[PATCH] icmp type-3-code-13 for REJECT
Fabrice MARIE
fabrice@celestix.com
Mon, 15 Apr 2002 11:29:07 +0800
Hello,
On Monday 15 April 2002 08:46, Brad Chapman wrote:
> Mr. Harald,
> > Thanks for the patch. Unfortunately it's not that easy. Writing the
> > 10-line patch is smallest part of the job.
> > The interesting question is: How to achieve backwards- and
> > forwards-compatibility for
> > - making old kernel work with new iptables (easy)
> > - making new kernel work with old iptables (easy)
> > - make new iptables compile with old kernel headers
> > - make old iptables compile with new kernels (easy)
> Whoops - I completely forgot about that :(
> Unfortunately, I don't know how to do that, or I would have done
> it. Is it just basically a bunch of #ifdefs, or is there additional magic
> involved? I can remake the patch if required.....
Well the easy solution is to have a userspace patch (see the trivial
nfmark patches in pom for an exampla). This way, compatibility is
kept at all times. There is already a trivial reject with fake source
patch in pom that modify ipt_reject.c and libipt_reject.c, you might
want to have a look at it.
Have a nice day,
Fabrice.
--
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/
"Silly hacker, root is for administrators"
-Unknown