git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 20 Jun 2014 12:58:54 +0000 (14:58 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 20 Jun 2014 13:00:02 +0000 (15:00 +0200)
commit	6b39cecf634ade76ae6b19c632ef5890639481cb
tree	d0341b9d56091aa541b6d0240bcf59283315af3c	tree
parent	34040b1e345c8fa31b1c468713ff7c3815e4a8a1	commit \| diff

src: revert broken reject icmp code support

This patch reverts Alvaro's 34040b1 ("reject: add ICMP code parameter
for indicating the type of error") and 11b2bb2 ("reject: Use protocol
context for indicating the reject type").

These patches are flawed by two things:

1) IPv6 support is broken, only ICMP codes are considered.
2) If you don't specify any transport context, the utility exits without
adding the rule, eg. nft add rule ip filter input reject.

The kernel is also flawed when it comes to the inet table. Let's revert
this until we can provide decent reject reason support.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/statement.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
src/parser.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
src/statement.c		diff \| blob \| blame \| history