summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Fesler <jfesler@vm1.test-ipv6.com>2015-02-18 10:32:37 -0800
committerJason Fesler <jfesler@vm1.test-ipv6.com>2015-02-18 10:32:37 -0800
commit577b1ae77518142085db7593cd08bf0ad629e379 (patch)
tree3b879a34b2b6dc133e9eb9a54d95f175c9b629ab
parent347e165f513c3d0183e604497bb94984ba8959ab (diff)
downloadmtu1280d-577b1ae77518142085db7593cd08bf0ad629e379.tar.gz
mtu1280d-577b1ae77518142085db7593cd08bf0ad629e379.zip
Change our mechanism to mark packets instead of drop packets.
Dropping wasn't working. :(
Diffstat
-rw-r--r--mtu1280d.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/mtu1280d.c b/mtu1280d.c
index 64fef74..00eaa2d 100644
--- a/mtu1280d.c
+++ b/mtu1280d.c
@@ -264,7 +264,7 @@ block_pkt (struct nfq_data *tb)
{
printf ("Accepting!\n");
}
- return NF_ACCEPT;
+ return 1280; // iptables mark to keep the packet
}
@@ -368,7 +368,7 @@ block_pkt (struct nfq_data *tb)
printf ("Send failed\n");
- return NF_DROP;
+ return 1281; // iptables will drop this later as being too big
}
@@ -378,7 +378,7 @@ cb (struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
{
struct nfqnl_msg_packet_hdr *ph;
u_int32_t id = 0;
- u_int32_t v;
+ u_int32_t mark;
if (do_debug)
{
@@ -395,8 +395,11 @@ cb (struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
ntohs (ph->hw_protocol), ph->hook, id);
}
}
- v = block_pkt (nfa);
- return nfq_set_verdict (qh, id, v, 0, NULL);
+ mark = block_pkt (nfa);
+ if (do_debug) {
+ printf("\nnfq_set_verdict2(qh, id=%d, v=NF_ACCEPT, mark=%d, 0, NULL)\n",id,mark);
+ }
+ return nfq_set_verdict2 (qh, id, NF_ACCEPT, mark, 0, NULL);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-07 19:48:34 +0000