diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/esp4.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index c31bccb..1738113 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -9,6 +9,7 @@ #include <linux/pfkeyv2.h> #include <linux/random.h> #include <linux/spinlock.h> +#include <linux/in6.h> #include <net/icmp.h> #include <net/protocol.h> #include <net/udp.h> @@ -224,6 +225,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) /* ... check padding bits here. Silly. :-) */ + /* RFC4303: Drop dummy packets without any error */ + if (nexthdr[1] == IPPROTO_NONE) + goto out; + iph = ip_hdr(skb); ihl = iph->ihl * 4; |