[NET]: Verify gso_type too in gso_segment

	int ihl;

	int id;

	if (!pskb_may_pull(skb, sizeof(*iph)))

	if (unlikely(skb_shinfo(skb)->gso_type &

		     ~(SKB_GSO_TCPV4 |

		       SKB_GSO_UDP |

		       SKB_GSO_DODGY |

		       SKB_GSO_TCP_ECN |

		       0)))

		goto out;

	if (unlikely(!pskb_may_pull(skb, sizeof(*iph))))

		goto out;

	iph = skb->nh.iph;

	if (ihl < sizeof(*iph))

		goto out;

	if (!pskb_may_pull(skb, ihl))

	if (unlikely(!pskb_may_pull(skb, ihl)))

		goto out;

	skb->h.raw = __skb_pull(skb, ihl);

	rcu_read_lock();

	ops = rcu_dereference(inet_protos[proto]);

	if (ops && ops->gso_segment)

	if (likely(ops && ops->gso_segment))

		segs = ops->gso_segment(skb, features);

	rcu_read_unlock();

	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {

		/* Packet is from an untrusted source, reset gso_segs. */

		int mss = skb_shinfo(skb)->gso_size;

		int type = skb_shinfo(skb)->gso_type;

		int mss;

		if (unlikely(type &

			     ~(SKB_GSO_TCPV4 |

			       SKB_GSO_DODGY |

			       SKB_GSO_TCP_ECN |

			       SKB_GSO_TCPV6 |

			       0) ||

			     !(type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6))))

			goto out;

		mss = skb_shinfo(skb)->gso_size;

		skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;

		segs = NULL;

	struct inet6_protocol *ops;

	int proto;

	if (unlikely(skb_shinfo(skb)->gso_type &

		     ~(SKB_GSO_UDP |

		       SKB_GSO_DODGY |

		       SKB_GSO_TCP_ECN |

		       SKB_GSO_TCPV6 |

		       0)))

		goto out;

	if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))

		goto out;