]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 374d25e)
delinearize: list the icmpx reason with the string associated
authorAlvaro Neira <alvaroneay@gmail.com>
Fri, 17 Oct 2014 12:24:36 +0000 (14:24 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 17 Oct 2014 12:57:15 +0000 (14:57 +0200)
If you add the rule:
  nft add rule inet filter input reject with icmpx type host-unreachable
  nft list table inet filter

shows:
  table inet filter {
chain input {
reject with icmpx type 2
}
  }

We have to attach the icmpx datatype when we list the rules that use it. With
this patch if we list the ruleset, the output is:

  table inet filter {
chain input {
reject with icmpx type host-unreachable
}
  }

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/netlink_delinearize.c patch | blob | blame | history

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 38618ee88caa0b7fb4130d705dc5fffe10b12c73..8f90cc036b1e4d5a6c8c696c343c69f49e623515 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -944,8 +944,10 @@ static void stmt_reject_postprocess(struct rule_pp_ctx rctx, struct stmt *stmt)
                stmt->reject.expr->dtype = &icmpv6_code_type;
                break;
        case NFPROTO_INET:
-               if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH)
+               if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) {
+                       stmt->reject.expr->dtype = &icmpx_code_type;
                        break;
+               }
                base = rctx.pctx.protocol[PROTO_BASE_LL_HDR].desc;
                desc = rctx.pctx.protocol[PROTO_BASE_NETWORK_HDR].desc;
                protocol = proto_find_num(base, desc);
@@ -960,8 +962,10 @@ static void stmt_reject_postprocess(struct rule_pp_ctx rctx, struct stmt *stmt)
                stmt->reject.family = protocol;
                break;
        case NFPROTO_BRIDGE:
-               if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH)
+               if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) {
+                       stmt->reject.expr->dtype = &icmpx_code_type;
                        break;
+               }
                base = rctx.pctx.protocol[PROTO_BASE_LL_HDR].desc;
                desc = rctx.pctx.protocol[PROTO_BASE_NETWORK_HDR].desc;
                protocol = proto_find_num(base, desc);
Mirror of git://git.netfilter.org/nftables