xt_TARPIT 20070806
Sami Farin
safari-netfilter at safari.iki.fi
Sun Aug 12 14:57:45 CEST 2007
On Sun, Aug 12, 2007 at 13:31:43 +0200, Jan Engelhardt wrote:
>
> On Aug 6 2007 15:06, Jan Engelhardt wrote:
> >Subject: xt_TARPIT 20070806
>
> I'd like to get some comments if possible.
> Otherwise I assume it's ready to be included ;-)
It would be really nice if this was included in the kernel
because the version in POM-NG tends to rot and everyone
who uses TARPIT module has to fix it on their own when
new kernel is released because usually TARPIT module
is not updated to work or even compile with latest kernel(s).
That has been my experience with TARPIT module since 2004 (or 2003?)...
But isn't this redundant?
if (oldskb->len < ip_hdrlen(oldskb) + sizeof(struct tcphdr))
return;
Shouldn't this be enough?
/* A truncated TCP header is not going to be useful */
otcph = skb_header_pointer(oldskb, ip_hdrlen(oldskb),
sizeof(_otcph), &_otcph);
if (otcph == NULL)
return;
--
Do what you love because life is too short for anything else.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20070812/16da918f/attachment.pgp
More information about the netfilter-devel
mailing list