git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	D.S. Ljungmark <ljungmark@modio.se>
	Wed, 25 Mar 2015 08:28:15 +0000 (09:28 +0100)
committer	Jiri Slaby <jslaby@suse.cz>
	Mon, 27 Apr 2015 08:53:38 +0000 (10:53 +0200)
commit	ac12ff18b11259e10c2d543aa58c73ff88a68e77
tree	e81e42aa0a641b15513fcba8e40423cee5aa3f44	tree
parent	83df7c74b178e4835d0541745fd251fef4670aec	commit \| diff

ipv6: Don't reduce hop limit for an interface

[ Upstream commit 6fd99094de2b83d1d4c8457f2c83483b2828e75a ]

A local route may have a lower hop_limit set than global routes do.

RFC 3756, Section 4.2.7, "Parameter Spoofing"

>   1.  The attacker includes a Current Hop Limit of one or another small
>       number which the attacker knows will cause legitimate packets to
>       be dropped before they reach their destination.

>   As an example, one possible approach to mitigate this threat is to
>   ignore very small hop limits.  The nodes could implement a
>   configurable minimum hop limit, and ignore attempts to set it below
>   said limit.

Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>