From: "D.S. Ljungmark" <ljungmark@modio.se>

Date: Wed, 25 Mar 2015 09:28:15 +0100

Subject: [PATCH] ipv6: Don't reduce hop limit for an interface

A local route may have a lower hop_limit set than global routes do.

RFC 3756, Section 4.2.7, "Parameter Spoofing"

>   1.  The attacker includes a Current Hop Limit of one or another small

>       number which the attacker knows will cause legitimate packets to

>       be dropped before they reach their destination.

>   As an example, one possible approach to mitigate this threat is to

>   ignore very small hop limits.  The nodes could implement a

>   configurable minimum hop limit, and ignore attempts to set it below

>   said limit.

Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>

Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

---

 net/ipv6/ndisc.c | 9 ++++++++-

 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c

index 682866777d53..d375ce60463e 100644

--- a/net/ipv6/ndisc.c

+++ b/net/ipv6/ndisc.c

@@ -1216,7 +1216,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)

 	if (rt)

 		rt6_set_expires(rt, jiffies + (HZ * lifetime));

 	if (ra_msg->icmph.icmp6_hop_limit) {

-		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;

+		/* Only set hop_limit on the interface if it is higher than

+		 * the current hop_limit.

+		 */

+		if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {

+			in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;

+		} else {

+			ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");

+		}

 		if (rt)

 			dst_metric_set(&rt->dst, RTAX_HOPLIMIT,

 				       ra_msg->icmph.icmp6_hop_limit);

-- 

2.1.0