On Wed, Feb 13, 2019 at 09:14:53AM +0100, Alin Nastac wrote: > From: Alin Nastac <alin.nastac@xxxxxxxxx> > > Some protocols have other means to verify the payload integrity > (AH, ESP, SCTP) while others are incompatible with nf_ip(6)_checksum > implementation because checksum is either optional or might be > partial (UDPLITE, DCCP, GRE). Because nf_ip(6)_checksum was used > to validate the packets, ip(6)tables REJECT rules were not capable > to generate ICMP(v6) errors for the protocols mentioned above. > > This commit also fixes the incorrect pseudo-header protocol used > for IPv4 packets that carry other transport protocols than TCP or > UDP (pseudo-header used protocol 0 iso the proper value). I tossed previous one and applied this, thanks.
