diff options
| author |   Stanislav Fomichev <stfomichev@yandex-team.ru> | 2013-10-22 16:43:23 +0400 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-23 11:20:00 +0200 |
| commit | f2020b27be94222eb25c39ff46eb9917cb92897b (patch) | |
| tree | c95066079a1cc1df42935b0c275e78eb9ec6aaee /net/bridge/br_netfilter.c | |
| parent | netfilter: ipset: The unnamed union initialization may lead to compilation error (diff) | |
| download | linux-dev-f2020b27be94222eb25c39ff46eb9917cb92897b.tar.xz linux-dev-f2020b27be94222eb25c39ff46eb9917cb92897b.zip | |
netfilter: ip6t_REJECT: skip checksum verification for outgoing ipv6 packets
Don't verify checksum for outgoing packets because checksum calculation
may be done by the device.
Without this patch:
$ ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset
$ time telnet ipv6.google.com 80
Trying 2a00:1450:4010:c03::67...
telnet: Unable to connect to remote host: Connection timed out
real 0m7.201s
user 0m0.000s
sys 0m0.000s
With the patch applied:
$ ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset
$ time telnet ipv6.google.com 80
Trying 2a00:1450:4010:c03::67...
telnet: Unable to connect to remote host: Connection refused
real 0m0.085s
user 0m0.000s
sys 0m0.000s
Signed-off-by: Stanislav Fomichev <stfomichev@yandex-team.ru>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge/br_netfilter.c')
0 files changed, 0 insertions, 0 deletions