leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
51b0a5d8c2
linux/net/bridge
History
Pablo Neira Ayuso 51b0a5d8c2 netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 
This patch introduces the NFT_REJECT_ICMPX_UNREACH type which provides
an abstraction to the ICMP and ICMPv6 codes that you can use from the
inet and bridge tables, they are:

* NFT_REJECT_ICMPX_NO_ROUTE: no route to host - network unreachable
* NFT_REJECT_ICMPX_PORT_UNREACH: port unreachable
* NFT_REJECT_ICMPX_HOST_UNREACH: host unreachable
* NFT_REJECT_ICMPX_ADMIN_PROHIBITED: administratevely prohibited

You can still use the specific codes when restricting the rule to match
the corresponding layer 3 protocol.

I decided to not overload the existing NFT_REJECT_ICMP_UNREACH to have
different semantics depending on the table family and to allow the user
to specify ICMP family specific codes if they restrict it to the
corresponding family.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-02 18:29:57 +02:00
..
netfilter netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 2014-10-02 18:29:57 +02:00
br_device.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_fdb.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-05 18:46:26 -07:00
br_forward.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_if.c bridge: switch order of rx_handler reg and upper dev link 2014-09-09 11:29:54 -07:00
br_input.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_ioctl.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_mdb.c bridge: rename struct bridge_mcast_query/querier 2014-06-10 23:50:46 -07:00
br_multicast.c br_multicast: Replace rcu_assign_pointer() with RCU_INIT_POINTER() 2014-08-22 12:23:11 -07:00
br_netfilter.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_netlink.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_nf_core.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_private.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-09-29 14:46:53 -04:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_stp_if.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_stp_timer.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_sysfs_br.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
br_sysfs_if.c bridge: Keep track of ports capable of automatic discovery. 2014-05-16 17:06:33 -04:00
br_vlan.c bridge: Fix br_should_learn to check vlan_enabled 2014-09-15 17:38:30 -04:00
br.c netfilter: bridge: move br_netfilter out of the core 2014-09-26 18:42:31 +02:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile netfilter: bridge: build br_nf_core only if required 2014-09-30 14:07:51 -04:00