netlink_delinearize: reject: remove dependency for tcp-resets

We can remove a l4 dependency in ip/ipv6 families. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2017-05-07 01:09:19 +0200
committer: Florian Westphal <fw@strlen.de> 2017-05-18 18:15:06 +0200
commit: 3f0324f0a2a727fe4b86333306634a78593ccb80 (patch)
tree: e410a3f967c9f41f210bb53ab8f91f33f9a93deb /src
parent: 50323910f2214de6fa333c3bf0c1452842b5a924 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index f0288cd4..49dc6a60 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1856,10 +1856,16 @@ static void stmt_reject_postprocess(struct rule_pp_ctx *rctx)
 	case NFPROTO_IPV4:
 		stmt->reject.family = rctx->pctx.family;
 		stmt->reject.expr->dtype = &icmp_code_type;
+		if (stmt->reject.type == NFT_REJECT_TCP_RST)
+			__payload_dependency_kill(&rctx->pdctx,
+						  PROTO_BASE_TRANSPORT_HDR);
 		break;
 	case NFPROTO_IPV6:
 		stmt->reject.family = rctx->pctx.family;
 		stmt->reject.expr->dtype = &icmpv6_code_type;
+		if (stmt->reject.type == NFT_REJECT_TCP_RST)
+			__payload_dependency_kill(&rctx->pdctx,
+						  PROTO_BASE_TRANSPORT_HDR);
 		break;
 	case NFPROTO_INET:
 		if (stmt->reject.type == NFT_REJECT_ICMPX_UNREACH) {
author	Florian Westphal <fw@strlen.de>	2017-05-07 01:09:19 +0200
committer	Florian Westphal <fw@strlen.de>	2017-05-18 18:15:06 +0200
commit	3f0324f0a2a727fe4b86333306634a78593ccb80 (patch)
tree	e410a3f967c9f41f210bb53ab8f91f33f9a93deb /src
parent	50323910f2214de6fa333c3bf0c1452842b5a924 (diff)