[NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECT
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Thu, 5 Jan 2006 20:28:57 +0000 (12:28 -0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Jan 2006 20:28:57 +0000 (12:28 -0800)
HOPLIMIT metric is appropriate to TCP reset sent by REJECT target
than hard-coded max TTL. Thanks to David S. Miller for hint.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/ipt_REJECT.c

index f057025a719e0af770f41ef05e653d1c58553cc8..6693526ae128715cca526a332cf3edde758a8fdd 100644 (file)
@@ -203,7 +203,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
                                                sizeof(struct tcphdr), 0));
 
        /* Adjust IP TTL, DF */
-       nskb->nh.iph->ttl = MAXTTL;
+       nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
        /* Set DF, id = 0 */
        nskb->nh.iph->frag_off = htons(IP_DF);
        nskb->nh.iph->id = 0;