net: ipv6: reject invalid nexthdr early

The current validation code waits to process the header before rejecting
it, while some checks can be already enforced when reading the nexthdr
field of the previous header.

The main problem is a wrong pointer field in the resulting ICMPv6 error
message: the pointer should have the offset of the invalid nexthdr
field, while currently it will the offset the invalid header.

To solve that problem, reorganize the loop in two parts: the first
switch validates nexthdr, while the second switch processes the current
header. This allows to reject invalid nexthdr earlier.

The check for duplicated headers is also generalized, so that we can
catch other kind of headers (like the Fragment header).

Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>