From: Greg KH <greg@kroah.com>
To: Chas Williams III <Charles.Williams@brocade.com>
Cc: "stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 3.14.y] ipv6: Don't reduce hop limit for an interface
Date: Tue, 28 Apr 2015 23:02:22 +0200 [thread overview]
Message-ID: <20150428210222.GB32050@kroah.com> (raw)
In-Reply-To: <1430251936.32002.8.camel@REM-DF8MK12.vyatta.com>
On Tue, Apr 28, 2015 at 02:12:16PM -0600, Chas Williams III wrote:
> On Tue, 2015-04-28 at 14:01 -0600, Greg KH wrote:
> > On Tue, Apr 28, 2015 at 01:51:51PM -0600, Chas Williams III wrote:
> > > Upstream commit 6fd99094de2b83d1d4c8457f2c83483b2828e75a
> > >
> > > From: "D.S. Ljungmark" <ljungmark@modio.se>
> > >
> > > A local route may have a lower hop_limit set than global routes do.
> > >
> > > RFC 3756, Section 4.2.7, "Parameter Spoofing"
> > >
> > > > 1. The attacker includes a Current Hop Limit of one or another small
> > > > number which the attacker knows will cause legitimate packets to
> > > > be dropped before they reach their destination.
> > >
> > > > As an example, one possible approach to mitigate this threat is to
> > > > ignore very small hop limits. The nodes could implement a
> > > > configurable minimum hop limit, and ignore attempts to set it below
> > > > said limit.
> > >
> > > Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>
> > > Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
> > > Signed-off-by: David S. Miller <davem@davemloft.net>
> > > ---
> > > net/ipv6/ndisc.c | 9 ++++++++-
> > > 1 file changed, 8 insertions(+), 1 deletion(-)
> >
> > Why have you sent this, when your name isn't on the commit at all?
> >
> > What do you want done with this?
> >
> > Have you read Documentation/stable_kernel_rules.txt?
> >
> > confused,
> >
> > greg k-h
>
> I didn't write the patch so my name isn't on it but I would like it
> applied to the 3.14.y stable kernel. I was trying to follow Option #2
> from the documentation -- I guess I didn't get it right.
Read the section above Option 1 for networking patches, the workflow
there is different.
thanks,
greg k-h
prev parent reply other threads:[~2015-04-28 21:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-28 19:51 [PATCH 3.14.y] ipv6: Don't reduce hop limit for an interface Chas Williams III
2015-04-28 20:01 ` Greg KH
2015-04-28 20:12 ` Chas Williams III
2015-04-28 21:02 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150428210222.GB32050@kroah.com \
--to=greg@kroah.com \
--cc=Charles.Williams@brocade.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox