git.ipfire.org Git - thirdparty/linux.git/commit

author	Eric Dumazet <edumazet@google.com>
	Tue, 2 Jun 2026 16:15:47 +0000 (16:15 +0000)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 4 Jun 2026 01:53:14 +0000 (18:53 -0700)
commit	d3915a1f5a4bc0ac911032903c3c6ab8df9fcc7c
tree	177165bb241519138849933d95bdf99ebbddd845	tree \| snapshot
parent	c8e14cc9ccf999336d65bd3f638329e8bb7800ef	commit \| diff

ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options

This patch restricts setting Loose Source and Record Route (LSRR)
and Strict Source and Record Route (SSRR) IP options to users
with CAP_NET_RAW capability.

This prevents unprivileged applications from forcing packets to route
through attacker-controlled nodes to leak TCP ISN and possibly other
protocol information.

While LSRR and SSRR are commonly filtered in many network environments,
they may still be supported and forwarded along some network paths.

RFC 7126 (Recommendations on Filtering of IPv4 Packets Containing
IPv4 Options) recommend to drop these options in 4.3 and 4.4.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Tamir Shahar <tamirthesis@gmail.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20260602161547.2642155-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>