On 27 June 2016 at 11:28, Joe Stringer wrote:
> On 24 June 2016 at 23:47, Jesse Gross wrote:
>> On Wed, Jun 22, 2016 at 6:00 PM, Joe Stringer wrote:
>>> When the backport of ip_do_fragment() was done, it seemed as though the
>>> upstream version of this function could always be trusted, provided
On 24 June 2016 at 23:47, Jesse Gross wrote:
> On Wed, Jun 22, 2016 at 6:00 PM, Joe Stringer wrote:
>> When the backport of ip_do_fragment() was done, it seemed as though the
>> upstream version of this function could always be trusted, provided we ensure
>> that we cannot trigger the ICMP respon
On Wed, Jun 22, 2016 at 6:00 PM, Joe Stringer wrote:
> When the backport of ip_do_fragment() was done, it seemed as though the
> upstream version of this function could always be trusted, provided we ensure
> that we cannot trigger the ICMP response checks inside the upstream
> implementation. Thi
When the backport of ip_do_fragment() was done, it seemed as though the
upstream version of this function could always be trusted, provided we ensure
that we cannot trigger the ICMP response checks inside the upstream
implementation. This seemed to be correct, based on the kernel module tests
passi
