From: Herbert Xu <herbert@gondor.apana.org.au> Date: Sun, 6 Jan 2008 16:09:43 +1100 Subject: [ipv6] esp: discard dummy packets from rfc4303 Message-id: E1JBNlX-0001Ct-00@gondolin.me.apana.org.au O-Subject: [PATCH 27/32] [IPv6] ESP: Discard dummy packets introduced in rfc4303 Bugzilla: 427872 [IPv6] ESP: Discard dummy packets introduced in rfc4303 RFC4303 introduces dummy packets with a nexthdr value of 59 to implement traffic confidentiality. Such packets need to be dropped silently and the payload may not be attempted to be parsed as it consists of random chunk. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: "David S. Miller" <davem@redhat.com> diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 653bd97..2f14b67 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -260,6 +260,10 @@ static int esp_input_done2(struct xfrm_state *x, struct sk_buff *skb, int err) err = nexthdr[1]; + /* RFC4303: Drop dummy packets without any error */ + if (err == IPPROTO_NONE) + err = -EINVAL; + out: return err; }