44 lines
1.7 KiB
Diff
44 lines
1.7 KiB
Diff
From: "D.S. Ljungmark" <ljungmark@modio.se>
|
|
Date: Wed, 25 Mar 2015 09:28:15 +0100
|
|
Subject: ipv6: Don't reduce hop limit for an interface
|
|
Origin: https://git.kernel.org/linus/6fd99094de2b83d1d4c8457f2c83483b2828e75a
|
|
|
|
A local route may have a lower hop_limit set than global routes do.
|
|
|
|
RFC 3756, Section 4.2.7, "Parameter Spoofing"
|
|
|
|
> 1. The attacker includes a Current Hop Limit of one or another small
|
|
> number which the attacker knows will cause legitimate packets to
|
|
> be dropped before they reach their destination.
|
|
|
|
> As an example, one possible approach to mitigate this threat is to
|
|
> ignore very small hop limits. The nodes could implement a
|
|
> configurable minimum hop limit, and ignore attempts to set it below
|
|
> said limit.
|
|
|
|
Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>
|
|
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
---
|
|
net/ipv6/ndisc.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
--- a/net/ipv6/ndisc.c
|
|
+++ b/net/ipv6/ndisc.c
|
|
@@ -1190,7 +1190,14 @@ static void ndisc_router_discovery(struc
|
|
if (rt)
|
|
rt6_set_expires(rt, jiffies + (HZ * lifetime));
|
|
if (ra_msg->icmph.icmp6_hop_limit) {
|
|
- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
|
|
+ /* Only set hop_limit on the interface if it is higher than
|
|
+ * the current hop_limit.
|
|
+ */
|
|
+ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
|
|
+ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
|
|
+ } else {
|
|
+ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
|
|
+ }
|
|
if (rt)
|
|
dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
|
|
ra_msg->icmph.icmp6_hop_limit);
|