netfilter: ipv6: nf_defrag: Pass on packets to stack for error
ipv6_defrag pulls network headers before fragment header. In case of
an error, the netfilter layer is currently dropping these packets.
This results in failure of some IPv6 standards tests which passed on
older kernels due to the netfilter framework using cloning.
The test case run here is a check for ICMPv6 error message replies
when some invalid IPv6 fragments are sent.
Since netfilter layer now drops all invalid IPv6 frag packets, we no
longer see the ICMP error message and fail the test case.
To fix this, save the transport header . If defrag is unable to process
the packet, restore the transport header and allow packet to be
processed by stack. There is no change for other packet processing
paths.
CRs-Fixed: 2168587
Change-Id: Ic566e2f6a415f4da556272b03b79a2152c242cf6
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
1 file changed