Validate prefix information in router advertisements according to RFC

4862 Section 5.5.3.

This very likely solves the problem of slaacd generating privacy
addresses at a very high rate as reported by Matthias Schmidt on
bugs@; thanks!

The problem is that we constantly generate new privacy addresses if we
receive a router advertisement with a pltime of 0 since that address
will immediately be deprecated.

This needs revisiting since we will run into the same problem with
other low pltimes.

diff --git a/sbin/slaacd/engine.c b/sbin/slaacd/engine.c
index 72e95d6..8a2befa 100644 (file)
--- a/sbin/slaacd/engine.c
+++ b/sbin/slaacd/engine.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: engine.c,v 1.2 2017/07/03 19:02:04 florian Exp $      */
+/*     $OpenBSD: engine.c,v 1.3 2017/07/05 20:18:11 florian Exp $      */
 
 /*
  * Copyright (c) 2017 Florian Obser <florian@openbsd.org>
@@ -1545,6 +1545,11 @@ void update_iface_ra(struct slaacd_iface *iface, struct radv *ra)
                        gen_dfr_proposal(iface, ra);
 
                LIST_FOREACH(prefix, &ra->prefixes, entries) {
+                       if (!prefix->autonomous || prefix->pltime == 0 ||
+                           prefix->vltime == 0 || prefix->pltime >
+                           prefix->vltime || prefix->prefix_len != 64 ||
+                           IN6_IS_ADDR_LINKLOCAL(&prefix->prefix))
+                               continue;
                        found = 0;
                        found_privacy = 0;
                        LIST_FOREACH(addr_proposal, &iface->addr_proposals,