On Mon, Sep 25, 2023 at 2:10 PM Patrick Rohr <prohr@xxxxxxxxxx> wrote:
>
> This series adds a new sysctl accept_ra_min_lft which enforces a minimum
> lifetime value for individual RA sections; in particular, router
> lifetime, PIO preferred lifetime, and RIO lifetime. If any of those
> lifetimes are lower than the configured value, the specific RA section
> is ignored.
>
> This fixes a potential denial of service attack vector where rogue WiFi
> routers (or devices) can send RAs with low lifetimes to actively drain a
> mobile device's battery (by preventing sleep).
>
> In addition to this change, Android uses hardware offloads to drop RAs
> for a fraction of the minimum of all lifetimes present in the RA (some
> networks have very frequent RAs (5s) with high lifetimes (2h)). Despite
> this, we have encountered networks that set the router lifetime to 30s
> which results in very frequent CPU wakeups. Instead of disabling IPv6
> (and dropping IPv6 ethertype in the WiFi firmware) entirely on such
> networks, misconfigured routers must be ignored while still processing
> RAs from other IPv6 routers on the same network (i.e. to support IoT
> applications).
>
> Patches:
> - 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft")
> - 5027d54a9c30 ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes")
> - 5cb249686e67 ("net: release reference to inet6_dev pointer")
>
> Patrick Rohr (3):
> net: add sysctl accept_ra_min_rtr_lft
> net: change accept_ra_min_rtr_lft to affect all RA lifetimes
> net: release reference to inet6_dev pointer
>
> Documentation/networking/ip-sysctl.rst | 8 ++++++++
> include/linux/ipv6.h | 1 +
> include/uapi/linux/ipv6.h | 1 +
> net/ipv6/addrconf.c | 13 +++++++++++++
> net/ipv6/ndisc.c | 13 +++++++++++--
> 5 files changed, 34 insertions(+), 2 deletions(-)
>
> --
> 2.42.0.515.g380fc7ccd1-goog
>
Was this rejected?
Any resolution on this (ACK or NAK) would be useful. Thanks!
