summaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorAndreas Herz <andi@geekosphere.org>2015-08-21 11:31:32 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-08-26 20:32:35 +0200
commit1afe839e6b31a85fc53adbf8757d6373908d414d (patch)
tree2cf35819f9bae5b945650e0e63d21a5f338a6bfd /net/ipv6
parent116984a316c3a3200f8a7912110cc4a6d6c0989e (diff)
downloadlinux-1afe839e6b31a85fc53adbf8757d6373908d414d.tar.gz
linux-1afe839e6b31a85fc53adbf8757d6373908d414d.tar.bz2
linux-1afe839e6b31a85fc53adbf8757d6373908d414d.zip
netfilter: ip6t_REJECT: added missing icmpv6 codes
RFC 4443 added two new codes values for ICMPv6 type 1: 5 - Source address failed ingress/egress policy 6 - Reject route to destination And RFC 7084 states in L-14 that IPv6 Router MUST send ICMPv6 Destination Unreachable with code 5 for packets forwarded to it that use an address from a prefix that has been invalidated. Codes 5 and 6 are more informative subsets of code 1. Signed-off-by: Andreas Herz <andi@geekosphere.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 567367a75172..0ed841a3fa33 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -63,6 +63,12 @@ reject_tg6(struct sk_buff *skb, const struct xt_action_param *par)
case IP6T_TCP_RESET:
nf_send_reset6(net, skb, par->hooknum);
break;
+ case IP6T_ICMP6_POLICY_FAIL:
+ nf_send_unreach6(net, skb, ICMPV6_POLICY_FAIL, par->hooknum);
+ break;
+ case IP6T_ICMP6_REJECT_ROUTE:
+ nf_send_unreach6(net, skb, ICMPV6_REJECT_ROUTE, par->hooknum);
+ break;
}
return NF_DROP;