diff options
| author | Jason Fesler <jfesler@vm1.test-ipv6.com> | 2015-02-18 10:32:37 -0800 |
|---|---|---|
| committer | Jason Fesler <jfesler@vm1.test-ipv6.com> | 2015-02-18 10:32:37 -0800 |
| commit | 577b1ae77518142085db7593cd08bf0ad629e379 (patch) | |
| tree | 3b879a34b2b6dc133e9eb9a54d95f175c9b629ab /mtu1280d.c | |
| parent | 347e165f513c3d0183e604497bb94984ba8959ab (diff) | |
| download | mtu1280d-577b1ae77518142085db7593cd08bf0ad629e379.tar.gz mtu1280d-577b1ae77518142085db7593cd08bf0ad629e379.zip | |
Change our mechanism to mark packets instead of drop packets.
Dropping wasn't working. :(
Diffstat (limited to 'mtu1280d.c')
| -rw-r--r-- | mtu1280d.c | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -264,7 +264,7 @@ block_pkt (struct nfq_data *tb) { printf ("Accepting!\n"); } - return NF_ACCEPT; + return 1280; // iptables mark to keep the packet } @@ -368,7 +368,7 @@ block_pkt (struct nfq_data *tb) printf ("Send failed\n"); - return NF_DROP; + return 1281; // iptables will drop this later as being too big } @@ -378,7 +378,7 @@ cb (struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, { struct nfqnl_msg_packet_hdr *ph; u_int32_t id = 0; - u_int32_t v; + u_int32_t mark; if (do_debug) { @@ -395,8 +395,11 @@ cb (struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, ntohs (ph->hw_protocol), ph->hook, id); } } - v = block_pkt (nfa); - return nfq_set_verdict (qh, id, v, 0, NULL); + mark = block_pkt (nfa); + if (do_debug) { + printf("\nnfq_set_verdict2(qh, id=%d, v=NF_ACCEPT, mark=%d, 0, NULL)\n",id,mark); + } + return nfq_set_verdict2 (qh, id, NF_ACCEPT, mark, 0, NULL); } |