* [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
@ 2026-05-26 10:16 Sayooj K Karun
2026-05-26 15:40 ` Alexander Lobakin
0 siblings, 1 reply; 2+ messages in thread
From: Sayooj K Karun @ 2026-05-26 10:16 UTC (permalink / raw)
To: netdev
Cc: dsahern, idosch, davem, edumazet, kuba, pabeni, horms,
linux-kernel, Sayooj K Karun
RFC 4443 section 2.4(e.2) mandates that an ICMPv6 error message MUST NOT
be originated in response to an ICMPv6 Redirect message (type 137).
Add check for NDISC_REDIRECT (137) so that redirect packets become
ineligible and error packets are not generated for Redirect messages.
Signed-off-by: Sayooj K Karun <sayooj@aerlync.com>
---
net/ipv6/icmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index efb23807a026..3fdb3a97dd8e 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -157,7 +157,8 @@ static bool is_ineligible(const struct sk_buff *skb)
*/
if (!tp && frag_off != 0)
return false;
- else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
+ else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK) ||
+ *tp == NDISC_REDIRECT)
return true;
}
return false;
--
2.53.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
2026-05-26 10:16 [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets Sayooj K Karun
@ 2026-05-26 15:40 ` Alexander Lobakin
0 siblings, 0 replies; 2+ messages in thread
From: Alexander Lobakin @ 2026-05-26 15:40 UTC (permalink / raw)
To: Sayooj K Karun
Cc: netdev, dsahern, idosch, davem, edumazet, kuba, pabeni, horms,
linux-kernel
From: Sayooj K Karun <sayooj@aerlync.com>
Date: Tue, 26 May 2026 15:46:22 +0530
> [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
Is this a fix or a feature? The subject prefix must contain either
"net-next" (if targeting the feature tree) or "net" (if targeting the
fixes tree)
> RFC 4443 section 2.4(e.2) mandates that an ICMPv6 error message MUST NOT
> be originated in response to an ICMPv6 Redirect message (type 137).
>
> Add check for NDISC_REDIRECT (137) so that redirect packets become
> ineligible and error packets are not generated for Redirect messages.
...for I didn't understand from the commit message which tree this
should be taken to and whether this should be considered for backporting.
I'd also like to hear about real life scenarios where this misbehaves
and what gets affected by this.
IOW very poor description to be reviewable.
>
> Signed-off-by: Sayooj K Karun <sayooj@aerlync.com>
> ---
> net/ipv6/icmp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
> index efb23807a026..3fdb3a97dd8e 100644
> --- a/net/ipv6/icmp.c
> +++ b/net/ipv6/icmp.c
> @@ -157,7 +157,8 @@ static bool is_ineligible(const struct sk_buff *skb)
> */
> if (!tp && frag_off != 0)
> return false;
> - else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
> + else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK) ||
> + *tp == NDISC_REDIRECT)
> return true;
> }
> return false;
Thanks,
Olek
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-26 15:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-26 10:16 [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets Sayooj K Karun
2026-05-26 15:40 ` Alexander Lobakin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox