with icmp net-unreachable;ok
+reject with icmp prot-unreachable;ok
+reject with icmp port-unreachable;ok
+reject with icmp net-prohibited;ok
+reject with icmp host-prohibited;ok
+reject with icmp admin-prohibited;ok
+
+reject with icmpv6 no-route;ok
+reject with icmpv6 admin-prohibited;ok
+reject with icmpv6 addr-unreachable;ok
+reject with icmpv6 port-unreachable;ok
+reject with icmpv6 policy-fail;ok
+reject with icmpv6 reject-route;ok
 
 mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset
 
 reject;ok
-meta protocol ip reject;ok;reject with icmp type port-unreachable
-meta protocol ip6 reject;ok;reject with icmpv6 type port-unreachable
+meta protocol ip reject;ok;reject with icmp port-unreachable
+meta protocol ip6 reject;ok;reject with icmpv6 port-unreachable
 
-reject with icmpx type host-unreachable;ok
-reject with icmpx type no-route;ok
-reject with icmpx type admin-prohibited;ok
-reject with icmpx type port-unreachable;ok;reject
+reject with icmpx host-unreachable;ok
+reject with icmpx no-route;ok
+reject with icmpx admin-prohibited;ok
+reject with icmpx port-unreachable;ok;reject
 
-meta protocol ip reject with icmp type host-unreachable;ok;reject with icmp type host-unreachable
-meta protocol ip6 reject with icmpv6 type no-route;ok;reject with icmpv6 type no-route
+meta protocol ip reject with icmp host-unreachable;ok;reject with icmp host-unreachable
+meta protocol ip6 reject with icmpv6 no-route;ok;reject with icmpv6 no-route
 
-meta protocol ip6 reject with icmp type host-unreachable;fail
-meta protocol ip ip protocol icmp reject with icmpv6 type no-route;fail
-meta protocol ip6 ip protocol icmp reject with icmp type host-unreachable;fail
+meta protocol ip6 reject with icmp host-unreachable;fail
+meta protocol ip ip protocol icmp reject with icmpv6 no-route;fail
+meta protocol ip6 ip protocol icmp reject with icmp host-unreachable;fail
 meta l4proto udp reject with tcp reset;fail
 
-meta protocol ip reject with icmpx type admin-prohibited;ok
-meta protocol ip6 reject with icmpx type admin-prohibited;ok
+meta protocol ip reject with icmpx admin-prohibited;ok
+meta protocol ip6 reject with icmpx admin-prohibited;ok
diff --git a/tests/py/netdev/reject.t.json b/tests/py/netdev/reject.t.json
index 616a2bc1..9968aaf8 100644
--- a/tests/py/netdev/reject.t.json
+++ b/tests/py/netdev/reject.t.json
@@ -1,4 +1,4 @@
-# reject with icmp type host-unreachable
+# reject with icmp host-unreachable
 [
     {
         "reject": {
@@ -8,7 +8,7 @@
     }
 ]
 
-# reject with icmp type net-unreachable
+# reject with icmp net-unreachable
 [
     {
         "reject": {
@@ -18,7 +18,7 @@
     }
 ]
 
-# reject with icmp type prot-unreachable
+# reject with icmp prot-unreachable
 [
     {
         "reject": {
@@ -28,7 +28,7 @@
     }
 ]
 
-# reject with icmp type port-unreachable
+# reject with icmp port-unreachable
 [
     {
         "reject": {
@@ -38,7 +38,7 @@
     }
 ]
 
-# reject with icmp type net-prohibited
+# reject with icmp net-prohibited
 [
     {
         "reject": {
@@ -48,7 +48,7 @@
     }
 ]
 
-# reject with icmp type host-prohibited
+# reject with icmp host-prohibited
 [
     {
         "reject": {
@@ -58,7 +58,7 @@
     }
 ]
 
-# reject with icmp type admin-prohibited
+# reject with icmp admin-prohibited
 [
     {
         "reject": {
@@ -68,7 +68,7 @@
     }
 ]
 
-# reject with icmpv6 type no-route
+# reject with icmpv6 no-route
 [
     {
         "reject": {
@@ -78,7 +78,7 @@
     }
 ]
 
-# reject with icmpv6 type admin-prohibited
+# reject with icmpv6 admin-prohibited
 [
     {
         "reject": {
@@ -88,7 +88,7 @@
     }
 ]
 
-# reject with icmpv6 type addr-unreachable
+# reject with icmpv6 addr-unreachable
 [
     {
         "reject": {
@@ -98,7 +98,7 @@
     }
 ]
 
-# reject with icmpv6 type port-unreachable
+# reject with icmpv6 port-unreachable
 [
     {
         "reject": {
@@ -108,7 +108,7 @@
     }
 ]
 
-# reject with icmpv6 type policy-fail
+# reject with icmpv6 policy-fail
 [
     {
         "reject": {
@@ -118,7 +118,7 @@
     }
 ]
 
-# reject with icmpv6 type reject-route
+# reject with icmpv6 reject-route
 [
     {
         "reject": {
@@ -189,7 +189,7 @@
     }
 ]
 
-# reject with icmpx type host-unreachable
+# reject with icmpx host-unreachable
 [
     {
         "reject": {
@@ -199,7 +199,7 @@
     }
 ]
 
-# reject with icmpx type no-route
+# reject with icmpx no-route
 [
     {
         "reject": {
@@ -209,7 +209,7 @@
     }
 ]
 
-# reject with icmpx type admin-prohibited
+# reject with icmpx admin-prohibited
 [
     {
         "reject": {
@@ -219,7 +219,7 @@
     }
 ]
 
-# reject with icmpx type port-unreachable
+# reject with icmpx port-unreachable
 [
     {
         "reject": {
@@ -229,7 +229,7 @@
     }
 ]
 
-# meta protocol ip reject with icmp type host-unreachable
+# meta protocol ip reject with icmp host-unreachable
 [
     {
         "reject": {
@@ -239,7 +239,7 @@
     }
 ]
 
-# meta protocol ip6 reject with icmpv6 type no-route
+# meta protocol ip6 reject with icmpv6 no-route
 [
     {
         "reject": {
@@ -249,7 +249,7 @@
     }
 ]
 
-# meta protocol ip reject with icmpx type admin-prohibited
+# meta protocol ip reject with icmpx admin-prohibited
 [
     {
         "match": {
@@ -270,7 +270,7 @@
     }
 ]
 
-# meta protocol ip6 reject with icmpx type admin-prohibited
+# meta protocol ip6 reject with icmpx admin-prohibited
 [
     {
         "match": {
diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload
index 5f76b091..d014adab 100644
--- a/tests/py/netdev/reject.t.payload
+++ b/tests/py/netdev/reject.t.payload
@@ -1,76 +1,76 @@
-# reject with icmp type host-unreachable
+# reject with icmp host-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 1 ]
 
-# reject with icmp type net-unreachable
+# reject with icmp net-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 0 ]
 
-# reject with icmp type prot-unreachable
+# reject with icmp prot-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 2 ]
 
-# reject with icmp type port-unreachable
+# reject with icmp port-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 3 ]
 
-# reject with icmp type net-prohibited
+# reject with icmp net-prohibited
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 9 ]
 
-# reject with icmp type host-prohibited
+# reject with icmp host-prohibited
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 10 ]
 
-# reject with icmp type admin-prohibited
+# reject with icmp admin-prohibited
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 13 ]
 
-# reject with icmpv6 type no-route
+# reject with icmpv6 no-route
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 0 ]
 
-# reject with icmpv6 type admin-prohibited
+# reject with icmpv6 admin-prohibited
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 1 ]
 
-# reject with icmpv6 type addr-unreachable
+# reject with icmpv6 addr-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 3 ]
 
-# reject with icmpv6 type port-unreachable
+# reject with icmpv6 port-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 4 ]
 
-# reject with icmpv6 type policy-fail
+# reject with icmpv6 policy-fail
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 5 ]
 
-# reject with icmpv6 type reject-route
+# reject with icmpv6 reject-route
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
@@ -100,41 +100,41 @@ netdev
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 4 ]
 
-# reject with icmpx type host-unreachable
+# reject with icmpx host-unreachable
 netdev 
   [ reject type 2 code 2 ]
 
-# reject with icmpx type no-route
+# reject with icmpx no-route
 netdev 
   [ reject type 2 code 0 ]
 
-# reject with icmpx type admin-prohibited
+# reject with icmpx admin-prohibited
 netdev 
   [ reject type 2 code 3 ]
 
-# reject with icmpx type port-unreachable
+# reject with icmpx port-unreachable
 netdev 
   [ reject type 2 code 1 ]
 
-# meta protocol ip reject with icmp type host-unreachable
+# meta protocol ip reject with icmp host-unreachable
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 0 code 1 ]
 
-# meta protocol ip6 reject with icmpv6 type no-route
+# meta protocol ip6 reject with icmpv6 no-route
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
   [ reject type 0 code 0 ]
 
-# meta protocol ip reject with icmpx type admin-prohibited
+# meta protocol ip reject with icmpx admin-prohibited
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ reject type 2 code 3 ]
 
-# meta protocol ip6 reject with icmpx type admin-prohibited
+# meta protocol ip6 reject with icmpx admin-prohibited
 netdev 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x0000dd86 ]
-- 
cgit v1.2.3