From nobody Tue Sep 23 08:33:14 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cWCt24y3Nz68JTF;
	Tue, 23 Sep 2025 08:33:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cWCt22tq9z3qGx;
	Tue, 23 Sep 2025 08:33:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1758616394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bPu8nOnsXnGgtGLDOJt/bq6ScHFjqm30ASZUNOFmRuM=;
	b=d4uLxCEVyJKgVLtpM0SevU99GY/pa2+ibnXllrYVBOoRPFdS2C/QoJ7ReqlBIOJQkeV6WQ
	Gj7IYUO2lXAPSES+S6DSE5UcpXbLNWGeWYUtM4UO7In0x9rsJPtWBK5yJsI/2WiHlnsnkM
	5oueLPg1dxOHbPg9ZHMEFcqTbT5FI/bYawatSCPVOb6LF7zUUlHM7hMSpXafFQZSsqQW9S
	mIfMFWIA5wEQKcWfMewnq5Yl7N+/IgaAswE3ggkbBJ9ZexrxYRStZSoB/gWL1Y/HTYDYgM
	dsHQ8f+HNqCv+k/9QXJUOYokVAwfESkcd4sV6QO+18AYa491pEbINnPkZCpQ8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1758616394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bPu8nOnsXnGgtGLDOJt/bq6ScHFjqm30ASZUNOFmRuM=;
	b=FrCwmX/nReZnYAhIVS5yGWaQj2v/8362V0Vymy1MPfxBu3GkIfO4r+ZvHh0NYX8oPL8w4s
	eXC6QBVLLxp0G0UxblIKTpYdXeHVCyOVs4HkJVU2PRNQXzV4jEGNd70EqQQ8DeZ50p/XjC
	vR8mZtUyDYz8C7uESODeIcpRCho9azM1qHy7UKtxFNORoslpnSeco8N1vsR6LQaq3/Q8sk
	N2ugauWg3Nn7glnCpdAF476tvkVYKld+ns2sVA0bKNRY9izlfhlFmegpu2ySqKnxraJee2
	XKn6zojhVXbgr5uuZG0nZqA/NFjJtiBhok4B32sL2zoCQcMbA7bxjGd2pAX22Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758616394; a=rsa-sha256; cv=none;
	b=yLeK7vsIzIwhkHQS3VTp4WtPVRu0Qwthxr5tSrYsvJz/KBKd5YW7yEMoMkYgxlhYMmo3xF
	+1y2uz0ejRTILTgyV7YkblV7J9EXHBMwfIkPdEIuufLAMKrVRjHI73X5nhZ7BQyX+5XK6V
	/d1qAV5+4UGS+Cda7U85pw/eYhne57tCYSmUFtPm2cq2WNSyWTVlEVcNXqe0KBRP32Nr+V
	1Vn8QDYIJm4qYTMhOEbE+QUdO0quz+JIYHMdyjGLBSFQ0HA8J+TmEI0aEr0jZhXQI6oTPY
	4G1cQb/eXTP3nIY2lrLJN7DsuWkia/2pHX5WA2dmB7qNx+5FvrbJoPbOuSdlgQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cWCt22VQfzf1B;
	Tue, 23 Sep 2025 08:33:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58N8XEY4012174;
	Tue, 23 Sep 2025 08:33:14 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58N8XECH012171;
	Tue, 23 Sep 2025 08:33:14 GMT
	(envelope-from git)
Date: Tue, 23 Sep 2025 08:33:14 GMT
Message-Id: <202509230833.58N8XECH012171@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Subject: git: 586183128f2f - stable/14 - IPv6: fix off-by-one in
  pltime and vltime expiration checks
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ae
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 586183128f2f04b84a9a564f83289963671f0ff2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=586183128f2f04b84a9a564f83289963671f0ff2

commit 586183128f2f04b84a9a564f83289963671f0ff2
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-09-16 07:34:55 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-09-23 08:32:45 +0000

    IPv6: fix off-by-one in pltime and vltime expiration checks
    
    Previously, the macros used '>' instead of '>=' when comparing elapsed
    time against the preferred and valid lifetimes. This caused any deprecated
    address to become usable again for one extra second after receiving each
    Router Advertisement. In that short window, the address could be
    selected as a source for outgoing connections.
    
    Update the checks to use '>=' so that addresses are deprecated or
    invalid when their lifetime expires.
    
    PR:             289177
    Reported by:    Dmitry Nexus <fbsd.4f6a at nexus tel>
    Reviewed by:    zlei
    Submitted by:   Marek Zarychta
    Differential Revision:  https://reviews.freebsd.org/D52323
    
    (cherry picked from commit 588a5fad3e8b98955b60707e3e92b8b43566e3f7)
---
 sys/netinet6/in6.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index b62da99f9293..04af972abf9f 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -360,11 +360,11 @@ extern const struct in6_addr in6addr_linklocal_allv2routers;
 
 #define IFA6_IS_DEPRECATED(a) \
 	((a)->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && \
-	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
+	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \
 	 (a)->ia6_lifetime.ia6t_pltime)
 #define IFA6_IS_INVALID(a) \
 	((a)->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME && \
-	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
+	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \
 	 (a)->ia6_lifetime.ia6t_vltime)
 #endif /* _KERNEL */