From nobody Tue Sep 23 08:31:57 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cWCrY4JMWz68JVs;
	Tue, 23 Sep 2025 08:31:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cWCrY3nx8z3pDm;
	Tue, 23 Sep 2025 08:31:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1758616317;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hjfvQ3tCVloz9GUu5xzDpPwAZZFs9BPHeNesgh7frNk=;
	b=ZxnVCFIB7msALQQoQnLYczEKHnqCrqFSzD1AOUZrfTcD4OATC83LUGx+UKt2T8fPbupmCc
	vvQDAtrUzW8DTjd7VK/VntOqvyEYajdFutr98IlRONt9JtLfiCE0ngU/a1zuB22k6mt5mq
	DxcJt0oLvf076ZIm4oXH1/Go35s/JxcHuC8upJTJEDS+70E1EXs//bl18rmKFfX+cpOxpW
	RulYfgyofrxV6TiHcMz7oRtgw2EguNwFkOfcYGsU6pBYbfDScqP8XI4xMtr0OcknJ7pGor
	s30h2F1eODKQifbNjItj6t3zp5N0KgDekpp4ZRhB3h9qeCLxzwYCRW0ISj6cFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1758616317;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hjfvQ3tCVloz9GUu5xzDpPwAZZFs9BPHeNesgh7frNk=;
	b=g2F/ejBxfiT6y55+JhXR+SyQHiUAm1Cgi7eOu1dtyfNEuxKOSK4CZNzTO5zMbrPAeEQ2tU
	87oAk5uSLsJRpG2p0HAhwPXo9sJVUTil1m446aD/NbhsfhoNTp7ZDYQDs0rDEkNNiaATRa
	2MdsT4GpM8QeJA5udkLHHGhr9y7FQQddqdTJtkGIoSFtQvHUqWMytWt44eB9Zb2AwlTnSr
	J0AJHoBNzpYpo9ekAYVmUxF9hGjPgUSCx/1ZfzJON2X+YN6O/An989xgG7vFl03aX6aGB+
	PtLmoplKzuXra/ZjndoceTOG9J3Zo06Dnujk6tYd2vYt0vy+W0mTRf6xdTrpzg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758616317; a=rsa-sha256; cv=none;
	b=dMz8s/MEzvuUAhazOdlXuiQcY/WPExqCafRYqJzBiZ1PRll8TyolLYIOX6GFzLdsSzQMyu
	cvMQ1kWzE92PSzJIZ6i0oWI9eMENgJz1278+d24g0gBr2n/xE6KecQD+Afh1HBuhGkChG9
	PG6W978uF0r39ImqFGizxGU1BhraOmtlXoE8xH6fJ0GJHwOyMaOJu+h76H49C+9ooexpRm
	FO2ZVoc2dOxvEWXZnlYa0JlltFa3faYxIIvoBwTjUMcY1CxH9br+gLAjA47wcoeaZfQOLP
	PTqx+K3Gklq4xLcfsGdS0Qs7Dpnb4eVslS/4MJ6XPSCRYsLw7xZpltbIKu1GdQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cWCrY3M9nzfTj;
	Tue, 23 Sep 2025 08:31:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58N8VvqZ010638;
	Tue, 23 Sep 2025 08:31:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58N8VvWL010635;
	Tue, 23 Sep 2025 08:31:57 GMT
	(envelope-from git)
Date: Tue, 23 Sep 2025 08:31:57 GMT
Message-Id: <202509230831.58N8VvWL010635@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Subject: git: fb4be8661166 - stable/15 - IPv6: fix off-by-one in
  pltime and vltime expiration checks
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ae
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/15
X-Git-Reftype: branch
X-Git-Commit: fb4be8661166e18afa4b10921f7d5fbd22460390
Auto-Submitted: auto-generated

The branch stable/15 has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb4be8661166e18afa4b10921f7d5fbd22460390

commit fb4be8661166e18afa4b10921f7d5fbd22460390
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-09-16 07:34:55 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-09-23 08:31:12 +0000

    IPv6: fix off-by-one in pltime and vltime expiration checks
    
    Previously, the macros used '>' instead of '>=' when comparing elapsed
    time against the preferred and valid lifetimes. This caused any deprecated
    address to become usable again for one extra second after receiving each
    Router Advertisement. In that short window, the address could be
    selected as a source for outgoing connections.
    
    Update the checks to use '>=' so that addresses are deprecated or
    invalid when their lifetime expires.
    
    PR:             289177
    Reported by:    Dmitry Nexus <fbsd.4f6a at nexus tel>
    Reviewed by:    zlei
    Submitted by:   Marek Zarychta
    Differential Revision:  https://reviews.freebsd.org/D52323
    
    (cherry picked from commit 588a5fad3e8b98955b60707e3e92b8b43566e3f7)
---
 sys/netinet6/in6.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index 1ca846ebf514..67c3ccbb1be8 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -358,11 +358,11 @@ extern const struct in6_addr in6addr_linklocal_allv2routers;
 
 #define IFA6_IS_DEPRECATED(a) \
 	((a)->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && \
-	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
+	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \
 	 (a)->ia6_lifetime.ia6t_pltime)
 #define IFA6_IS_INVALID(a) \
 	((a)->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME && \
-	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
+	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \
 	 (a)->ia6_lifetime.ia6t_vltime)
 #endif /* _KERNEL */