From: Yasuyuki Kozakai Date: Thu, 5 Jan 2006 20:28:57 +0000 (-0800) Subject: [NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECT X-Git-Tag: v2.6.16-rc1~474^2~21^2~5 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8eaedf2f8b368c26aa31a5a5a623b6867ef7f2b;p=linux-2.6 [NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECT HOPLIMIT metric is appropriate to TCP reset sent by REJECT target than hard-coded max TTL. Thanks to David S. Miller for hint. Signed-off-by: Yasuyuki Kozakai Signed-off-by: David S. Miller --- diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index f057025a71..6693526ae1 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c @@ -203,7 +203,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) sizeof(struct tcphdr), 0)); /* Adjust IP TTL, DF */ - nskb->nh.iph->ttl = MAXTTL; + nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT); /* Set DF, id = 0 */ nskb->nh.iph->frag_off = htons(IP_DF); nskb->nh.iph->id = 0;