[PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets

Next message: Jon Hunter: "Re: [PATCH 0/9] soc/tegra: pmc: Clean up legacy code"
Previous message: Michal Pecio: "Re: [RFC PATCH 0/1] media: uvcvideo: reset interface on bulk stream stop"
Next in thread: Alexander Lobakin: "[PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sayooj K Karun

Date: Tue May 26 2026 - 06:16:52 EST

RFC 4443 section 2.4(e.2) mandates that an ICMPv6 error message MUST NOT
be originated in response to an ICMPv6 Redirect message (type 137).

Add check for NDISC_REDIRECT (137) so that redirect packets become
ineligible and error packets are not generated for Redirect messages.

Signed-off-by: Sayooj K Karun <sayooj@xxxxxxxxxxx>
---
net/ipv6/icmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index efb23807a026..3fdb3a97dd8e 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -157,7 +157,8 @@ static bool is_ineligible(const struct sk_buff *skb)
*/
if (!tp && frag_off != 0)
return false;
- else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
+ else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK) ||
+ *tp == NDISC_REDIRECT)
return true;
}
return false;
--
2.53.0