[2.6 commit:
8ca31ce52a5cfd03b960fd81a49197ae85d25347]
The current code ignores rules for internal options in HBH/DST options
header in packet processing if 'Not strict' mode is specified (which is not
implemented). Clearly it is not expected by user.
Kernel should reject HBH/DST rule insertion with 'Not strict' mode
in the first place.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Willy Tarreau <w@1wt.eu>
hdrlen -= 2;
if ( !(optinfo->flags & IP6T_OPTS_OPTS) ){
return ret;
- } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
- DEBUGP("Not strict - not implemented");
} else {
DEBUGP("Strict ");
DEBUGP("#%d ",optinfo->optsnr);
optsinfo->invflags);
return 0;
}
+ if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
+ DEBUGP("ip6t_opts: Not strict - not implemented");
+ return 0;
+ }
return 1;
}
hdrlen -= 2;
if ( !(optinfo->flags & IP6T_OPTS_OPTS) ){
return ret;
- } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
- DEBUGP("Not strict - not implemented");
} else {
DEBUGP("Strict ");
DEBUGP("#%d ",optinfo->optsnr);
optsinfo->invflags);
return 0;
}
+ if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
+ DEBUGP("ip6t_opts: Not strict - not implemented");
+ return 0;
+ }
return 1;
}