linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Harald Welte <laforge@netfilter.org>
To: David Miller <davem@redhat.com>
Cc: Netfilter Development Mailinglist 
	<netfilter-devel@lists.netfilter.org>,
	Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>
Subject: [PATCH 2.6] netfilter ipt_REJECT: Add RFC1812 ICMP_PKT_FILTERED
Date: Fri, 25 Jul 2003 22:52:33 +0200	[thread overview]
Message-ID: <20030725205233.GE3244@sunbeam.de.gnumonks.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 2564 bytes --]

Hi Dave!

The six patch set of 2.6 merges of recent bugfixes is now complete.

Author: Maciej Soltysiak <solt@dns.toxicfilms.tv>

This patch adds support for the iptables '--reject-with admin-prohib'
option of the REJECT target, making it compliant with RFC 1812.

[... now off my email until arrival at ksummit + OLS]

Please apply,


diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.6.0-test1-nftest5/include/linux/netfilter_ipv4/ipt_REJECT.h linux-2.6.0-test1-nftest6/include/linux/netfilter_ipv4/ipt_REJECT.h
--- linux-2.6.0-test1-nftest5/include/linux/netfilter_ipv4/ipt_REJECT.h	2003-07-14 05:37:19.000000000 +0200
+++ linux-2.6.0-test1-nftest6/include/linux/netfilter_ipv4/ipt_REJECT.h	2003-07-19 16:40:11.000000000 +0200
@@ -9,7 +9,8 @@
 	IPT_ICMP_ECHOREPLY,
 	IPT_ICMP_NET_PROHIBITED,
 	IPT_ICMP_HOST_PROHIBITED,
-	IPT_TCP_RESET
+	IPT_TCP_RESET,
+	IPT_ICMP_ADMIN_PROHIBITED
 };
 
 struct ipt_reject_info {
diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.6.0-test1-nftest5/net/ipv4/netfilter/ipt_REJECT.c linux-2.6.0-test1-nftest6/net/ipv4/netfilter/ipt_REJECT.c
--- linux-2.6.0-test1-nftest5/net/ipv4/netfilter/ipt_REJECT.c	2003-07-19 16:13:32.000000000 +0200
+++ linux-2.6.0-test1-nftest6/net/ipv4/netfilter/ipt_REJECT.c	2003-07-19 16:40:11.000000000 +0200
@@ -1,6 +1,7 @@
 /*
  * This is a module which is used for rejecting packets.
  * Added support for customized reject packets (Jozsef Kadlecsik).
+ * Added support for ICMP type-3-code-13 (Maciej Soltysiak). [RFC 1812]
  */
 #include <linux/config.h>
 #include <linux/module.h>
@@ -387,6 +388,9 @@
 	case IPT_ICMP_HOST_PROHIBITED:
     		send_unreach(*pskb, ICMP_HOST_ANO);
     		break;
+    	case IPT_ICMP_ADMIN_PROHIBITED:
+		send_unreach(*pskb, ICMP_PKT_FILTERED);
+		break;
 	case IPT_TCP_RESET:
 		send_reset(*pskb, hooknum == NF_IP_LOCAL_IN);
 	case IPT_ICMP_ECHOREPLY:

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

                 reply	other threads:[~2003-07-25 20:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030725205233.GE3244@sunbeam.de.gnumonks.org \
    --to=laforge@netfilter.org \
    --cc=davem@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --subject='Re: [PATCH 2.6] netfilter ipt_REJECT: Add RFC1812 ICMP_PKT_FILTERED' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).