From nobody Fri Apr 17 22:58:48 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fy9Kj20WKz6ZGJ3 for ; Fri, 17 Apr 2026 22:58:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fy9Kh4l4mz3SlK for ; Fri, 17 Apr 2026 22:58:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1776466728; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VIaPj6MkTicOBCsFP1OYa3xR7mkVVoj43RbdwD5uVZw=; b=ROmnXTAA37m0e3iNVpA/h2YfXzMLzUgJj/8sxE+i0Y0sRwgWLb0STfV1ZZQ+nAb+jMj4E2 l5sUahQpTRxFT1mg44lwtyB9cbxuQwW6G21WlVM3bgRNp3uMGs/J4+7T2Rrewg8E4xQYCv 4qQEO8GyDL+89PVYhNhlqFQou1mE1jRDkRPc2GvpQjGCGA6xvofmUmsX9UtwJvkLdvnGKt jDl1bUogUpHLf1S6TdajwAjRfz+NhN6DrJwuFEgmIP0mCwHee6d4eYBfZO4KzSg+EK13+T 96H4RDjO9V56zrbNPl+Gmp1qUAqEO4GTlYI+wOziSn0H9Iq5E9eaq3t7KMG3hQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1776466728; a=rsa-sha256; cv=none; b=hauyx7xLZaVzTfPcxDr+lz8GSZI06cklXnCgCJHZhfDupmoG0zeQZLe3syUVcn4K1AwgZf 3vUdeZ5JzBB3uCyUX7TLSbsMUanUdX8Aulf6jwYVuz08FYPaoChiElzBc1D269lsKvFw9T l3wXUO3ji0Ly9f5y0VUF+Ji7y9v4bdDGlGwGnbeXQR5qv/92NNrN1CZ/GLTRO0WpSsOzty FC5gG+9ArXVkyJqZKrP70yQ0eCYX5J+cYMdtCwIHCSrwqBIv1h9zSNoJDvlxpnUNPKWzwT Y/PtLRaRAwWxUAbR500rAUIwnModWuhOX8zGQlUnf/h4Ro6OxCNvU35f3gKdJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1776466728; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VIaPj6MkTicOBCsFP1OYa3xR7mkVVoj43RbdwD5uVZw=; b=sU6skDwRCK+cthZ0uXF+3Tvyiz6e8cdF9tjxeD4E24huZmyvgljbdDkrllzq0uUbxy0AE7 jfJCWdwdoxbYeTQbUhf8vx7q7L/UDmUYHBp7ugeYfQTEmRIMf6Fy46UrRVV0LqkYHu20Rs HdMWLaBWizwcZMNFY0zyWwmCdRBeULT0jv+0mXp4l1UiA6pkQxb9pfjzv4LQg34Rt5beO+ W9AZOHMvUpntPzOYBwgSwAUL/t1iuNaCBnriVR/T175GTRGN/Eb7eri2HEgmRRgtxaBahz E0NfjWIOr1mRnR5YvLmm3W9MDVFLyDZFm2EyNn8LbvND3rJ1kOdlElefFuScMg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fy9Kh4Lzcz1Bsl for ; Fri, 17 Apr 2026 22:58:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 381d9 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 17 Apr 2026 22:58:48 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Pouria Mousavizadeh Tehrani Subject: git: 05f2acd34483 - main - nd6: Ignore entire PI if violates RFC 4862 section 5.5.3 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pouria X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 05f2acd34483e9a2aa3d3b3d53e398cadab199ad Auto-Submitted: auto-generated Date: Fri, 17 Apr 2026 22:58:48 +0000 Message-Id: <69e2bb28.381d9.51c57c5a@gitrepo.freebsd.org> The branch main has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=05f2acd34483e9a2aa3d3b3d53e398cadab199ad commit 05f2acd34483e9a2aa3d3b3d53e398cadab199ad Author: Pouria Mousavizadeh Tehrani AuthorDate: 2026-04-16 22:27:33 +0000 Commit: Pouria Mousavizadeh Tehrani CommitDate: 2026-04-17 22:52:18 +0000 nd6: Ignore entire PI if violates RFC 4862 section 5.5.3 Ignore prefix information update earlier in `prelist_update()`. If PI is invalid or autonomous bit is unset, we better to let our SLAAC address expire and if we don't have any previous matching prefix, better not to create new one. Because either our router don't want us to have one anymore, or the very RA is malicious. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D56133 --- sys/netinet6/nd6_rtr.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 339ae5ebbaea..a27df537ecdc 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -1567,6 +1567,16 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr, NET_EPOCH_ASSERT(); + /* + * Address autoconfiguration based on Section 5.5.3 of RFC 4862. + * 5.5.3 (a). Ignore the prefix without the A bit set. + * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input. + * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. + */ + if (new->ndpr_raf_auto == 0 || + new->ndpr_pltime > new->ndpr_vltime) + return; + /* check if prefix already exists on the same interface */ if ((pr = nd6_prefix_lookup(new)) != NULL) nd6_prefix_update(new, pr); @@ -1602,18 +1612,6 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr, if (dr != NULL) pfxrtr_add(pr, dr); - /* - * Address autoconfiguration based on Section 5.5.3 of RFC 4862. - * Note that pr must be non NULL at this point. - * - * 5.5.3 (a). Ignore the prefix without the A bit set. - * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input. - * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. - */ - if (new->ndpr_raf_auto == 0 || - new->ndpr_pltime > new->ndpr_vltime) - goto end; - /* * 5.5.3 (d). If the prefix advertised is not equal to the prefix of * an address configured by stateless autoconfiguration already in the