From: Johannes Berg <johan...@sipsolutions.net> Date: Thu, 4 Feb 2016 13:31:17 +0100
> From: Johannes Berg <johannes.b...@intel.com> > > In order to solve a problem with 802.11, the so-called hole-196 attack, > add an option (sysctl) called "drop_unicast_in_l2_multicast" which, if > enabled, causes the stack to drop IPv4 unicast packets encapsulated in > link-layer multi- or broadcast frames. Such frames can (as an attack) > be created by any member of the same wireless network and transmitted > as valid encrypted frames since the symmetric key for broadcast frames > is shared between all stations. > > Additionally, enabling this option provides compliance with a SHOULD > clause of RFC 1122. > > Reviewed-by: Julian Anastasov <j...@ssi.bg> > Signed-off-by: Johannes Berg <johannes.b...@intel.com> Applied.
