net: ipv6: Add sysctl for minimum prefix len acceptable in RIOs.

This commit adds a new sysctl accept_ra_rt_info_min_plen that defines the minimum acceptable prefix length of Route Information Options. The new sysctl is intended to be used together with accept_ra_rt_info_max_plen to configure a range of acceptable prefix lengths. It is useful to prevent misconfigurations from unintentionally blackholing too much of the IPv6 address space (e.g., home routers announcing RIOs for fc00::/7, which is incorrect). Signed-off-by: Joel Scherpelz <jscherpelz@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Joel Scherpelz <jscherpelz@google.com> 2017-03-22 18:19:04 +0900
committer: David S. Miller <davem@davemloft.net> 2017-03-22 14:20:54 -0700
commit: bbea124bc99df968011e76eba105fe964a4eceab (patch)
tree: ec41e6976abf168397615c51eb4a676b37f5bb5e /net/ipv6/ndisc.c
parent: 0e4c9f13da28990064c958839e85c565f6adcbf5 (diff)
download: linux-bbea124bc99df968011e76eba105fe964a4eceab.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 112ccbc0a8ac..b5812b3f7539 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1418,6 +1418,8 @@ skip_linkparms:
 			if (ri->prefix_len == 0 &&
 			    !in6_dev->cnf.accept_ra_defrtr)
 				continue;
+			if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
+				continue;
 			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
 				continue;
 			rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
author	Joel Scherpelz <jscherpelz@google.com>	2017-03-22 18:19:04 +0900
committer	David S. Miller <davem@davemloft.net>	2017-03-22 14:20:54 -0700
commit	bbea124bc99df968011e76eba105fe964a4eceab (patch)
tree	ec41e6976abf168397615c51eb4a676b37f5bb5e /net/ipv6/ndisc.c
parent	0e4c9f13da28990064c958839e85c565f6adcbf5 (diff)
download	linux-bbea124bc99df968011e76eba105fe964a4eceab.tar.bz2