summaryrefslogtreecommitdiffstats
path: root/net/ipv6/exthdrs_offload.c
diff options
context:
space:
mode:
authorD.S. Ljungmark <ljungmark@modio.se>2015-03-25 09:28:15 +0100
committerDavid S. Miller <davem@davemloft.net>2015-03-25 11:41:08 -0400
commit6fd99094de2b83d1d4c8457f2c83483b2828e75a (patch)
tree8cc339316cfde4b3fba16784a44ebff573f44078 /net/ipv6/exthdrs_offload.c
parent1452db764c279f8b329f1b3b9469bd01d9e21afd (diff)
downloadlinux-6fd99094de2b83d1d4c8457f2c83483b2828e75a.tar.gz
linux-6fd99094de2b83d1d4c8457f2c83483b2828e75a.tar.bz2
linux-6fd99094de2b83d1d4c8457f2c83483b2828e75a.zip
ipv6: Don't reduce hop limit for an interface
A local route may have a lower hop_limit set than global routes do. RFC 3756, Section 4.2.7, "Parameter Spoofing" > 1. The attacker includes a Current Hop Limit of one or another small > number which the attacker knows will cause legitimate packets to > be dropped before they reach their destination. > As an example, one possible approach to mitigate this threat is to > ignore very small hop limits. The nodes could implement a > configurable minimum hop limit, and ignore attempts to set it below > said limit. Signed-off-by: D.S. Ljungmark <ljungmark@modio.se> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/exthdrs_offload.c')
0 files changed, 0 insertions, 0 deletions