[PATCH] remove overzealous checks in REJECT target]
Harald Welte
laforge at netfilter.org
Fri Dec 17 08:54:42 CET 2004
On Fri, Dec 17, 2004 at 06:43:39AM +0100, Patrick McHardy wrote:
> Harald Welte wrote:
>
> >Hi Patrick!
> >
> >I agree with Yasuyuki's proposed changes, do you already have this patch
> >in your pending queue?
>
> I missed it, but the patch is wrong. We must return at least 8 byte of
> protocol header, so the check can't be removed. The skb_header_pointer
> part looks fine, I'm going to apply it after getting some sleep.
> RFC1122: §3.2.2:
Thanks for pointing this out. I certainly read it a number of times
before, but it slipped my mind temporarily.
--
- Harald Welte <laforge at netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20041217/19e0109d/attachment-0001.bin
More information about the netfilter-devel
mailing list