Matching on fragmentation header length is ineffective in kernel, xlate
callback correctly ignores it. Add a comment as a hint for reviewers.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libip6t_frag.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 3842496e56a55..72a43153c53dc 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -193,6 +193,8 @@ static int frag_xlate(struct xt_xlate *xl,
space = " ";
}
+ /* ignore ineffective IP6T_FRAG_LEN bit */
+
if (fraginfo->flags & IP6T_FRAG_RES) {
xt_xlate_add(xl, "%sfrag reserved 1", space);
space = " ";
--
2.38.0
