diff options
| author |   Fernando Gont <fgont@si6networks.com> | 2020-04-19 09:24:57 -0300 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2020-04-23 12:29:21 -0700 |
| commit | b75326c201242de9495ff98e5d5cff41d7fc0d9d (patch) | |
| tree | aa490b1c5c7e7aa51d7867980ec5dab352b77204 /net/dsa | |
| parent | Merge branch 'dpaa2-eth-add-support-for-xdp-bulk-enqueue' (diff) | |
| download | linux-dev-b75326c201242de9495ff98e5d5cff41d7fc0d9d.tar.xz linux-dev-b75326c201242de9495ff98e5d5cff41d7fc0d9d.zip | |
ipv6: Honor all IPv6 PIO Valid Lifetime values
RFC4862 5.5.3 e) prevents received Router Advertisements from reducing
the Valid Lifetime of configured addresses to less than two hours, thus
preventing hosts from reacting to the information provided by a router
that has positive knowledge that a prefix has become invalid.
This patch makes hosts honor all Valid Lifetime values, as per
draft-gont-6man-slaac-renum-06, Section 4.2. This is meant to help
mitigate the problem discussed in draft-ietf-v6ops-slaac-renum.
Note: Attacks aiming at disabling an advertised prefix via a Valid
Lifetime of 0 are not really more harmful than other attacks
that can be performed via forged RA messages, such as those
aiming at completely disabling a next-hop router via an RA that
advertises a Router Lifetime of 0, or performing a Denial of
Service (DoS) attack by advertising illegitimate prefixes via
forged PIOs. In scenarios where RA-based attacks are of concern,
proper mitigations such as RA-Guard [RFC6105] [RFC7113] should
be implemented.
Signed-off-by: Fernando Gont <fgont@si6networks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/dsa')
0 files changed, 0 insertions, 0 deletions