Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Sep 2025 07:39:04 GMT
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 588a5fad3e8b - main - IPv6: fix off-by-one in pltime and vltime expiration checks
Message-ID:  <202509160739.58G7d4gr047488@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=588a5fad3e8b98955b60707e3e92b8b43566e3f7

commit 588a5fad3e8b98955b60707e3e92b8b43566e3f7
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-09-16 07:34:55 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-09-16 07:34:55 +0000

    IPv6: fix off-by-one in pltime and vltime expiration checks
    
    Previously, the macros used '>' instead of '>=' when comparing elapsed
    time against the preferred and valid lifetimes. This caused any deprecated
    address to become usable again for one extra second after receiving each
    Router Advertisement. In that short window, the address could be
    selected as a source for outgoing connections.
    
    Update the checks to use '>=' so that addresses are deprecated or
    invalid when their lifetime expires.
    
    PR:             289177
    Reported by:    Dmitry Nexus <fbsd.4f6a at nexus tel>
    Reviewed by:    zlei
    Submitted by:   Marek Zarychta
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D52323
---
 sys/netinet6/in6.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index 1ca846ebf514..67c3ccbb1be8 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -358,11 +358,11 @@ extern const struct in6_addr in6addr_linklocal_allv2routers;
 
 #define IFA6_IS_DEPRECATED(a) \
 	((a)->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && \
-	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
+	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \
 	 (a)->ia6_lifetime.ia6t_pltime)
 #define IFA6_IS_INVALID(a) \
 	((a)->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME && \
-	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
+	 (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \
 	 (a)->ia6_lifetime.ia6t_vltime)
 #endif /* _KERNEL */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509160739.58G7d4gr047488>