[Top] [All Lists]

[IPV4] Make ipt_REJECT use icmp_send again

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: [IPV4] Make ipt_REJECT use icmp_send again
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Mar 2005 21:51:00 +1100
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <42374A35.6020308@xxxxxxxxx>
References: <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050315100522.GA7275@xxxxxxxxxxxxxxxxxxx> <20050315102450.0f3f1618.davem@xxxxxxxxxxxxx> <42373142.6090902@xxxxxxxxx> <20050315204006.GB22349@xxxxxxxxxxxxxxxxxxx> <42374A35.6020308@xxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Tue, Mar 15, 2005 at 09:48:53PM +0100, Patrick McHardy wrote:
> Ok. I can't see any different reason to keep it, so go ahead. I'll take
> care of the xrlim stuff later.

Great.  Here is the patch that makes ipt_REJECT use icmp_send again.
We've gone full circle :)

As it is ipt_REJECT doesn't work at all with IPsec.  Despite my efforts
previously in making the policy lookups work there I neglected to change
the final call to dst_output so the policy lookup is useless.

ipt_REJECT also had a number of deviations from icmp_send which seems to
be unjustified.  For examples it ignored source routing IP options.

There was a bug in icmp_send too :) It didn't set the ICMP type/code
values for the policy lookup.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

I compared the two functions line-by-line to make sure that there
weren't any subtle differences.  Please double check this in case
I overlooked something important.

Visit Openswan at
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:

Attachment: xfrm-18
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>