From: Alexander Lobakin <aleksander.lobakin@intel.com>
To: Sayooj K Karun <sayooj@aerlync.com>
Cc: <netdev@vger.kernel.org>, <dsahern@kernel.org>,
<idosch@nvidia.com>, <davem@davemloft.net>, <edumazet@google.com>,
<kuba@kernel.org>, <pabeni@redhat.com>, <horms@kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
Date: Tue, 26 May 2026 17:40:27 +0200 [thread overview]
Message-ID: <53216152-cfec-49de-856b-0378c9cb37ee@intel.com> (raw)
In-Reply-To: <20260526101622.38536-1-sayooj@aerlync.com>
From: Sayooj K Karun <sayooj@aerlync.com>
Date: Tue, 26 May 2026 15:46:22 +0530
> [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
Is this a fix or a feature? The subject prefix must contain either
"net-next" (if targeting the feature tree) or "net" (if targeting the
fixes tree)
> RFC 4443 section 2.4(e.2) mandates that an ICMPv6 error message MUST NOT
> be originated in response to an ICMPv6 Redirect message (type 137).
>
> Add check for NDISC_REDIRECT (137) so that redirect packets become
> ineligible and error packets are not generated for Redirect messages.
...for I didn't understand from the commit message which tree this
should be taken to and whether this should be considered for backporting.
I'd also like to hear about real life scenarios where this misbehaves
and what gets affected by this.
IOW very poor description to be reviewable.
>
> Signed-off-by: Sayooj K Karun <sayooj@aerlync.com>
> ---
> net/ipv6/icmp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
> index efb23807a026..3fdb3a97dd8e 100644
> --- a/net/ipv6/icmp.c
> +++ b/net/ipv6/icmp.c
> @@ -157,7 +157,8 @@ static bool is_ineligible(const struct sk_buff *skb)
> */
> if (!tp && frag_off != 0)
> return false;
> - else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
> + else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK) ||
> + *tp == NDISC_REDIRECT)
> return true;
> }
> return false;
Thanks,
Olek
prev parent reply other threads:[~2026-05-26 15:40 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-26 10:16 [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets Sayooj K Karun
2026-05-26 15:40 ` Alexander Lobakin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53216152-cfec-49de-856b-0378c9cb37ee@intel.com \
--to=aleksander.lobakin@intel.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sayooj@aerlync.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox