Jozsef points out that
meta l4proto icmp icmp type destination-unreachable
is hard to read. So, lets just add icmp/icmpv6 to
ip/ip6 protocol base so users can just go with
icmp type destination-unreachable
and let nft fill in needed dependency.
After this patch, the recent patch to not remove the
dependency can be reverted again.
Suggested-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
diff --git a/src/proto.c b/src/proto.c
index a54090a..8cf29d2 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -591,6 +591,7 @@ const struct proto_desc proto_ip = {
.checksum_key = IPHDR_CHECKSUM,
.protocols = {
PROTO_LINK(IPPROTO_ICMP, &proto_icmp),
+ PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6),
PROTO_LINK(IPPROTO_ESP, &proto_esp),
PROTO_LINK(IPPROTO_AH, &proto_ah),
PROTO_LINK(IPPROTO_COMP, &proto_comp),
@@ -718,6 +719,7 @@ const struct proto_desc proto_ip6 = {
PROTO_LINK(IPPROTO_TCP, &proto_tcp),
PROTO_LINK(IPPROTO_DCCP, &proto_dccp),
PROTO_LINK(IPPROTO_SCTP, &proto_sctp),
+ PROTO_LINK(IPPROTO_ICMP, &proto_icmp),
PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6),
},
.templates = {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
