Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
conntrack: Correct length check for tcp packet inside ICMP data.
An ICMP packet with type destination or host not reachable also carries 28 bytes of ICMP data field. This data field contains IP header and TCP header (partial first 8 bytes) of the original packet for which ICMP is being generated. Conntrack module when processing these ICMP packets checks for TCP header length (20 bytes). Since TCP header is partial the length check fails and packet is erroneously dropped. This patch fixes length check for TCP header when processing ICMP data fields. Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com> Signed-off-by: 0-day Robot <robot@bytheb.org>
- Loading branch information