From 8a714a4f4173d6e3d32ff414fac837bc0fd6b99c Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 17 Nov 2022 17:38:52 +0100
Subject: extensions: frag: Add comment to clarify xlate callback

Matching on fragmentation header length is ineffective in kernel, xlate
callback correctly ignores it. Add a comment as a hint for reviewers.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libip6t_frag.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'extensions/libip6t_frag.c')

diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 3842496e..72a43153 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -193,6 +193,8 @@ static int frag_xlate(struct xt_xlate *xl,
 		space = " ";
 	}
 
+	/* ignore ineffective IP6T_FRAG_LEN bit */
+
 	if (fraginfo->flags & IP6T_FRAG_RES) {
 		xt_xlate_add(xl, "%sfrag reserved 1", space);
 		space = " ";
-- 
cgit v1.2.3