| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2015 00:36:38 +0100
From: "D. S. Ljungmark" <spider@...eit.se>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: Re: ipv6 : Don't reduce hop limit below current value
On tis, 2015-03-24 at 18:06 -0400, David Miller wrote:
> From: "D. S. Ljungmark" <spider@...eit.se>
> Date: Tue, 24 Mar 2015 22:36:09 +0100
>
> > + /* Only set hop_limit on the interface if it is higher than
> > + * the current hop_limit.
> > + */
>
> Comments in the networking should be of the form:
>
> /* Like
> * this.
> */
Not sure if your complaint was about the misaligned *, or that there was
a tab char after the comment start rather than a space.
Adjusted both and re-sending.
And there was a comment about quoting the relevant IETF standard,
RFC 3756, Section 4.2.7, "Parameter Spoofing"
1. The attacker includes a Current Hop Limit of one or another small
number which the attacker knows will cause legitimate packets to
be dropped before they reach their destination.
<snip>
As an example, one possible approach to mitigate this threat is to
ignore very small hop limits. The nodes could implement a
configurable minimum hop limit, and ignore attempts to set it below
said limit.
This patch basically treats the current interface hop limit as the
threshold to use.
//D.S.
View attachment "0001-ipv6-Don-t-reduce-hop-limit-for-an-interface.patch" of type "text/x-patch" (1253 bytes)
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists