diff options
author | Andreas Herz <andi@geekosphere.org> | 2015-08-21 11:31:32 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-26 20:32:35 +0200 |
commit | 1afe839e6b31a85fc53adbf8757d6373908d414d (patch) | |
tree | 2cf35819f9bae5b945650e0e63d21a5f338a6bfd /net/ipv6 | |
parent | 116984a316c3a3200f8a7912110cc4a6d6c0989e (diff) | |
download | linux-1afe839e6b31a85fc53adbf8757d6373908d414d.tar.gz linux-1afe839e6b31a85fc53adbf8757d6373908d414d.tar.bz2 linux-1afe839e6b31a85fc53adbf8757d6373908d414d.zip |
netfilter: ip6t_REJECT: added missing icmpv6 codes
RFC 4443 added two new codes values for ICMPv6 type 1:
5 - Source address failed ingress/egress policy
6 - Reject route to destination
And RFC 7084 states in L-14 that IPv6 Router MUST send ICMPv6 Destination
Unreachable with code 5 for packets forwarded to it that use an address
from a prefix that has been invalidated.
Codes 5 and 6 are more informative subsets of code 1.
Signed-off-by: Andreas Herz <andi@geekosphere.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 567367a75172..0ed841a3fa33 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c @@ -63,6 +63,12 @@ reject_tg6(struct sk_buff *skb, const struct xt_action_param *par) case IP6T_TCP_RESET: nf_send_reset6(net, skb, par->hooknum); break; + case IP6T_ICMP6_POLICY_FAIL: + nf_send_unreach6(net, skb, ICMPV6_POLICY_FAIL, par->hooknum); + break; + case IP6T_ICMP6_REJECT_ROUTE: + nf_send_unreach6(net, skb, ICMPV6_REJECT_ROUTE, par->hooknum); + break; } return NF_DROP; |