* [PATCH 2.6 8/8]: Don't insist on ICMP errors carrying 8 byte of protocol header
@ 2005-03-04 12:00 Patrick McHardy
0 siblings, 0 replies; only message in thread
From: Patrick McHardy @ 2005-03-04 12:00 UTC (permalink / raw)
To: David S. Miller, Netfilter Development Mailinglist
[-- Attachment #1: 08.diff --]
[-- Type: text/x-patch, Size: 2739 bytes --]
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/03/03 23:20:42+01:00 kaber@coreworks.de
# [NETFILTER]: Don't insist on ICMP errors carrying 8 byte of protocol header
#
# An ICMP error only needs to carry 8 bytes of protocol header if they were
# present in the original packet. Makes netfilter's handling of ICMP errors
# consistent with IP.
#
# Signed-off-by: Patrick McHardy <kaber@trash.net>
#
# net/ipv4/netfilter/ipt_REJECT.c
# 2005/03/03 23:20:32+01:00 kaber@coreworks.de +0 -4
# [NETFILTER]: Don't insist on ICMP errors carrying 8 byte of protocol header
#
# An ICMP error only needs to carry 8 bytes of protocol header if they were
# present in the original packet. Makes netfilter's handling of ICMP errors
# consistent with IP.
#
# Signed-off-by: Patrick McHardy <kaber@trash.net>
#
# net/ipv4/netfilter/ipt_LOG.c
# 2005/03/03 23:20:32+01:00 kaber@coreworks.de +5 -5
# [NETFILTER]: Don't insist on ICMP errors carrying 8 byte of protocol header
#
# An ICMP error only needs to carry 8 bytes of protocol header if they were
# present in the original packet. Makes netfilter's handling of ICMP errors
# consistent with IP.
#
# Signed-off-by: Patrick McHardy <kaber@trash.net>
#
diff -Nru a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
--- a/net/ipv4/netfilter/ipt_LOG.c 2005-03-03 23:36:12 +01:00
+++ b/net/ipv4/netfilter/ipt_LOG.c 2005-03-03 23:36:12 +01:00
@@ -198,16 +198,16 @@
static size_t required_len[NR_ICMP_TYPES+1]
= { [ICMP_ECHOREPLY] = 4,
[ICMP_DEST_UNREACH]
- = 8 + sizeof(struct iphdr) + 8,
+ = 8 + sizeof(struct iphdr),
[ICMP_SOURCE_QUENCH]
- = 8 + sizeof(struct iphdr) + 8,
+ = 8 + sizeof(struct iphdr),
[ICMP_REDIRECT]
- = 8 + sizeof(struct iphdr) + 8,
+ = 8 + sizeof(struct iphdr),
[ICMP_ECHO] = 4,
[ICMP_TIME_EXCEEDED]
- = 8 + sizeof(struct iphdr) + 8,
+ = 8 + sizeof(struct iphdr),
[ICMP_PARAMETERPROB]
- = 8 + sizeof(struct iphdr) + 8,
+ = 8 + sizeof(struct iphdr),
[ICMP_TIMESTAMP] = 20,
[ICMP_TIMESTAMPREPLY] = 20,
[ICMP_ADDRESS] = 12,
diff -Nru a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
--- a/net/ipv4/netfilter/ipt_REJECT.c 2005-03-03 23:36:12 +01:00
+++ b/net/ipv4/netfilter/ipt_REJECT.c 2005-03-03 23:36:12 +01:00
@@ -252,10 +252,6 @@
if (iph->frag_off&htons(IP_OFFSET))
return;
- /* Ensure we have at least 8 bytes of proto header. */
- if (skb_in->len < skb_in->nh.iph->ihl*4 + 8)
- return;
-
/* If we send an ICMP error to an ICMP error a mess would result.. */
if (iph->protocol == IPPROTO_ICMP) {
struct icmphdr ihdr;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-03-04 12:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-04 12:00 [PATCH 2.6 8/8]: Don't insist on ICMP errors carrying 8 byte of protocol header Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.