From 5225791117b564cd8b5683cf82d9eea45b0f0d59 Mon Sep 17 00:00:00 2001
From: Adrian Bunk <bunk@stusta.de>
Date: Tue, 1 May 2007 01:31:47 +0200
Subject: [IPV6]: Disallow RH0 by default (CVE-2007-2242)

A security issue is emerging.  Disallow Routing Header Type 0 by default
as we have been doing for IPv4.

This version already includes a fix for the original patch.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
 Documentation/networking/ip-sysctl.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Documentation/networking')

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 26364d06ae92..d512f227dda6 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -723,6 +723,15 @@ accept_redirects - BOOLEAN
 	Functional default: enabled if local forwarding is disabled.
 			    disabled if local forwarding is enabled.
 
+accept_source_route - INTEGER
+	Accept source routing (routing extension header).
+
+	> 0: Accept routing header.
+	= 0: Accept only routing header type 2.
+	< 0: Do not accept routing header.
+
+	Default: 0
+
 autoconf - BOOLEAN
 	Autoconfigure addresses using Prefix Information in Router 
 	Advertisements.
-- 
cgit v1.2.3