On Tue, Oct 22, 2013 at 04:43:23PM +0400, Stanislav Fomichev wrote: > Don't verify checksum for outgoing packets because checksum calculation > may be done by the device. > > Without this patch: > $ ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset > $ time telnet ipv6.google.com 80 > Trying 2a00:1450:4010:c03::67... > telnet: Unable to connect to remote host: Connection timed out > > real 0m7.201s > user 0m0.000s > sys 0m0.000s > > With the patch applied: > $ ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset > $ time telnet ipv6.google.com 80 > Trying 2a00:1450:4010:c03::67... > telnet: Unable to connect to remote host: Connection refused > > real 0m0.085s > user 0m0.000s > sys 0m0.000s Applied to nf-next, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
