DELUDE: update comment about reentrancy

author Jan Engelhardt <jengelh@inai.de>

Wed, 20 Mar 2013 13:22:04 +0000 (14:22 +0100)

committer Jan Engelhardt <jengelh@inai.de>

Sun, 31 Mar 2013 19:11:25 +0000 (21:11 +0200)
author Jan Engelhardt <jengelh@inai.de>
Wed, 20 Mar 2013 13:22:04 +0000 (14:22 +0100)
committer Jan Engelhardt <jengelh@inai.de>
Sun, 31 Mar 2013 19:11:25 +0000 (21:11 +0200)
diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c

index 5b69cdb1eab34811cd1c28bf1e8f9c4c002550b7..06510bd48f3e9180325dcae8d8738fea7b0e1435 100644 (file)
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -140,9 +140,11 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
  static unsigned int
  delude_tg(struct sk_buff **pskb, const struct xt_action_param *par)
  {
-       /* WARNING: This code causes reentry within iptables.
-          This means that the iptables jump stack is now crap.  We
-          must return an absolute verdict. --RR */
+       /*
+        * Sending the reset causes reentrancy within iptables - and should not pose
+        * a problem, as that is supported since Linux 2.6.35. But since we do not
+        * actually want to have a connection open, we are still going to drop it.
+        */
         delude_send_reset(*pskb, par->hooknum);
         return NF_DROP;
  }
author	Jan Engelhardt <jengelh@inai.de>
	Wed, 20 Mar 2013 13:22:04 +0000 (14:22 +0100)
committer	Jan Engelhardt <jengelh@inai.de>
	Sun, 31 Mar 2013 19:11:25 +0000 (21:11 +0200)