[PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
From: Alexander Lobakin
Date: Tue May 26 2026 - 12:30:48 EST
From: Sayooj K Karun <sayooj@xxxxxxxxxxx>
Date: Tue, 26 May 2026 15:46:22 +0530
> [PATCH] net/ipv6: icmp: fix is_ineligible() to block errors for Redirect packets
Is this a fix or a feature? The subject prefix must contain either
"net-next" (if targeting the feature tree) or "net" (if targeting the
fixes tree)
> RFC 4443 section 2.4(e.2) mandates that an ICMPv6 error message MUST NOT
> be originated in response to an ICMPv6 Redirect message (type 137).
>
> Add check for NDISC_REDIRECT (137) so that redirect packets become
> ineligible and error packets are not generated for Redirect messages.
...for I didn't understand from the commit message which tree this
should be taken to and whether this should be considered for backporting.
I'd also like to hear about real life scenarios where this misbehaves
and what gets affected by this.
IOW very poor description to be reviewable.
>
> Signed-off-by: Sayooj K Karun <sayooj@xxxxxxxxxxx>
> ---
> net/ipv6/icmp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
> index efb23807a026..3fdb3a97dd8e 100644
> --- a/net/ipv6/icmp.c
> +++ b/net/ipv6/icmp.c
> @@ -157,7 +157,8 @@ static bool is_ineligible(const struct sk_buff *skb)
> */
> if (!tp && frag_off != 0)
> return false;
> - else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
> + else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK) ||
> + *tp == NDISC_REDIRECT)
> return true;
> }
> return false;
Thanks,
Olek