Re: [PATCH net 0/2] ipv4: harden against ihl < 5 IP_HDRINCL packets

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net 0/2] ipv4: harden against ihl &lt; 5 IP_HDRINCL packets"
Previous message: Peter Schneider: "Re: [PATCH 6.6 000/474] 6.6.140-rc1 review"
In reply to: Herbert Xu: "Re: [PATCH net 0/2] ipv4: harden against ihl &lt; 5 IP_HDRINCL packets"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net 0/2] ipv4: harden against ihl &lt; 5 IP_HDRINCL packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Fri May 15 2026 - 19:02:10 EST

On Tue, 12 May 2026 16:51:13 -0400 Michael Bommarito wrote:
> 1/2 ipv4: raw: reject IP_HDRINCL packets with ihl < 5
>
> Upstream-of-AH fix. An IPv4 header with ihl < 5 is malformed
> by definition (RFC 791) and must not be allowed to continue
> along the in-stack output path. This is the primary fix.

I believe this part is uncontroversial and doesn't have to wait
for the rest of the discussion to shake out. So applying it now.
Please shout if i shouldn't have