[PATCH] remove overzealous checks in REJECT target]

Patrick McHardy kaber at trash.net
Fri Dec 17 06:43:39 CET 2004


Harald Welte wrote:

>Hi Patrick!
>
>I agree with Yasuyuki's proposed changes, do you already have this patch
>in your pending queue?
>
>I'm just asking because there was no follow-up on the list...
>
I missed it, but the patch is wrong. We must return at least 8 byte of
protocol header, so the check can't be removed. The skb_header_pointer
part looks fine, I'm going to apply it after getting some sleep.

RFC1122: §3.2.2:
Every ICMP error message includes the Internet header and at
least the first 8 data octets of the datagram that triggered
the error; more than 8 octets MAY be sent; this header and data
MUST be unchanged from the received datagram.

Regards
Patrick





More information about the netfilter-devel mailing list