On Saturday 02 November 2002 14:41, Pekka Savola wrote:
> > Does this incremental patch fix that?
>
> Unfortunately not .. 0.0.0.0 will be used as the source address instead.
Does this base patch do the trick then?
cheers,
Bart
--- linux-2.4.19/net/ipv4/netfilter/ipt_REJECT.c.old2 Sat Nov 2 15:29:40 2002
+++ linux-2.4.19/net/ipv4/netfilter/ipt_REJECT.c Sat Nov 2 15:57:45 2002
@@ -72,6 +72,8 @@
nf_conntrack_put(nskb->nfct);
nskb->nfct = NULL;
nskb->nfcache = 0;
+ nskb->physindev = NULL;
+ nskb->physoutdev = NULL;
#ifdef CONFIG_NETFILTER_DEBUG
nskb->nf_debug = 0;
#endif
@@ -209,6 +211,8 @@
if (ip_route_output(&rt, iph->saddr, saddr, RT_TOS(tos), 0))
return;
+ saddr = iph->daddr;
+
/* RFC says return as much as we can without exceeding 576 bytes. */
length = skb_in->len + sizeof(struct iphdr) + sizeof(struct icmphdr);
@@ -243,7 +247,7 @@
iph->ttl = MAXTTL;
ip_select_ident(iph, &rt->u.dst, NULL);
iph->protocol=IPPROTO_ICMP;
- iph->saddr=rt->rt_src;
+ iph->saddr=saddr;
iph->daddr=rt->rt_dst;
iph->check=0;
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
