I think one more fix is needed for unclean:
--- linux/net/ipv4/netfilter/ipt_unclean.c Sat Dec 22 02:42:05 2001
+++ linux-2.4.18-pre9-mjc2/net/ipv4/netfilter/ipt_unclean.c Fri Feb 15
11:52:48 2002
@@ -323,8 +323,8 @@
return 0;
}
- /* CHECK: TCP reserved bits zero. */
- if(tcp_flag_word(tcph) & TCP_RESERVED_BITS) {
+ /* CHECK: TCP reserved bits zero (except TCP ECN related bit). */
+ if(tcp_flag_word(tcph) & TCP_RESERVED_BITS & ~(TCP_FLAG_CWR|TCP_FLAG_ECE))
{
limpk("TCP reserved bits not zero\n");
return 0;
}
