On Wed, Jan 13, 2016 at 5:43 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > I'd suggest you submit this patch with a proper description. > > Thanks. This patch will modify the conntrack state created by ICMPv6 redirect packets from INVALID (as it is implemented now, skb->nfct remains NULL) to RELATED (like in ICMPv6 errors case). In IPv4 case, ICMP redirects are treated the same way as ICMP errors, so there is no issue. Probably ICMPv6 redirects were not handled because their parsing is not as straightforward as ICMPv6 errors. I tested it on an older version of kernel, but since nf_conntrack_proto_icmpv6.c remained basically the same, I think the issue would be reproducible even on latest version of kernel. Cheers, Alin -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
