diff options
| author | Erik Kline <ek@google.com> | 2016-06-01 16:16:10 +0900 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-04-25 11:28:24 +0200 |
| commit | 5c4c6231df01ae850597d443348e96d681aff2ce (patch) | |
| tree | 1b9dbe3283c8bfa8347c90f403aeaf4a059f0c1d /net | |
| parent | 1e6a6bf8fba86c42f76c842c18df10d4324d2c6e (diff) | |
Revert "netfilter: have ip*t REJECT set the sock err when an icmp is to be sent"
This reverts commit 6f489c42a92e0e33d4257017d6fd4a3e79f75f79.
Bug: 28719525
Change-Id: I77707cc93b3c5f0339e6bce36734027586c639d3
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 12 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_REJECT.c | 8 | ||||
| -rw-r--r-- | net/ipv6/netfilter/Kconfig | 12 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 9 |
4 files changed, 0 insertions, 41 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 23dfd4a31..e7916c193 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig @@ -110,18 +110,6 @@ config IP_NF_TARGET_REJECT To compile it as a module, choose M here. If unsure, say N. -config IP_NF_TARGET_REJECT_SKERR - bool "Force socket error when rejecting with icmp*" - depends on IP_NF_TARGET_REJECT - default n - help - This option enables turning a "--reject-with icmp*" into a matching - socket error also. - The REJECT target normally allows sending an ICMP message. But it - leaves the local socket unaware of any ingress rejects. - - If unsure, say N. - config IP_NF_TARGET_ULOG tristate "ULOG target support" default m if NETFILTER_ADVANCED=n diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 452e8a587..04b18c1ac 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c @@ -129,14 +129,6 @@ static void send_reset(struct sk_buff *oldskb, int hook) static inline void send_unreach(struct sk_buff *skb_in, int code) { icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); -#ifdef CONFIG_IP_NF_TARGET_REJECT_SKERR - if (skb_in->sk) { - skb_in->sk->sk_err = icmp_err_convert[code].errno; - skb_in->sk->sk_error_report(skb_in->sk); - pr_debug("ipt_REJECT: sk_err=%d for skb=%p sk=%p\n", - skb_in->sk->sk_err, skb_in, skb_in->sk); - } -#endif } static unsigned int diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 7f45af3e8..4433ab40e 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig @@ -153,18 +153,6 @@ config IP6_NF_TARGET_REJECT To compile it as a module, choose M here. If unsure, say N. -config IP6_NF_TARGET_REJECT_SKERR - bool "Force socket error when rejecting with icmp*" - depends on IP6_NF_TARGET_REJECT - default n - help - This option enables turning a "--reject-with icmp*" into a matching - socket error also. - The REJECT target normally allows sending an ICMP message. But it - leaves the local socket unaware of any ingress rejects. - - If unsure, say N. - config IP6_NF_MANGLE tristate "Packet mangling" default m if NETFILTER_ADVANCED=n diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 573c23223..70f9abc0e 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c @@ -180,15 +180,6 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code, skb_in->dev = net->loopback_dev; icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0); -#ifdef CONFIG_IP6_NF_TARGET_REJECT_SKERR - if (skb_in->sk) { - icmpv6_err_convert(ICMPV6_DEST_UNREACH, code, - &skb_in->sk->sk_err); - skb_in->sk->sk_error_report(skb_in->sk); - pr_debug("ip6t_REJECT: sk_err=%d for skb=%p sk=%p\n", - skb_in->sk->sk_err, skb_in, skb_in->sk); - } -#endif } static unsigned int |