• Fernando Gont's avatar
    ipv6: Honor all IPv6 PIO Valid Lifetime values · b75326c2
    Fernando Gont authored
    RFC4862 5.5.3 e) prevents received Router Advertisements from reducing
    the Valid Lifetime of configured addresses to less than two hours, thus
    preventing hosts from reacting to the information provided by a router
    that has positive knowledge that a prefix has become invalid.
    
    This patch makes hosts honor all Valid Lifetime values, as per
    draft-gont-6man-slaac-renum-06, Section 4.2. This is meant to help
    mitigate the problem discussed in draft-ietf-v6ops-slaac-renum.
    
    Note: Attacks aiming at disabling an advertised prefix via a Valid
    Lifetime of 0 are not really more harmful than other attacks
    that can be performed via forged RA messages, such as those
    aiming at completely disabling a next-hop router via an RA that
    advertises a Router Lifetime of 0, or performing a Denial of
    Service (DoS) attack by advertising illegitimate prefixes via
    forged PIOs.  In scenarios where RA-based attacks are of concern,
    proper mitigations such as RA-Guard [RFC6105] [RFC7113] should
    be implemented.
    Signed-off-by: default avatarFernando Gont <fgont@si6networks.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    b75326c2
addrconf.h 13.9 KB