--- net/ipv4/tcp_ipv4.c	2010-03-07 12:23:36.169632867 -0500
+++ net/ipv4/tcp_ipv4.c	2010-03-10 17:24:00.887011575 -0500
@@ -1585,9 +1585,6 @@ int tcp_v4_do_rcv(struct sock *sk, struc
 	return 0;
 
 reset:
-#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-	if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
-#endif
 	tcp_v4_send_reset(rsk, skb);
 discard:
 	kfree_skb(skb);
@@ -1649,12 +1646,20 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	TCP_SKB_CB(skb)->sacked	 = 0;
 
 	sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
-	if (!sk)
+	if (!sk) {
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
+		ret = 1;
+#endif
 		goto no_tcp_socket;
+	}
 
 process:
-	if (sk->sk_state == TCP_TIME_WAIT)
+	if (sk->sk_state == TCP_TIME_WAIT) {
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
+		ret = 2;
+#endif
 		goto do_time_wait;
+	}
 
 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
 		goto discard_and_relse;
@@ -1697,7 +1702,7 @@ bad_packet:
 		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
 	} else {
 #ifdef CONFIG_GRKERNSEC_BLACKHOLE
-		if (skb->dev->flags & IFF_LOOPBACK)
+		if (ret == 2 || skb->dev->flags & IFF_LOOPBACK)
 #endif
 		tcp_v4_send_reset(NULL, skb);
 	}