From: Johannes Berg <[email protected]> Date: Thu, 4 Feb 2016 13:31:19 +0100
> From: Johannes Berg <[email protected]> > > In order to solve a problem with 802.11, the so-called hole-196 attack, > add an option (sysctl) called "drop_unicast_in_l2_multicast" which, if > enabled, causes the stack to drop IPv6 unicast packets encapsulated in > link-layer multi- or broadcast frames. Such frames can (as an attack) > be created by any member of the same wireless network and transmitted > as valid encrypted frames since the symmetric key for broadcast frames > is shared between all stations. > > Reviewed-by: Julian Anastasov <[email protected]> > Signed-off-by: Johannes Berg <[email protected]> Applied.
