patch-2.3.99-pre4 linux/net/ipv4/netfilter/ipt_REJECT.c

Next file: linux/net/ipv4/netfilter/ipt_TOS.c
Previous file: linux/net/ipv4/netfilter/ipt_REDIRECT.c
Back to the patch index
Back to the overall index

Lines: 47
Date: Mon Mar 27 10:35:56 2000
Orig file: v2.3.99-pre3/linux/net/ipv4/netfilter/ipt_REJECT.c
Orig date: Sun Mar 19 18:35:31 2000


diff -u --recursive --new-file v2.3.99-pre3/linux/net/ipv4/netfilter/ipt_REJECT.c linux/net/ipv4/netfilter/ipt_REJECT.c
@@ -6,12 +6,11 @@
 #include <linux/skbuff.h>
 #include <linux/ip.h>
 #include <net/icmp.h>
-#include <net/tcp.h>
+#include <net/ip.h>
 struct in_device;
 #include <net/route.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_REJECT.h>
-EXPORT_NO_SYMBOLS;
 
 #if 0
 #define DEBUGP printk
@@ -28,6 +27,9 @@
 {
 	const struct ipt_reject_info *reject = targinfo;
 
+	/* WARNING: This code has causes reentry within iptables.
+	   This means that the iptables jump stack is now crap.  We
+	   must return an absolute verdict. --RR */
     	switch (reject->with) {
     	case IPT_ICMP_NET_UNREACHABLE:
     		icmp_send(*pskb, ICMP_DEST_UNREACH, ICMP_NET_UNREACH, 0);
@@ -62,9 +64,6 @@
 		}
 	}
 	break;
-	case IPT_TCP_RESET:
-		tcp_v4_send_reset(*pskb);
-		break;
 	}
 
 	return NF_DROP;
@@ -113,12 +112,6 @@
 		/* Must contain ICMP match. */
 		if (IPT_MATCH_ITERATE(e, find_ping_match) == 0) {
 			DEBUGP("REJECT: ECHOREPLY illegal for non-ping\n");
-			return 0;
-		}
-	} else if (rejinfo->with == IPT_TCP_RESET) {
-		if (e->ip.proto != IPPROTO_TCP
-		    || (e->ip.invflags & IPT_INV_PROTO)) {
-			DEBUGP("REJECT: TCP_RESET illegal for non-tcp\n");
 			return 0;
 		}
 	}

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi

TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)