Re: Patch "net/ipv6: add sysctl option accept_ra_min_hop_limit" has been added to the 3.18-stable tree

[Greg KH <gregkh@linuxfoundation.org>]

On Thu, May 18, 2017 at 09:39:12PM +0900, 吉藤英明 wrote:
> Hi,
> 
> 2017-05-18 21:22 GMT+09:00 <gregkh@linuxfoundation.org>:
> >
> >
> > This is a note to let you know that I've just added the patch titled
> >
> >     net/ipv6: add sysctl option accept_ra_min_hop_limit
> >
> > to the 3.18-stable tree which can be found at:
> >     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >
> > The filename of the patch is:
> >      net-ipv6-add-sysctl-option-accept_ra_min_hop_limit.patch
> > and it can be found in the queue-3.18 subdirectory.
> >
> > If you, or anyone else, feels it should not be added to the stable tree,
> > please let <stable@vger.kernel.org> know about it.
> >
> >
> > From 8013d1d7eafb0589ca766db6b74026f76b7f5cb4 Mon Sep 17 00:00:00 2001
> > From: Hangbin Liu <liuhangbin@gmail.com>
> > Date: Thu, 30 Jul 2015 14:28:42 +0800
> > Subject: net/ipv6: add sysctl option accept_ra_min_hop_limit
> >
> > From: Hangbin Liu <liuhangbin@gmail.com>
> >
> > commit 8013d1d7eafb0589ca766db6b74026f76b7f5cb4 upstream.
> >
> > Commit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
> > disabled accept hop limit from RA if it is smaller than the current hop
> > limit for security stuff. But this behavior kind of break the RFC definition.
> >
> > RFC 4861, 6.3.4.  Processing Received Router Advertisements
> >    A Router Advertisement field (e.g., Cur Hop Limit, Reachable Time,
> >    and Retrans Timer) may contain a value denoting that it is
> >    unspecified.  In such cases, the parameter should be ignored and the
> >    host should continue using whatever value it is already using.
> >
> >    If the received Cur Hop Limit value is non-zero, the host SHOULD set
> >    its CurHopLimit variable to the received value.
> >
> > So add sysctl option accept_ra_min_hop_limit to let user choose the minimum
> > hop limit value they can accept from RA. And set default to 1 to meet RFC
> > standards.
> >
> > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
> > Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
> > Signed-off-by: David S. Miller <davem@davemloft.net>
> > Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >  Documentation/networking/ip-sysctl.txt |    8 ++++++++
> >  include/linux/ipv6.h                   |    1 +
> >  include/uapi/linux/ipv6.h              |    1 +
> >  net/ipv6/addrconf.c                    |   10 ++++++++++
> >  net/ipv6/ndisc.c                       |   16 +++++++---------
> >  5 files changed, 27 insertions(+), 9 deletions(-)
> >
> > --- a/Documentation/networking/ip-sysctl.txt
> > +++ b/Documentation/networking/ip-sysctl.txt
> > @@ -1256,6 +1256,14 @@ accept_ra_from_local - BOOLEAN
> >            disabled if accept_ra_from_local is disabled
> >                 on a specific interface.
> >
> > +accept_ra_min_hop_limit - INTEGER
> > +       Minimum hop limit Information in Router Advertisement.
> > +
> > +       Hop limit Information in Router Advertisement less than this
> > +       variable shall be ignored.
> > +
> > +       Default: 1
> > +
> >  accept_ra_pinfo - BOOLEAN
> >         Learn Prefix Information in Router Advertisement.
> >
> > --- a/include/linux/ipv6.h
> > +++ b/include/linux/ipv6.h
> > @@ -29,6 +29,7 @@ struct ipv6_devconf {
> >         __s32           max_desync_factor;
> >         __s32           max_addresses;
> >         __s32           accept_ra_defrtr;
> > +       __s32           accept_ra_min_hop_limit;
> >         __s32           accept_ra_pinfo;
> >  #ifdef CONFIG_IPV6_ROUTER_PREF
> >         __s32           accept_ra_rtr_pref;
> > --- a/include/uapi/linux/ipv6.h
> > +++ b/include/uapi/linux/ipv6.h
> > @@ -164,6 +164,7 @@ enum {
> >         DEVCONF_MLDV2_UNSOLICITED_REPORT_INTERVAL,
> >         DEVCONF_SUPPRESS_FRAG_NDISC,
> >         DEVCONF_ACCEPT_RA_FROM_LOCAL,
> > +       DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
> >         DEVCONF_MAX
> >  };
> >
> 
> Please do not do this.  This is not compatible with current
> linus-tree.
> 
> >From Linux 4.11:
>  DEVCONF_SUPPRESS_FRAG_NDISC,
>  DEVCONF_ACCEPT_RA_FROM_LOCAL,
>  DEVCONF_USE_OPTIMISTIC,
>  DEVCONF_ACCEPT_RA_MTU,
>  DEVCONF_STABLE_SECRET,
>  DEVCONF_USE_OIF_ADDRS_ONLY,
>  DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
>  DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN,

Oh, nice catch.  I'll go drop this.

Amit, can you send the _correct_ patch?  Looks like Google messed up on
their backport :)

thanks,

greg k-h