[PATCH 2/3] attach conntrack to TCP RST generated by ip6t_REJECT
Yasuyuki KOZAKAI
yasuyuki.kozakai at toshiba.co.jp
Mon Feb 13 17:29:56 CET 2006
[NETFILTER]: attach conntrack to TCP RST generated by ip6t_REJECT
TCP RST generated by REJECT target should be associated with
the conntrack of original TCP packet. But the conntrack may be discarded
before nf_conntrack tracks it, then nf_conntrack has no way to associate
them. This makes REJECT target do that instead.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp>
---
commit a17cfc5ef47d98a67694b08ca93a94d961434a18
tree 4864fd153997c60693b9d96d37b0ee2ee672af31
parent 9fc7cbdd2585028ecba2e55009d1d30605373300
author Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp> Thu, 09 Feb 2006 02:25:18 +0900
committer Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp> Thu, 09 Feb 2006 02:25:18 +0900
net/ipv6/netfilter/ip6t_REJECT.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index c745717..0e6d1d4 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *o
csum_partial((char *)tcph,
sizeof(struct tcphdr), 0));
+ nf_ct_attach(nskb, oldskb);
+
NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
dst_output);
}
More information about the netfilter-devel
mailing list