From: Jakub Kicinski <kuba@kernel.org>
To: marcdevel@gmail.com
Cc: Jakub Kicinski <kuba@kernel.org>,
dborkman@kernel.org, willemdebruijn.kernel@gmail.com,
netdev@vger.kernel.org, vadim.fedorenko@linux.dev,
pabeni@redhat.com
Subject: Re: [net,v2,3/4] neigh: discard invalid lladdr (b/mcast poison)
Date: Wed, 28 Jan 2026 20:24:57 -0800 [thread overview]
Message-ID: <20260129042457.360431-1-kuba@kernel.org> (raw)
In-Reply-To: <973e792e8002319e6d61be82b79b1678027c30ee.1769464405.git.marcdevel@gmail.com>
This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.
For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
neigh: discard invalid lladdr (b/mcast poison)
This commit adds validation to reject NDP Neighbor Solicitation and
Neighbor Advertisement messages that contain broadcast, multicast, or
null MAC addresses in the link-layer address options.
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index f6a5d8c73af9..34202a816a4f 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
[ ... ]
> @@ -1033,6 +1041,14 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
> net_dbg_ratelimited("NA: invalid link-layer address length\n");
> return reason;
> }
> +
> + /*
> + * Broadcast/Multicast and zero MAC addresses should
> + * never be announced and accepted as llsrc address (prevent
^^^^^
In ndisc_recv_na(), should this comment say "lltgt" (target link-layer
address) instead of "llsrc"?
Looking at the code above this block, the lladdr variable is assigned from
ndopts.nd_opts_tgt_lladdr (Target Link-Layer Address option per RFC 4861),
not nd_opts_src_lladdr (Source Link-Layer Address option). The comment
appears to have been copy-pasted from the NS handler without updating the
terminology.
> + * NDP B/MCAST MAC poisoning attack).
> + */
> + if (dev->type == ARPHRD_ETHER && !is_valid_ether_addr(lladdr))
> + return reason;
> }
--
pw-bot: cr
next prev parent reply other threads:[~2026-01-29 4:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-26 23:53 [PATCH net v2 0/4] discard ARP/NDP b/mcast/null announce (poison) Marc Suñé
2026-01-26 23:53 ` [PATCH net v2 1/4] arp: discard invalid sha addr (b/mcast ARP poison) Marc Suñé
2026-01-26 23:53 ` [PATCH net v2 2/4] selftests/net: add no ARP b/mcast,null poison test Marc Suñé
2026-01-29 4:27 ` Jakub Kicinski
2026-01-29 18:28 ` Marc Sune
2026-01-29 23:37 ` Jakub Kicinski
2026-01-26 23:53 ` [PATCH net v2 3/4] neigh: discard invalid lladdr (b/mcast poison) Marc Suñé
2026-01-29 4:24 ` Jakub Kicinski [this message]
2026-01-26 23:53 ` [PATCH net v2 4/4] selftests/net: add no NDP b/mcast,null poison test Marc Suñé
2026-01-29 4:24 ` [PATCH net v2 0/4] discard ARP/NDP b/mcast/null announce (poison) Jakub Kicinski
2026-01-29 18:39 ` Marc Sune
2026-01-29 23:32 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260129042457.360431-1-kuba@kernel.org \
--to=kuba@kernel.org \
--cc=dborkman@kernel.org \
--cc=marcdevel@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=vadim.fedorenko@linux.dev \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox