Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-10-25 06:31:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
12b74dfadb
linux/net/ipv4
History
Johannes Berg 12b74dfadb ipv4: add option to drop unicast encapsulated in L2 multicast 
In order to solve a problem with 802.11, the so-called hole-196 attack,
add an option (sysctl) called "drop_unicast_in_l2_multicast" which, if
enabled, causes the stack to drop IPv4 unicast packets encapsulated in
link-layer multi- or broadcast frames. Such frames can (as an attack)
be created by any member of the same wireless network and transmitted
as valid encrypted frames since the symmetric key for broadcast frames
is shared between all stations.

Additionally, enabling this option provides compliance with a SHOULD
clause of RFC 1122.

Reviewed-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-11 04:27:35 -05:00
..
netfilter inet: frag: Always orphan skbs inside ip_defrag() 2016-01-28 16:00:46 -08:00
af_inet.c sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
ah4.c
arp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-20 06:08:27 -07:00
cipso_ipv4.c
datagram.c
devinet.c ipv4: add option to drop unicast encapsulated in L2 multicast 2016-02-11 04:27:35 -05:00
esp4.c
fib_frontend.c net: Flush local routes when device changes vrf association 2015-12-13 23:58:44 -05:00
fib_lookup.h
fib_rules.c
fib_semantics.c net: Fix prefsrc lookups 2015-11-04 21:34:37 -05:00
fib_trie.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-01 15:56:08 -08:00
fou.c udp: restrict offloads to one namespace 2016-01-10 17:28:24 -05:00
gre_demux.c
gre_offload.c ipv6: gre: support SIT encapsulation 2015-10-26 22:01:18 -07:00
icmp.c Revert "ipv4/icmp: redirect messages can use the ingress daddr as source" 2015-10-14 06:01:07 -07:00
igmp.c ipv4: igmp: Allow removing groups from a removed interface 2015-12-03 12:07:05 -05:00
inet_connection_sock.c soreuseport: fast reuseport TCP socket selection 2016-02-11 03:54:15 -05:00
inet_diag.c inet: refactor inet[6]_lookup functions to take skb 2016-02-11 03:54:14 -05:00
inet_fragment.c inet: kill unused skb_free op 2016-01-05 22:25:57 -05:00
inet_hashtables.c soreuseport: fast reuseport TCP socket selection 2016-02-11 03:54:15 -05:00
inet_lro.c
inet_timewait_sock.c
inetpeer.c
ip_forward.c
ip_fragment.c inet: frag: Always orphan skbs inside ip_defrag() 2016-01-28 16:00:46 -08:00
ip_gre.c ip_tunnel: Move stats update to iptunnel_xmit() 2015-12-25 23:32:23 -05:00
ip_input.c ipv4: add option to drop unicast encapsulated in L2 multicast 2016-02-11 04:27:35 -05:00
ip_options.c
ip_output.c net: preserve IP control block during GSO segmentation 2016-01-15 14:35:24 -05:00
ip_sockglue.c ipv4: fix a potential deadlock in mcast getsockopt() path 2015-11-04 21:29:59 -05:00
ip_tunnel_core.c ipv4: fix endianness warnings in ip_tunnel_core.c 2016-01-08 21:30:43 -05:00
ip_tunnel.c ip_tunnel: Move stats update to iptunnel_xmit() 2015-12-25 23:32:23 -05:00
ip_vti.c ip_tunnel: Move stats update to iptunnel_xmit() 2015-12-25 23:32:23 -05:00
ipcomp.c
ipconfig.c ipv4: ipconfig: avoid unused ic_proto_used symbol 2016-01-29 19:39:09 -08:00
ipip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-31 18:20:10 -05:00
ipmr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-03 21:09:12 -05:00
Kconfig ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV 2016-01-25 10:45:41 -08:00
Makefile net: drop tcp_memcontrol.c 2016-01-20 17:09:18 -08:00
netfilter.c
ping.c sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
proc.c
protocol.c
raw.c sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
route.c
syncookies.c ipv4: Namespaceify tcp syncookies sysctl knob 2016-02-07 14:35:10 -05:00
sysctl_net_ipv4.c ipv4: Namespaceify tcp_notsent_lowat sysctl knob 2016-02-07 14:36:11 -05:00
tcp_bic.c
tcp_cdg.c
tcp_cong.c
tcp_cubic.c
tcp_dctcp.c tcp: allow dctcp alpha to drop to zero 2015-10-23 02:46:52 -07:00
tcp_diag.c net: diag: Support destroying TCP sockets. 2015-12-15 23:26:52 -05:00
tcp_fastopen.c tcp: fastopen: call tcp_fin() if FIN present in SYNACK 2016-02-06 16:49:58 -05:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c ipv4: Namespaceify tcp reordering sysctl knob 2016-02-07 14:35:10 -05:00
tcp_ipv4.c inet: refactor inet[6]_lookup functions to take skb 2016-02-11 03:54:14 -05:00
tcp_lp.c
tcp_metrics.c ipv4: Namespaceify tcp reordering sysctl knob 2016-02-07 14:35:10 -05:00
tcp_minisocks.c ipv4: Namespaceify tcp syncookies sysctl knob 2016-02-07 14:35:10 -05:00
tcp_offload.c
tcp_output.c ipv4: Namespaceify tcp_notsent_lowat sysctl knob 2016-02-07 14:36:11 -05:00
tcp_probe.c
tcp_recovery.c tcp: use RACK to detect losses 2015-10-21 07:00:53 -07:00
tcp_scalable.c
tcp_timer.c ipv4: Namespaceify tcp_orphan_retries sysctl knob 2016-02-07 14:35:11 -05:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c tcp_yeah: don't set ssthresh below 2 2016-01-11 17:25:16 -05:00
tcp.c ipv4: Namespaceify tcp_fin_timeout sysctl knob 2016-02-07 14:36:11 -05:00
tunnel4.c
udp_diag.c soreuseport: setsockopt SO_ATTACH_REUSEPORT_[CE]BPF 2016-01-04 22:49:59 -05:00
udp_impl.h
udp_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
udp_tunnel.c ip_tunnel: Move stats update to iptunnel_xmit() 2015-12-25 23:32:23 -05:00
udp.c soreuseport: fast reuseport TCP socket selection 2016-02-11 03:54:15 -05:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
xfrm4_policy.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2015-12-22 16:26:31 -05:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c