6606b6d6cf
Apparently, 4-6 XLAT scenarios can insert an empty fragment header into the IPv6 header chain to indicate that fragmentation is supported in the host IPv4 network. This header contains 0 for both the fragment_offset and MF fields, so simply checking the value of frag_off passed to the rmnet_frag_ipv6_skip_exthdr() function is not sufficient to properly catch this rogue header. Instead, we need to implement a "less clever" version. kernel oops at net/core/skbuff.c:4217! Call trace: skb_segment+0xcf0/0xd2c __udp_gso_segment+0xa4/0x544 udp6_ufo_fragment+0x2dc/0x344 ipv6_gso_segment+0x170/0x350 skb_mac_gso_segment+0xd4/0x1b0 __skb_gso_segment+0xcc/0x12c udp_rcv_segment.76914+0x54/0x16c udpv6_queue_rcv_skb+0x78/0x148 __udp6_lib_rcv+0x38c/0x4cc udpv6_rcv+0x20/0x30 ip6_protocol_deliver_rcu+0x3c0/0x63c ip6_input+0x60/0x184 ip6_rcv_finish+0x84/0x150 ipv6_rcv+0x5c/0x14c __netif_receive_skb+0x80/0x184 CRs-Fixed: 3358773 Change-Id: Ica2779b1da17bc46d397b42283369f3750edbf82 Signed-off-by: Sean Tranchetti <quic_stranche@quicinc.com>