From: Alvaro Neira Date: Fri, 17 Oct 2014 12:24:36 +0000 (+0200) Subject: delinearize: list the icmpx reason with the string associated X-Git-Tag: v0.4~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=62e22f533edd67ffe31059d988e716aba84c03fe;p=thirdparty%2Fnftables.git delinearize: list the icmpx reason with the string associated If you add the rule: nft add rule inet filter input reject with icmpx type host-unreachable nft list table inet filter shows: table inet filter { chain input { reject with icmpx type 2 } } We have to attach the icmpx datatype when we list the rules that use it. With this patch if we list the ruleset, the output is: table inet filter { chain input { reject with icmpx type host-unreachable } } Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 38618ee8..8f90cc03 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -944,8 +944,10 @@ static void stmt_reject_postprocess(struct rule_pp_ctx rctx, struct stmt *stmt) stmt->reject.expr->dtype = &icmpv6_code_type; break; case NFPROTO_INET: - if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) + if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) { + stmt->reject.expr->dtype = &icmpx_code_type; break; + } base = rctx.pctx.protocol[PROTO_BASE_LL_HDR].desc; desc = rctx.pctx.protocol[PROTO_BASE_NETWORK_HDR].desc; protocol = proto_find_num(base, desc); @@ -960,8 +962,10 @@ static void stmt_reject_postprocess(struct rule_pp_ctx rctx, struct stmt *stmt) stmt->reject.family = protocol; break; case NFPROTO_BRIDGE: - if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) + if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) { + stmt->reject.expr->dtype = &icmpx_code_type; break; + } base = rctx.pctx.protocol[PROTO_BASE_LL_HDR].desc; desc = rctx.pctx.protocol[PROTO_BASE_NETWORK_HDR].desc; protocol = proto_find_num(base, desc);