diff options
author | Davide Caratti <dcaratti@redhat.com> | 2017-01-02 13:29:41 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-05 13:24:47 +0100 |
commit | cf6e007eef83476c5d541453d84e08b07befe124 (patch) | |
tree | a5be2ddeaced82169b7d05c0846c9ad306df4390 /include/dt-bindings | |
parent | 300ae149468f440a2629fa8b33d0ce1e860d479f (diff) |
netfilter: conntrack: validate SCTP crc32c in PREROUTING
implement sctp_error to let nf_conntrack_in validate crc32c on the packet
transport header. Assign skb->ip_summed to CHECKSUM_UNNECESSARY and return
NF_ACCEPT in case of successful validation; otherwise, return -NF_ACCEPT to
let netfilter skip connection tracking, like other protocols do.
Besides preventing corrupted packets from matching conntrack entries, this
fixes functionality of REJECT target: it was not generating any ICMP upon
reception of SCTP packets, because it was computing RFC 1624 checksum on
the packet and systematically mismatching crc32c in the SCTP header.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/dt-bindings')
0 files changed, 0 insertions, 0 deletions