[NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECT

HOPLIMIT metric is appropriate to TCP reset sent by REJECT target than hard-coded max TTL. Thanks to David S. Miller for hint. Signed-off-by: N Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: N David S. Miller <davem@davemloft.net>

[NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECT
HOPLIMIT metric is appropriate to TCP reset sent by REJECT target than hard-coded max TTL. Thanks to David S. Miller for hint. Signed-off-by: N Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: N David S. Miller <davem@davemloft.net>
e8eaedf2 · Yasuyuki Kozakai · David S. Miller · 0ae2cfe7 · e8eaedf2
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/ipv4/netfilter/ipt_REJECT.c net/ipv4/netfilter/ipt_REJECT.c +1 -1

未找到文件。
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -203,7 +203,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
 						sizeof(struct tcphdr), 0));

 	/* Adjust IP TTL, DF */
-	nskb->nh.iph->ttl = MAXTTL;
+	nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
 	/* Set DF, id = 0 */
 	nskb->nh.iph->frag_off = htons(IP_DF);
 	nskb->nh.iph->id = 0;