[IPV4] Make ipt_REJECT use icmp

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	[IPV4] Make ipt_REJECT use icmp_send again
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Wed, 16 Mar 2005 21:51:00 +1100
Cc:	"David S. Miller" <davem@xxxxxxxxxxxxx>, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<42374A35.6020308@xxxxxxxxx>
References:	<20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050315100522.GA7275@xxxxxxxxxxxxxxxxxxx> <20050315102450.0f3f1618.davem@xxxxxxxxxxxxx> <42373142.6090902@xxxxxxxxx> <20050315204006.GB22349@xxxxxxxxxxxxxxxxxxx> <42374A35.6020308@xxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6+20040907i

To:

Patrick McHardy <kaber@xxxxxxxxx>

Subject:

[IPV4] Make ipt_REJECT use icmp_send again

From:

Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Date:

Wed, 16 Mar 2005 21:51:00 +1100

Cc:

"David S. Miller" <davem@xxxxxxxxxxxxx>, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx

In-reply-to:

<42374A35.6020308@xxxxxxxxx>

References:

<20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050315100522.GA7275@xxxxxxxxxxxxxxxxxxx> <20050315102450.0f3f1618.davem@xxxxxxxxxxxxx> <42373142.6090902@xxxxxxxxx> <20050315204006.GB22349@xxxxxxxxxxxxxxxxxxx> <42374A35.6020308@xxxxxxxxx>

Sender:

netdev-bounce@xxxxxxxxxxx

User-agent:

Mutt/1.5.6+20040907i

On Tue, Mar 15, 2005 at 09:48:53PM +0100, Patrick McHardy wrote:
> 
> Ok. I can't see any different reason to keep it, so go ahead. I'll take
> care of the xrlim stuff later.

Great.  Here is the patch that makes ipt_REJECT use icmp_send again.
We've gone full circle :)

As it is ipt_REJECT doesn't work at all with IPsec.  Despite my efforts
previously in making the policy lookups work there I neglected to change
the final call to dst_output so the policy lookup is useless.

ipt_REJECT also had a number of deviations from icmp_send which seems to
be unjustified.  For examples it ignored source routing IP options.

There was a bug in icmp_send too :) It didn't set the ICMP type/code
values for the policy lookup.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

I compared the two functions line-by-line to make sure that there
weren't any subtle differences.  Please double check this in case
I overlooked something important.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

xfrm-18
Description: Text document

<Prev in Thread]	Current Thread	[Next in Thread>
*[13/] [IPV4] Fix room calculation in icmp_send*, (continued)* *[13/] [IPV4] Fix room calculation in icmp_send*, Herbert Xu* *[14/] [IPV6] Reload skb->dst after xfrm6_route_forward*, Herbert Xu* *Re: [14/] [IPV6] Reload skb->dst after xfrm6_route_forward*, David S. Miller* *[15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *[16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *[17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu* *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, David S. Miller* *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Patrick McHardy* Replace send_unreach with icmp_send, Herbert Xu Re: Replace send_unreach with icmp_send, Patrick McHardy [IPV4] Make ipt_REJECT use icmp_send again, Herbert Xu <= Re: [IPV4] Make ipt_REJECT use icmp_send again, Patrick McHardy Re: [IPV4] Make ipt_REJECT use icmp_send again, David S. Miller [IPV4] Send TCP reset through dst_output in ipt_REJECT, Herbert Xu Re: [IPV4] Send TCP reset through dst_output in ipt_REJECT, David S. Miller *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Lennert Buytenhek* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, David S. Miller* *[21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, Herbert Xu* *[22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu*

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[BUG] overflow in net/ipv4/route.c rt_check_expire(), Eric Dumazet
Next by Date:	*Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu*
Previous by Thread:	Re: Replace send_unreach with icmp_send, Patrick McHardy
Next by Thread:	Re: [IPV4] Make ipt_REJECT use icmp_send again, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[BUG] overflow in net/ipv4/route.c rt_check_expire(), Eric Dumazet

Next by Date:

Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data, Herbert Xu

Previous by Thread:

Re: Replace send_unreach with icmp_send, Patrick McHardy

Next by Thread:

Re: [IPV4] Make ipt_REJECT use icmp_send again, Patrick McHardy

Indexes:

[Date] [Thread] [Top] [All Lists]