patch-2.3.99-pre4 linux/net/ipv4/netfilter/ipt_REJECT.c
Next file: linux/net/ipv4/netfilter/ipt_TOS.c
Previous file: linux/net/ipv4/netfilter/ipt_REDIRECT.c
Back to the patch index
Back to the overall index
- Lines: 47
- Date:
Mon Mar 27 10:35:56 2000
- Orig file:
v2.3.99-pre3/linux/net/ipv4/netfilter/ipt_REJECT.c
- Orig date:
Sun Mar 19 18:35:31 2000
diff -u --recursive --new-file v2.3.99-pre3/linux/net/ipv4/netfilter/ipt_REJECT.c linux/net/ipv4/netfilter/ipt_REJECT.c
@@ -6,12 +6,11 @@
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <net/icmp.h>
-#include <net/tcp.h>
+#include <net/ip.h>
struct in_device;
#include <net/route.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_REJECT.h>
-EXPORT_NO_SYMBOLS;
#if 0
#define DEBUGP printk
@@ -28,6 +27,9 @@
{
const struct ipt_reject_info *reject = targinfo;
+ /* WARNING: This code has causes reentry within iptables.
+ This means that the iptables jump stack is now crap. We
+ must return an absolute verdict. --RR */
switch (reject->with) {
case IPT_ICMP_NET_UNREACHABLE:
icmp_send(*pskb, ICMP_DEST_UNREACH, ICMP_NET_UNREACH, 0);
@@ -62,9 +64,6 @@
}
}
break;
- case IPT_TCP_RESET:
- tcp_v4_send_reset(*pskb);
- break;
}
return NF_DROP;
@@ -113,12 +112,6 @@
/* Must contain ICMP match. */
if (IPT_MATCH_ITERATE(e, find_ping_match) == 0) {
DEBUGP("REJECT: ECHOREPLY illegal for non-ping\n");
- return 0;
- }
- } else if (rejinfo->with == IPT_TCP_RESET) {
- if (e->ip.proto != IPPROTO_TCP
- || (e->ip.invflags & IPT_INV_PROTO)) {
- DEBUGP("REJECT: TCP_RESET illegal for non-tcp\n");
return 0;
}
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)