diff options
| author | Joel Scherpelz <jscherpelz@google.com> | 2017-03-22 05:19:04 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-03-22 17:20:54 -0400 |
| commit | bbea124bc99df968011e76eba105fe964a4eceab (patch) | |
| tree | ec41e6976abf168397615c51eb4a676b37f5bb5e /net/ipv6 | |
| parent | 0e4c9f13da28990064c958839e85c565f6adcbf5 (diff) | |
net: ipv6: Add sysctl for minimum prefix len acceptable in RIOs.
This commit adds a new sysctl accept_ra_rt_info_min_plen that
defines the minimum acceptable prefix length of Route Information
Options. The new sysctl is intended to be used together with
accept_ra_rt_info_max_plen to configure a range of acceptable
prefix lengths. It is useful to prevent misconfigurations from
unintentionally blackholing too much of the IPv6 address space
(e.g., home routers announcing RIOs for fc00::/7, which is
incorrect).
Signed-off-by: Joel Scherpelz <jscherpelz@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/addrconf.c | 10 | ||||
| -rw-r--r-- | net/ipv6/ndisc.c | 2 |
2 files changed, 12 insertions, 0 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 8c69768a5c46..dff5beb26a01 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c | |||
| @@ -224,6 +224,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { | |||
| 224 | .accept_ra_rtr_pref = 1, | 224 | .accept_ra_rtr_pref = 1, |
| 225 | .rtr_probe_interval = 60 * HZ, | 225 | .rtr_probe_interval = 60 * HZ, |
| 226 | #ifdef CONFIG_IPV6_ROUTE_INFO | 226 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 227 | .accept_ra_rt_info_min_plen = 0, | ||
| 227 | .accept_ra_rt_info_max_plen = 0, | 228 | .accept_ra_rt_info_max_plen = 0, |
| 228 | #endif | 229 | #endif |
| 229 | #endif | 230 | #endif |
| @@ -277,6 +278,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { | |||
| 277 | .accept_ra_rtr_pref = 1, | 278 | .accept_ra_rtr_pref = 1, |
| 278 | .rtr_probe_interval = 60 * HZ, | 279 | .rtr_probe_interval = 60 * HZ, |
| 279 | #ifdef CONFIG_IPV6_ROUTE_INFO | 280 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 281 | .accept_ra_rt_info_min_plen = 0, | ||
| 280 | .accept_ra_rt_info_max_plen = 0, | 282 | .accept_ra_rt_info_max_plen = 0, |
| 281 | #endif | 283 | #endif |
| 282 | #endif | 284 | #endif |
| @@ -4979,6 +4981,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, | |||
| 4979 | array[DEVCONF_RTR_PROBE_INTERVAL] = | 4981 | array[DEVCONF_RTR_PROBE_INTERVAL] = |
| 4980 | jiffies_to_msecs(cnf->rtr_probe_interval); | 4982 | jiffies_to_msecs(cnf->rtr_probe_interval); |
| 4981 | #ifdef CONFIG_IPV6_ROUTE_INFO | 4983 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 4984 | array[DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN] = cnf->accept_ra_rt_info_min_plen; | ||
| 4982 | array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen; | 4985 | array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen; |
| 4983 | #endif | 4986 | #endif |
| 4984 | #endif | 4987 | #endif |
| @@ -6122,6 +6125,13 @@ static const struct ctl_table addrconf_sysctl[] = { | |||
| 6122 | }, | 6125 | }, |
| 6123 | #ifdef CONFIG_IPV6_ROUTE_INFO | 6126 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 6124 | { | 6127 | { |
| 6128 | .procname = "accept_ra_rt_info_min_plen", | ||
| 6129 | .data = &ipv6_devconf.accept_ra_rt_info_min_plen, | ||
| 6130 | .maxlen = sizeof(int), | ||
| 6131 | .mode = 0644, | ||
| 6132 | .proc_handler = proc_dointvec, | ||
| 6133 | }, | ||
| 6134 | { | ||
| 6125 | .procname = "accept_ra_rt_info_max_plen", | 6135 | .procname = "accept_ra_rt_info_max_plen", |
| 6126 | .data = &ipv6_devconf.accept_ra_rt_info_max_plen, | 6136 | .data = &ipv6_devconf.accept_ra_rt_info_max_plen, |
| 6127 | .maxlen = sizeof(int), | 6137 | .maxlen = sizeof(int), |
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 112ccbc0a8ac..b5812b3f7539 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c | |||
| @@ -1418,6 +1418,8 @@ skip_linkparms: | |||
| 1418 | if (ri->prefix_len == 0 && | 1418 | if (ri->prefix_len == 0 && |
| 1419 | !in6_dev->cnf.accept_ra_defrtr) | 1419 | !in6_dev->cnf.accept_ra_defrtr) |
| 1420 | continue; | 1420 | continue; |
| 1421 | if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen) | ||
| 1422 | continue; | ||
| 1421 | if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) | 1423 | if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) |
| 1422 | continue; | 1424 | continue; |
| 1423 | rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, | 1425 | rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, |