diff mbox series

[1/3] nftables: add frag-needed (ipv4) to reject options

Message ID 3248042ddaddd431d5306bc3e1cc40b7954c667f.1588758255.git.michael-dev@fami-braun.de
State Accepted
Delegated to: Pablo Neira
Headers show
Series Avoid gretap fragmentation with nftables on bridge | expand

Commit Message

michael-dev May 6, 2020, 9:46 a.m. UTC 
This enables to send icmp frag-needed messages using reject target.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
---
 doc/data-types.txt | 2 ++
 src/datatype.c     | 1 +
 2 files changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/doc/data-types.txt b/doc/data-types.txt
index 90e19a8b..a42a55fa 100644
--- a/doc/data-types.txt
+++ b/doc/data-types.txt
@@ -254,6 +254,8 @@  The ICMP Code type is used to conveniently specify the ICMP header's code field.
 2
 |port-unreachable|
 3
+|frag-needed|
+4
 |net-prohibited|
 9
 |host-prohibited|
diff --git a/src/datatype.c b/src/datatype.c
index b305bf60..7d652ff2 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -825,6 +825,7 @@  static const struct symbol_table icmp_code_tbl = {
 		SYMBOL("net-prohibited",	ICMP_NET_ANO),
 		SYMBOL("host-prohibited",	ICMP_HOST_ANO),
 		SYMBOL("admin-prohibited",	ICMP_PKT_FILTERED),
+		SYMBOL("frag-needed",		ICMP_FRAG_NEEDED),
 		SYMBOL_LIST_END
 	},
 };