[PATCH] remove overzealous checks in REJECT target]
kaber at trash.net
Fri Dec 17 06:43:39 CET 2004
Harald Welte wrote:
>I agree with Yasuyuki's proposed changes, do you already have this patch
>in your pending queue?
>I'm just asking because there was no follow-up on the list...
I missed it, but the patch is wrong. We must return at least 8 byte of
protocol header, so the check can't be removed. The skb_header_pointer
part looks fine, I'm going to apply it after getting some sleep.
Every ICMP error message includes the Internet header and at
least the first 8 data octets of the datagram that triggered
the error; more than 8 octets MAY be sent; this header and data
MUST be unchanged from the received datagram.
More information about the netfilter-devel