ChangeSet 1.2217.1.20, 2005/03/17 10:05:53-08:00, [EMAIL PROTECTED]
[IPV4]: Send TCP reset through dst_output in ipt_REJECT
I noticed that the TCP reset code in ipt_REJECT didn't call dst_output
either so it also bypasses IPsec processing. Here is a patch to fix
that and use the correct MTU value.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
ipt_REJECT.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff -Nru a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
--- a/net/ipv4/netfilter/ipt_REJECT.c 2005-03-18 14:07:24 -08:00
+++ b/net/ipv4/netfilter/ipt_REJECT.c 2005-03-18 14:07:24 -08:00
@@ -207,13 +207,13 @@
nskb->nh.iph->ihl);
/* "Never happens" */
- if (nskb->len > dst_pmtu(nskb->dst))
+ if (nskb->len > dst_mtu(nskb->dst))
goto free_nskb;
nf_ct_attach(nskb, oldskb);
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
- ip_finish_output);
+ dst_output);
return;
free_nskb:
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
