ipv6: drop packets with multiple fragmentation headers

[ Upstream commit f46078cfcd77fa5165bf849f5e568a7ac5fa569c ] It is not allowed for an ipv6 packet to contain multiple fragmentation headers. So discard packets which were already reassembled by fragmentation logic and send back a parameter problem icmp. The updates for RFC 6980 will come in later, I have to do a bit more research here. Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Willy Tarreau <w@1wt.eu>
author: Hannes Frederic Sowa <hannes@stressinduktion.org> 2013-08-16 13:30:07 +0200
committer: Willy Tarreau <w@1wt.eu> 2014-05-19 07:53:54 +0200
commit: ede46183818537a2da12ad7bed33d8f2d3cb35d0 (patch)
tree: 7fc9a5182eeaebb8d94b779e6af5de245b75500c /include
parent: 789ee2aee7f7765e5bd4825541b16e957151c9d1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index c662efa68289..5bf3324ff5a3 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -248,6 +248,7 @@ struct inet6_skb_parm {
 
 #define IP6SKB_XFRM_TRANSFORMED	1
 #define IP6SKB_FORWARDED	2
+#define IP6SKB_FRAGMENTED      16
 };
 
 #define IP6CB(skb)	((struct inet6_skb_parm*)((skb)->cb))
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	2013-08-16 13:30:07 +0200
committer	Willy Tarreau <w@1wt.eu>	2014-05-19 07:53:54 +0200
commit	ede46183818537a2da12ad7bed33d8f2d3cb35d0 (patch)
tree	7fc9a5182eeaebb8d94b779e6af5de245b75500c /include
parent	789ee2aee7f7765e5bd4825541b16e957151c9d1 (diff)