patch-2.4.17 linux/net/ipv4/netfilter/ip_fw_compat.c
Next file: linux/net/ipv4/netfilter/ip_fw_compat_redir.c
Previous file: linux/net/ipv4/netfilter/ip_conntrack_irc.c
Back to the patch index
Back to the overall index
- Lines: 17
- Date:
Fri Dec 21 16:40:33 2001
- Orig file:
linux-2.4.16/net/ipv4/netfilter/ip_fw_compat.c
- Orig date:
Sat Nov 10 23:36:38 2001
diff -Naur -X /home/marcelo/lib/dontdiff linux-2.4.16/net/ipv4/netfilter/ip_fw_compat.c linux/net/ipv4/netfilter/ip_fw_compat.c
@@ -84,6 +84,16 @@
if ((*pskb)->ip_summed == CHECKSUM_HW)
(*pskb)->ip_summed = CHECKSUM_NONE;
+ /* Firewall rules can alter TOS: raw socket (tcpdump) may have
+ clone of incoming skb: don't disturb it --RR */
+ if (skb_cloned(*pskb) && !(*pskb)->sk) {
+ struct sk_buff *nskb = skb_copy(*pskb, GFP_ATOMIC);
+ if (!nskb)
+ return NF_DROP;
+ kfree_skb(*pskb);
+ *pskb = nskb;
+ }
+
switch (hooknum) {
case NF_IP_PRE_ROUTING:
if (fwops->fw_acct_in)
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)