On Sat, 2 Nov 2002, Bart De Schuymer wrote: > On Saturday 02 November 2002 14:41, Pekka Savola wrote: > > > Does this incremental patch fix that? > > > > Unfortunately not .. 0.0.0.0 will be used as the source address instead. > > Does this base patch do the trick then?
Indeed, thanks. (Note, I'd perhaps add a comment on the reasons 'saddr = iph->daddr' so that if people add code afterwards don't get caught, but that's just fine-tuning.) > cheers, > Bart > > --- linux-2.4.19/net/ipv4/netfilter/ipt_REJECT.c.old2 Sat Nov 2 15:29:40 2002 > +++ linux-2.4.19/net/ipv4/netfilter/ipt_REJECT.c Sat Nov 2 15:57:45 2002 > @@ -72,6 +72,8 @@ > nf_conntrack_put(nskb->nfct); > nskb->nfct = NULL; > nskb->nfcache = 0; > + nskb->physindev = NULL; > + nskb->physoutdev = NULL; > #ifdef CONFIG_NETFILTER_DEBUG > nskb->nf_debug = 0; > #endif > @@ -209,6 +211,8 @@ > if (ip_route_output(&rt, iph->saddr, saddr, RT_TOS(tos), 0)) > return; > > + saddr = iph->daddr; > + > /* RFC says return as much as we can without exceeding 576 bytes. */ > length = skb_in->len + sizeof(struct iphdr) + sizeof(struct icmphdr); > > @@ -243,7 +247,7 @@ > iph->ttl = MAXTTL; > ip_select_ident(iph, &rt->u.dst, NULL); > iph->protocol=IPPROTO_ICMP; > - iph->saddr=rt->rt_src; > + iph->saddr=saddr; > iph->daddr=rt->rt_dst; > iph->check=0; > iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); > -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
