Functions that end up calling fib_table_lookup() should clear the ECN bits from the TOS, otherwise ECT(0) and ECT(1) packets can be treated differently.
Most functions already clear the ECN bits, but there are a few cases where this is not done. This series only fixes the ones related to source address validation. Guillaume Nault (2): udp: mask TOS bits in udp_v4_early_demux() netfilter: rpfilter: mask ecn bits before fib lookup net/ipv4/netfilter/ipt_rpfilter.c | 2 +- net/ipv4/udp.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) -- 2.21.3
