'[PATCH 2.6] netfilter ipt_REJECT: Add RFC1812 ICMP_PKT_FILTERED'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    [PATCH 2.6] netfilter ipt_REJECT: Add RFC1812 ICMP_PKT_FILTERED
From:       Harald Welte <laforge () netfilter ! org>
Date:       2003-07-25 20:52:33
[Download RAW message or body]


Hi Dave!

The six patch set of 2.6 merges of recent bugfixes is now complete.

Author: Maciej Soltysiak <solt@dns.toxicfilms.tv>

This patch adds support for the iptables '--reject-with admin-prohib'
option of the REJECT target, making it compliant with RFC 1812.

[... now off my email until arrival at ksummit + OLS]

Please apply,


diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' \
--exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude \
'*.mod.c' --exclude '*~' \
linux-2.6.0-test1-nftest5/include/linux/netfilter_ipv4/ipt_REJECT.h \
                linux-2.6.0-test1-nftest6/include/linux/netfilter_ipv4/ipt_REJECT.h
--- linux-2.6.0-test1-nftest5/include/linux/netfilter_ipv4/ipt_REJECT.h	2003-07-14 \
                05:37:19.000000000 +0200
+++ linux-2.6.0-test1-nftest6/include/linux/netfilter_ipv4/ipt_REJECT.h	2003-07-19 \
16:40:11.000000000 +0200 @@ -9,7 +9,8 @@
 	IPT_ICMP_ECHOREPLY,
 	IPT_ICMP_NET_PROHIBITED,
 	IPT_ICMP_HOST_PROHIBITED,
-	IPT_TCP_RESET
+	IPT_TCP_RESET,
+	IPT_ICMP_ADMIN_PROHIBITED
 };
 
 struct ipt_reject_info {
diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' \
--exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude \
'*.mod.c' --exclude '*~' linux-2.6.0-test1-nftest5/net/ipv4/netfilter/ipt_REJECT.c \
                linux-2.6.0-test1-nftest6/net/ipv4/netfilter/ipt_REJECT.c
--- linux-2.6.0-test1-nftest5/net/ipv4/netfilter/ipt_REJECT.c	2003-07-19 \
                16:13:32.000000000 +0200
+++ linux-2.6.0-test1-nftest6/net/ipv4/netfilter/ipt_REJECT.c	2003-07-19 \
16:40:11.000000000 +0200 @@ -1,6 +1,7 @@
 /*
  * This is a module which is used for rejecting packets.
  * Added support for customized reject packets (Jozsef Kadlecsik).
+ * Added support for ICMP type-3-code-13 (Maciej Soltysiak). [RFC 1812]
  */
 #include <linux/config.h>
 #include <linux/module.h>
@@ -387,6 +388,9 @@
 	case IPT_ICMP_HOST_PROHIBITED:
     		send_unreach(*pskb, ICMP_HOST_ANO);
     		break;
+    	case IPT_ICMP_ADMIN_PROHIBITED:
+		send_unreach(*pskb, ICMP_PKT_FILTERED);
+		break;
 	case IPT_TCP_RESET:
 		send_reset(*pskb, hooknum == NF_IP_LOCAL_IN);
 	case IPT_ICMP_ECHOREPLY:

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie


[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic