]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b91b9fc) | patch
netfilter: Drop fragmented ndisc packets assembled in netfilter
authorGeorg Kohmann <geokohma@cisco.com>
Tue, 13 Oct 2020 12:23:12 +0000 (14:23 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 20 Oct 2020 11:54:53 +0000 (13:54 +0200)
commit91564b63ee38f7c8f401c16502860942e928d0ed
tree3a2457acc9eb577d7ffa6c11ab3cc1a173441acbtree | snapshot
parentb91b9fc4041069cee586098378173d82ea7311e3commit | diff
netfilter: Drop fragmented ndisc packets assembled in netfilter

Fragmented ndisc packets assembled in netfilter not dropped as specified
in RFC 6980, section 5. This behaviour breaks TAHI IPv6 Core Conformance
Tests v6LC.2.1.22/23, V6LC.2.2.26/27 and V6LC.2.3.18.

Setting IP6SKB_FRAGMENTED flag during reassembly.

References: commit dbdaaf6bea5e ("ipv6: drop fragmented ndisc packets by default (RFC 6980)")
Signed-off-by: Georg Kohmann <geokohma@cisco.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv6/netfilter/nf_conntrack_reasm.c diff | blob | history
Linux Kernel Source Tree.