Skip to content

Commit

Permalink
Update ip6t_REJECT in kernel 2.6.22
Browse files Browse the repository at this point in the history
And adjust iptables (1.3.8) to match. This gives user-space
compatibility between kernel 2.6.22 and 2.6.38.
  • Loading branch information
kjbracey2 committed Dec 15, 2021
1 parent 42a4c71 commit 6b08209
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 12 deletions.
3 changes: 2 additions & 1 deletion release/src-rt/linux/linux-2.6/include/linux/icmpv6.h
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,8 @@ static inline struct icmp6hdr *icmp6_hdr(const struct sk_buff *skb)
#define ICMPV6_NOT_NEIGHBOUR 2
#define ICMPV6_ADDR_UNREACH 3
#define ICMPV6_PORT_UNREACH 4
#define ICMPV6_SRC_ADDR_FAIL_POLICY 5
#define ICMPV6_POLICY_FAIL 5
#define ICMPV6_REJECT_ROUTE 6

/*
* Codes for Time Exceeded
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,10 @@ enum ip6t_reject_with {
IP6T_ICMP6_NOT_NEIGHBOUR,
IP6T_ICMP6_ADDR_UNREACH,
IP6T_ICMP6_PORT_UNREACH,
IP6T_ICMP6_SRC_ADDR_FAIL_POLICY,
IP6T_ICMP6_ECHOREPLY,
IP6T_TCP_RESET
IP6T_TCP_RESET,
IP6T_ICMP6_POLICY_FAIL,
IP6T_ICMP6_REJECT_ROUTE
};

struct ip6t_reject_info {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -208,15 +208,18 @@ static unsigned int reject6_target(struct sk_buff **pskb,
case IP6T_ICMP6_PORT_UNREACH:
send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum);
break;
case IP6T_ICMP6_SRC_ADDR_FAIL_POLICY:
send_unreach(*pskb, ICMPV6_SRC_ADDR_FAIL_POLICY, hooknum);
break;
case IP6T_ICMP6_ECHOREPLY:
/* Do nothing */
break;
case IP6T_TCP_RESET:
send_reset(*pskb);
break;
case IP6T_ICMP6_POLICY_FAIL:
send_unreach(*pskb, ICMPV6_POLICY_FAIL, hooknum);
break;
case IP6T_ICMP6_REJECT_ROUTE:
send_unreach(*pskb, ICMPV6_REJECT_ROUTE, hooknum);
break;
default:
if (net_ratelimit())
printk(KERN_WARNING "ip6t_REJECT: case %u not handled yet\n", reject->with);
Expand Down
12 changes: 9 additions & 3 deletions release/src/router/iptables/extensions/libip6t_REJECT.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,16 @@ static const struct reject_names reject_table[] = {
IP6T_ICMP6_ADDR_UNREACH, "ICMPv6 address unreachable"},
{"icmp6-port-unreachable", "port-unreach",
IP6T_ICMP6_PORT_UNREACH, "ICMPv6 port unreachable"},
{"icmp6-src-addr-policy", "src-addr-policy",
IP6T_ICMP6_SRC_ADDR_FAIL_POLICY, "ICMPv6 src addr fails ingress/egress policy"},
{"tcp-reset", "tcp-reset",
IP6T_TCP_RESET, "TCP RST packet"}
IP6T_TCP_RESET, "TCP RST packet"},
{"icmp6-policy-fail", "policy-fail",
IP6T_ICMP6_POLICY_FAIL, "ICMPv6 policy fail"},
#if 1 /* compat */
{"icmp6-src-addr-policy", "src-addr-policy",
IP6T_ICMP6_POLICY_FAIL, "ICMPv6 src addr fails ingress/egress policy"},
#endif
{"icmp6-reject-route", "reject-route",
IP6T_ICMP6_REJECT_ROUTE, "ICMPv6 reject route"}
};

static void
Expand Down
Original file line number Diff line number Diff line change
@@ -1,18 +1,22 @@
#ifndef _IP6T_REJECT_H
#define _IP6T_REJECT_H

#include <linux/types.h>

enum ip6t_reject_with {
IP6T_ICMP6_NO_ROUTE,
IP6T_ICMP6_ADM_PROHIBITED,
IP6T_ICMP6_NOT_NEIGHBOUR,
IP6T_ICMP6_ADDR_UNREACH,
IP6T_ICMP6_PORT_UNREACH,
IP6T_ICMP6_SRC_ADDR_FAIL_POLICY,
IP6T_TCP_RESET
IP6T_ICMP6_ECHOREPLY,
IP6T_TCP_RESET,
IP6T_ICMP6_POLICY_FAIL,
IP6T_ICMP6_REJECT_ROUTE
};

struct ip6t_reject_info {
enum ip6t_reject_with with; /* reject type */
__u32 with; /* reject type */
};

#endif /*_IP6T_REJECT_H*/

0 comments on commit 6b08209

Please sign in to comment.