artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c98ff2) | patch
RFC 4861 requires that all neighbor discovery packets have 255 in
authorbluhm <bluhm@openbsd.org>
Mon, 4 Dec 2017 15:13:12 +0000 (15:13 +0000)
committerbluhm <bluhm@openbsd.org>
Mon, 4 Dec 2017 15:13:12 +0000 (15:13 +0000)
commit441055dec26ba16cdd03b472cae28272b1a83141
tree36d5c507cbad23bc798fae2417cf654c58117b07tree | snapshot
parent5c98ff2f0119480bbe8c636b3a2e1f2396894b9acommit | diff
RFC 4861 requires that all neighbor discovery packets have 255 in
their IPv6 header hop limit field.  Let pf drop neighbor solicitation,
neighbor advertisement, router solicitation, router advertisement,
and redirect ICMP6 packets that do not comply.  This enforces that
bogus packets cannot be routed when pf is enabled.
OK mpi@ sashan@ benno@
sys/net/pf.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim