On 12 April 2012 22:00, David Miller <davem@xxxxxxxxxxxxx> wrote: >> Added strict checking of PadN. PadN can be used to increase header >> size and thus push the protocol header into the 2nd fragment. >> >> PadN is used to align the options within the Hop-by-Hop or >> Destination Options header to 64-bit boundaries. The maximum valid >> size is thus 7 bytes. >> RFC 4942 recommends to actively check the "payload" itself and >> ensure that it contains only zeroes. > I think you should do away with the sysctl and always perform these > checks. > > At the very leat, the optlen > 7 check should always be performed. > And frankly the pad byte being zero check makes sense to do all the > time as far as I can tell too. That's the way I see it, as was my initial intent. Then I got concerned with the possibility that a communication with slightly-broken stack implementation (e.g., unsanitized buffers) would fail without the user being able to control it at runtime. Do you consider this a non-issue? If not, please apply the (soon to be sent) patch. Thanks, Eldad -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html