]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 97fdaaf) | patch
netfilter: Drop fragmented ndisc packets assembled in netfilter
authorGeorg Kohmann <geokohma@cisco.com>
Tue, 13 Oct 2020 12:23:12 +0000 (14:23 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 20 Oct 2020 11:54:53 +0000 (13:54 +0200)
commit32d2668ddaef7532b05dc098ab9bdf2cec0f2523
tree3a2457acc9eb577d7ffa6c11ab3cc1a173441acbtree | snapshot
parent97fdaafadf2a4d5ee41aa2e251d01011f6adb48dcommit | diff
netfilter: Drop fragmented ndisc packets assembled in netfilter

Fragmented ndisc packets assembled in netfilter not dropped as specified
in RFC 6980, section 5. This behaviour breaks TAHI IPv6 Core Conformance
Tests v6LC.2.1.22/23, V6LC.2.2.26/27 and V6LC.2.3.18.

Setting IP6SKB_FRAGMENTED flag during reassembly.

References: commit 00d61bb8bd31 ("ipv6: drop fragmented ndisc packets by default (RFC 6980)")
Signed-off-by: Georg Kohmann <geokohma@cisco.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv6/netfilter/nf_conntrack_reasm.c diff | blob | history
Linux Kernel Source Tree.