OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net
History
Pablo Neira Ayuso 51b0a5d8c2 netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 
This patch introduces the NFT_REJECT_ICMPX_UNREACH type which provides
an abstraction to the ICMP and ICMPv6 codes that you can use from the
inet and bridge tables, they are:

* NFT_REJECT_ICMPX_NO_ROUTE: no route to host - network unreachable
* NFT_REJECT_ICMPX_PORT_UNREACH: port unreachable
* NFT_REJECT_ICMPX_HOST_UNREACH: host unreachable
* NFT_REJECT_ICMPX_ADMIN_PROHIBITED: administratevely prohibited

You can still use the specific codes when restricting the rule to match
the corresponding layer 3 protocol.

I decided to not overload the existing NFT_REJECT_ICMP_UNREACH to have
different semantics depending on the table family and to allow the user
to specify ICMP family specific codes if they restrict it to the
corresponding family.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2014-10-02 18:29:57 +02:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth
bridge netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 2014-10-02 18:29:57 +02:00
caif
can
ceph
core net: sched: enable per cpu qstats 2014-09-30 01:02:26 -04:00
dcb
dccp ipv6: add a struct inet6_skb_parm param to ipv6_opt_accepted() 2014-09-28 16:35:43 -04:00
decnet
dns_resolver
dsa net: dsa: allow switches driver to implement get/set EEE 2014-09-28 17:14:09 -04:00
ethernet
hsr
ieee802154 ieee802154: fix __init functions 2014-10-01 02:03:13 -04:00
ipv4 netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 2014-10-02 18:29:57 +02:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-09-29 14:46:53 -04:00
ipx
irda irda: add __init to irlan_open 2014-09-30 17:08:06 -04:00
iucv
key
l2tp l2tp: Refactor l2tp core driver to make use of the common UDP tunnel functions 2014-09-19 15:57:15 -04:00
lapb
llc
mac80211 Merge tag 'master-2014-09-16' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next 2014-09-26 15:39:24 -04:00
mac802154
mpls net: Remove gso_send_check as an offload callback 2014-09-26 00:22:47 -04:00
netfilter netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 2014-10-02 18:29:57 +02:00
netlabel
netlink
netrom
nfc
openvswitch net/openvswitch: remove dup comment in vport.h 2014-09-26 16:42:33 -04:00
packet
phonet
rds
rfkill net: rfkill: gpio: Fix clock status 2014-09-22 16:02:15 -04:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-09-23 12:09:27 -04:00
sched net: sched: enable per cpu qstats 2014-09-30 01:02:26 -04:00
sctp
sunrpc
tipc
unix
vmw_vsock
wimax
wireless Merge tag 'master-2014-09-16' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next 2014-09-26 15:39:24 -04:00
x25
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2014-09-28 17:19:15 -04:00
Kconfig netfilter: bridge: build br_nf_core only if required 2014-09-30 14:07:51 -04:00
Makefile
compat.c
nonet.c
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-09-23 12:09:27 -04:00
sysctl_net.c