This is a backport of upstream changes to fix the FragmentSmack (CVE-
2018-5391) vulnerability.

Peter Oskolkov checked an earlier version of this backport, but I have
since rebased and added another 3 commits to it.  I tested with the
ip_defrag.sh self-test that he added upstream, and it passed.  I have
included the fix that is currently queued for the 4.9, 4.14 and 4.19
branches.

Ben.

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom