From 6a302ef9e9b85a01d696e5ce7f3bcc792667bfe8 Mon Sep 17 00:00:00 2001 From: florian Date: Wed, 5 Jul 2017 20:18:11 +0000 Subject: [PATCH] Validate prefix information in router advertisements according to RFC 4862 Section 5.5.3. This very likely solves the problem of slaacd generating privacy addresses at a very high rate as reported by Matthias Schmidt on bugs@; thanks! The problem is that we constantly generate new privacy addresses if we receive a router advertisement with a pltime of 0 since that address will immediately be deprecated. This needs revisiting since we will run into the same problem with other low pltimes. --- sbin/slaacd/engine.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sbin/slaacd/engine.c b/sbin/slaacd/engine.c index 72e95d652ee..8a2befa07f3 100644 --- a/sbin/slaacd/engine.c +++ b/sbin/slaacd/engine.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.c,v 1.2 2017/07/03 19:02:04 florian Exp $ */ +/* $OpenBSD: engine.c,v 1.3 2017/07/05 20:18:11 florian Exp $ */ /* * Copyright (c) 2017 Florian Obser @@ -1545,6 +1545,11 @@ void update_iface_ra(struct slaacd_iface *iface, struct radv *ra) gen_dfr_proposal(iface, ra); LIST_FOREACH(prefix, &ra->prefixes, entries) { + if (!prefix->autonomous || prefix->pltime == 0 || + prefix->vltime == 0 || prefix->pltime > + prefix->vltime || prefix->prefix_len != 64 || + IN6_IS_ADDR_LINKLOCAL(&prefix->prefix)) + continue; found = 0; found_privacy = 0; LIST_FOREACH(addr_proposal, &iface->addr_proposals, -- 2.20.1