Hi Greg, A previous bad patch breaks 18 test cases for IPv6 fragment headers. This has already been un-done in upstream, but not in any of the LTS. However two upstream patches are first needed to cover a DoS vulnerability. For background, there are two mail threads in [netdev] on this subject: 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from captwiggum) 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU (from captwiggum) Two patches from upstream needed first to cover the DoS: commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a net: IP6 defrag: use rbtrees for IPv6 defrag commit 997dd96471641e147cb2c33ad54284000d0f5e35 net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c One undo-patch to fix the IPv6 fragment headers: ipv6: defrag: drop non-last frags smaller than min mtu UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 Thanks! --John Masinter (captwiggum)
