On Thu, Aug 24, 2023 at 03:32:25PM -0700, Patrick Rohr wrote:
> This change adds a new sysctl accept_ra_min_lft which enforces a minimum
> lifetime value for individual RA sections; in particular, router
> lifetime, PIO preferred lifetime, and RIO lifetime. If any of those
> lifetimes are lower than the configured value, the specific RA section
> is ignored.
>
> This fixes a potential denial of service attack vector where rogue WiFi
> routers (or devices) can send RAs with low lifetimes to actively drain a
> mobile device's battery (by preventing sleep).
>
> In addition to this change, Android uses hardware offloads to drop RAs
> for a fraction of the minimum of all lifetimes present in the RA (some
> networks have very frequent RAs (5s) with high lifetimes (2h)). Despite
> this, we have encountered networks that set the router lifetime to 30s
> which results in very frequent CPU wakeups. Instead of disabling IPv6
> (and dropping IPv6 ethertype in the WiFi firmware) entirely on such
> networks, misconfigured routers must be ignored while still processing
> RAs from other IPv6 routers on the same network (i.e. to support IoT
> applications).
>
> This change squashes the following patches into a single commit:
> - net-next 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft")
> - net-next 5027d54a9c30 ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes")
> - net-next 5cb249686e67 ("net: release reference to inet6_dev pointer")
Please don't do this. We want the original commits into the stable
tree, after they have landed in Linus's tree.
Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
thanks,
greg k-h
