git.osdn.net Git - sagit-ice-cold/kernel_xiaomi

author	Johannes Berg <johannes.berg@intel.com>
	Thu, 4 Feb 2016 12:31:17 +0000 (13:31 +0100)
committer	Arian <arian.kulmer@web.de>
	Tue, 19 Nov 2019 14:49:05 +0000 (15:49 +0100)
commit	3d773bb4e9eb0acee35e19b93b143b558965136e
tree	5badc17c6a4fade6ea83e811a027d6a8f0a871d0	tree \| snapshot
parent	6b030105db176a8712b8c05ba0c63719fcf87c58	commit \| diff

ipv4: add option to drop unicast encapsulated in L2 multicast

In order to solve a problem with 802.11, the so-called hole-196 attack,
add an option (sysctl) called "drop_unicast_in_l2_multicast" which, if
enabled, causes the stack to drop IPv4 unicast packets encapsulated in
link-layer multi- or broadcast frames. Such frames can (as an attack)
be created by any member of the same wireless network and transmitted
as valid encrypted frames since the symmetric key for broadcast frames
is shared between all stations.

Additionally, enabling this option provides compliance with a SHOULD
clause of RFC 1122.

Change-Id: I8de9fa5bdbea0556802f2ee553d0e73c1349213e
Reviewed-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Documentation/networking/ip-sysctl.txt		diff \| blob \| history
include/uapi/linux/ip.h		diff \| blob \| history
net/ipv4/devinet.c		diff \| blob \| history
net/ipv4/ip_input.c		diff \| blob \| history