From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out1-smtp.messagingengine.com ([66.111.4.25]:41807 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1030826AbbD1UBJ (ORCPT ); Tue, 28 Apr 2015 16:01:09 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 8A90820870 for ; Tue, 28 Apr 2015 16:01:08 -0400 (EDT) Date: Tue, 28 Apr 2015 22:01:06 +0200 From: Greg KH To: Chas Williams III Cc: "stable@vger.kernel.org" Subject: Re: [PATCH 3.14.y] ipv6: Don't reduce hop limit for an interface Message-ID: <20150428200106.GA31191@kroah.com> References: <1430250711.32002.4.camel@REM-DF8MK12.vyatta.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1430250711.32002.4.camel@REM-DF8MK12.vyatta.com> Sender: stable-owner@vger.kernel.org List-ID: On Tue, Apr 28, 2015 at 01:51:51PM -0600, Chas Williams III wrote: > Upstream commit 6fd99094de2b83d1d4c8457f2c83483b2828e75a > > From: "D.S. Ljungmark" > > A local route may have a lower hop_limit set than global routes do. > > RFC 3756, Section 4.2.7, "Parameter Spoofing" > > > 1. The attacker includes a Current Hop Limit of one or another small > > number which the attacker knows will cause legitimate packets to > > be dropped before they reach their destination. > > > As an example, one possible approach to mitigate this threat is to > > ignore very small hop limits. The nodes could implement a > > configurable minimum hop limit, and ignore attempts to set it below > > said limit. > > Signed-off-by: D.S. Ljungmark > Acked-by: Hannes Frederic Sowa > Signed-off-by: David S. Miller > --- > net/ipv6/ndisc.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) Why have you sent this, when your name isn't on the commit at all? What do you want done with this? Have you read Documentation/stable_kernel_rules.txt? confused, greg k-h