Alin Nastac <alin.nastac@xxxxxxxxx> wrote: > From: Alin Nastac <alin.nastac@xxxxxxxxx> > > Some protocols have other means to verify the payload integrity > (AH, ESP, SCTP) while others are incompatible with nf_ip(6)_checksum > implementation because checksum is either optional or might be > partial (UDPLITE, DCCP, GRE). Because nf_ip(6)_checksum was used > to validate the packets, ip(6)tables REJECT rules were not capable > to generate ICMP(v6) errors for the protocols mentioned above. > > This commit also fixes the incorrect pseudo-header protocol used > for IPv4 packets that carry other transport protocols than TCP or > UDP (pseudo-header used protocol 0 iso the proper value). > > Signed-off-by: Alin Nastac <alin.nastac@xxxxxxxxx> Acked-by: Florian Westphal <fw@xxxxxxxxx>
