Date: Fri, 17 Apr 2026 22:58:48 +0000 From: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 05f2acd34483 - main - nd6: Ignore entire PI if violates RFC 4862 section 5.5.3 Message-ID: <69e2bb28.381d9.51c57c5a@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=05f2acd34483e9a2aa3d3b3d53e398cadab199ad commit 05f2acd34483e9a2aa3d3b3d53e398cadab199ad Author: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> AuthorDate: 2026-04-16 22:27:33 +0000 Commit: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> CommitDate: 2026-04-17 22:52:18 +0000 nd6: Ignore entire PI if violates RFC 4862 section 5.5.3 Ignore prefix information update earlier in `prelist_update()`. If PI is invalid or autonomous bit is unset, we better to let our SLAAC address expire and if we don't have any previous matching prefix, better not to create new one. Because either our router don't want us to have one anymore, or the very RA is malicious. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D56133 --- sys/netinet6/nd6_rtr.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 339ae5ebbaea..a27df537ecdc 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -1567,6 +1567,16 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr, NET_EPOCH_ASSERT(); + /* + * Address autoconfiguration based on Section 5.5.3 of RFC 4862. + * 5.5.3 (a). Ignore the prefix without the A bit set. + * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input. + * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. + */ + if (new->ndpr_raf_auto == 0 || + new->ndpr_pltime > new->ndpr_vltime) + return; + /* check if prefix already exists on the same interface */ if ((pr = nd6_prefix_lookup(new)) != NULL) nd6_prefix_update(new, pr); @@ -1602,18 +1612,6 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr, if (dr != NULL) pfxrtr_add(pr, dr); - /* - * Address autoconfiguration based on Section 5.5.3 of RFC 4862. - * Note that pr must be non NULL at this point. - * - * 5.5.3 (a). Ignore the prefix without the A bit set. - * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input. - * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. - */ - if (new->ndpr_raf_auto == 0 || - new->ndpr_pltime > new->ndpr_vltime) - goto end; - /* * 5.5.3 (d). If the prefix advertised is not equal to the prefix of * an address configured by stateless autoconfiguration already in thehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e2bb28.381d9.51c57c5a>