[IPV6]: Disallow RH0 by default (CVE-2007-2242)

A security issue is emerging. Disallow Routing Header Type 0 by default as we have been doing for IPv4. This version already includes a fix for the original patch. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Adrian Bunk <bunk@stusta.de>
author: Adrian Bunk <bunk@stusta.de> 2007-05-01 01:31:47 +0200
committer: Adrian Bunk <bunk@stusta.de> 2007-05-01 01:31:47 +0200
commit: 5225791117b564cd8b5683cf82d9eea45b0f0d59 (patch)
tree: f3fc7af96ac222ed53dc415d062a13b3147d1ac5 /include
parent: ca80e5b5767e8a2bf0714f9797b872258e500ee6 (diff)
2 files changed, 10 insertions, 0 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 9c8f4c9ed42..501ddc9ae2b 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -145,6 +145,7 @@ struct ipv6_devconf {
 	__s32		max_desync_factor;
 #endif
 	__s32		max_addresses;
+	__s32		accept_source_route;
 	void		*sysctl;
 };
 
@@ -167,6 +168,14 @@ enum {
 	DEVCONF_MAX_DESYNC_FACTOR,
 	DEVCONF_MAX_ADDRESSES,
 	DEVCONF_FORCE_MLD_VERSION,
+	__DEVCONF_ACCEPT_RA_DEFRTR,
+	__DEVCONF_ACCEPT_RA_PINFO,
+	__DEVCONF_ACCEPT_RA_RTR_PREF,
+	__DEVCONF_RTR_PROBE_INTERVAL,
+	__DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
+	__DEVCONF_PROXY_NDP,
+	__DEVCONF_OPTIMISTIC_DAD,
+	DEVCONF_ACCEPT_SOURCE_ROUTE,
 	DEVCONF_MAX
 };
 
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index bac61db2645..d84d8cb691a 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -531,6 +531,7 @@ enum {
 	NET_IPV6_MAX_DESYNC_FACTOR=15,
 	NET_IPV6_MAX_ADDRESSES=16,
 	NET_IPV6_FORCE_MLD_VERSION=17,
+	NET_IPV6_ACCEPT_SOURCE_ROUTE=25,
 	__NET_IPV6_MAX
 };
author	Adrian Bunk <bunk@stusta.de>	2007-05-01 01:31:47 +0200
committer	Adrian Bunk <bunk@stusta.de>	2007-05-01 01:31:47 +0200
commit	5225791117b564cd8b5683cf82d9eea45b0f0d59 (patch)
tree	f3fc7af96ac222ed53dc415d062a13b3147d1ac5 /include
parent	ca80e5b5767e8a2bf0714f9797b872258e500ee6 (diff)