[patch 3/3] Replace reverse_route() with a call to
ip_route_me_harder()
Patrick McHardy
kaber at trash.net
Fri Sep 29 15:38:51 CEST 2006
Horms wrote:
> Index: net-2.6.19/net/ipv4/netfilter/ipt_REJECT.c
> ===================================================================
> --- net-2.6.19.orig/net/ipv4/netfilter/ipt_REJECT.c 2006-09-19 12:50:43.000000000 +0900
> +++ net-2.6.19/net/ipv4/netfilter/ipt_REJECT.c 2006-09-21 17:55:37.000000000 +0900
> @@ -38,13 +38,9 @@
> #define DEBUGP(format, args...)
> #endif
>
> -static inline struct rtable *route_reverse(struct sk_buff *skb,
> - struct tcphdr *tcph, int hook)
> +static inline int send_reset_route(struct sk_buff **pskb, int hook)
> {
> ...
> - security_skb_classify_flow(skb, &fl);
With this patch we loose the security_skb_classify_flow call.
I think it is also needed in ip_route_me_harder, if so your
patch seems fine (but I get large rejects with the current
tree, so I'm going to redo it).
Venkat, is it correct to place a security_skb_classify_flow
call in ip_route_me_harder (which also handles currently
unlabeled protocols)?
More information about the netfilter-devel
mailing list