[PATCH] remove overzealous checks in REJECT target]

Harald Welte laforge at netfilter.org
Fri Dec 17 08:54:42 CET 2004


On Fri, Dec 17, 2004 at 06:43:39AM +0100, Patrick McHardy wrote:
> Harald Welte wrote:
> 
> >Hi Patrick!
> >
> >I agree with Yasuyuki's proposed changes, do you already have this patch
> >in your pending queue?
>
> I missed it, but the patch is wrong. We must return at least 8 byte of
> protocol header, so the check can't be removed. The skb_header_pointer
> part looks fine, I'm going to apply it after getting some sleep.

> RFC1122: §3.2.2:

Thanks for pointing this out.  I certainly read it a number of times
before, but it slipped my mind temporarily.

-- 
- Harald Welte <laforge at netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20041217/19e0109d/attachment-0001.bin


More information about the netfilter-devel mailing list