@@ -1380,24 +1380,16 @@ json_t *reject_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
type = "tcp reset";
break;
case NFT_REJECT_ICMPX_UNREACH:
- if (stmt->reject.icmp_code == NFT_REJECT_ICMPX_PORT_UNREACH)
- break;
type = "icmpx";
jexpr = expr_print_json(stmt->reject.expr, octx);
break;
case NFT_REJECT_ICMP_UNREACH:
switch (stmt->reject.family) {
case NFPROTO_IPV4:
- if (!stmt->reject.verbose_print &&
- stmt->reject.icmp_code == ICMP_PORT_UNREACH)
- break;
type = "icmp";
jexpr = expr_print_json(stmt->reject.expr, octx);
break;
case NFPROTO_IPV6:
- if (!stmt->reject.verbose_print &&
- stmt->reject.icmp_code == ICMP6_DST_UNREACH_NOPORT)
- break;
type = "icmpv6";
jexpr = expr_print_json(stmt->reject.expr, octx);
break;
@@ -1,103 +1,3 @@
-# reject with icmp type host-unreachable
-[
- {
- "reject": {
- "expr": "host-unreachable",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type net-unreachable
-[
- {
- "reject": {
- "expr": "net-unreachable",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type prot-unreachable
-[
- {
- "reject": {
- "expr": "prot-unreachable",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type net-prohibited
-[
- {
- "reject": {
- "expr": "net-prohibited",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type host-prohibited
-[
- {
- "reject": {
- "expr": "host-prohibited",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type admin-prohibited
-[
- {
- "reject": {
- "expr": "admin-prohibited",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmpv6 type no-route
-[
- {
- "reject": {
- "expr": "no-route",
- "type": "icmpv6"
- }
- }
-]
-
-# reject with icmpv6 type admin-prohibited
-[
- {
- "reject": {
- "expr": "admin-prohibited",
- "type": "icmpv6"
- }
- }
-]
-
-# reject with icmpv6 type addr-unreachable
-[
- {
- "reject": {
- "expr": "addr-unreachable",
- "type": "icmpv6"
- }
- }
-]
-
-# reject with icmpv6 type port-unreachable
-[
- {
- "reject": {
- "expr": "port-unreachable",
- "type": "icmpv6"
- }
- }
-]
-
# mark 12345 ip protocol tcp reject with tcp reset
[
{
@@ -130,10 +30,13 @@
}
]
-# reject with icmpx type port-unreachable
+# reject
[
{
- "reject": null
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpx"
+ }
}
]
@@ -156,3 +59,26 @@
}
}
]
+
+# ether type vlan reject
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "ether"
+ }
+ },
+ "op": "==",
+ "right": "vlan"
+ }
+ },
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpx"
+ }
+ }
+]
+
@@ -25,30 +25,33 @@
}
]
-# meta nfproto ipv4 reject
+# reject
[
{
"reject": {
"expr": "port-unreachable",
- "type": "icmp"
+ "type": "icmpx"
}
}
]
-# meta nfproto ipv6 reject
+# meta nfproto ipv4 reject
[
{
"reject": {
"expr": "port-unreachable",
- "type": "icmpv6"
+ "type": "icmp"
}
}
]
-# reject with icmpx type port-unreachable
+# meta nfproto ipv6 reject
[
{
- "reject": null
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpv6"
+ }
}
]
@@ -1,7 +1,10 @@
-# reject with icmp type port-unreachable
+# reject
[
{
- "reject": null
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmp"
+ }
}
]
@@ -1,7 +1,10 @@
-# reject with icmpv6 type port-unreachable
+# reject
[
{
- "reject": null
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpv6"
+ }
}
]
No need to reduce output size, also this way output is more predictable. While being at it, drop some pointless chunks from tests/py/bridge/reject.t.json.output. Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/json.c | 8 -- tests/py/bridge/reject.t.json.output | 130 ++++++--------------------- tests/py/inet/reject.t.json.output | 15 ++-- tests/py/ip/reject.t.json.output | 7 +- tests/py/ip6/reject.t.json.output | 7 +- 5 files changed, 47 insertions(+), 120 deletions(-)