[NETFILTER]: ip6t_mh: drop piggyback payload packet on MH packets (138939e0) · Commits · hpc / Old_Soft / kernel

Commit 138939e0 authored Feb 12, 2007 by

Masahide NAKAMURA Committed by David S. Miller Feb 12, 2007

[NETFILTER]: ip6t_mh: drop piggyback payload packet on MH packets

Regarding RFC3775, MH payload proto field should be IPPROTO_NONE. Otherwise
it must be discarded (and the receiver should send ICMP error).

We assume filter should drop such piggyback everytime to disallow slipping
through firewall rules, even the final receiver will discard it.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 601e68e1

Hide whitespace changes

Inline Side-by-side

Please register or to comment