xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipv6: drop fragmented ndisc packets by default (RFC 6980)

Browse Source 
This patch implements RFC6980: Drop fragmented ndisc packets by
default. If a fragmented ndisc packet is received the user is informed
that it is possible to disable the check.

Cc: Fernando Gont <fernando@gont.com.ar>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Hannes Frederic Sowa
2013-08-27 01:36:51 +02:00
committed by David S. Miller
parent a3a975b1df
commit b800c3b966
5 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Documentation/networking/ip-sysctl.txt
View File

@@ -1349,6 +1349,12 @@ mldv2_unsolicited_report_interval - INTEGER
MLDv2 report retransmit will take place.
Default: 1000 (1 second)
suppress_frag_ndisc - INTEGER
Control RFC 6980 (Security Implications of IPv6 Fragmentation
with IPv6 Neighbor Discovery) behavior:
1 - (default) discard fragmented neighbor discovery packets
0 - allow fragmented neighbor discovery packets
icmp/*:
ratelimit - INTEGER
Limit the maximal rates for sending ICMPv6 packets.