nd6: Ignore entire PI if violates RFC 4862 section 5.5.3

Ignore prefix information update earlier in `prelist_update()`.
If PI is invalid or autonomous bit is unset, we better to let our
SLAAC address expire and if we don't have any previous matching
prefix, better not to create new one.
Because either our router don't want us to have one anymore, or
the very RA is malicious.

Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D56133

1 files changed, 10 insertions, 12 deletions

diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 339ae5ebbaea..a27df537ecdc 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -1567,6 +1567,16 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr,
 
 	NET_EPOCH_ASSERT();
 
+	/*
+	 * Address autoconfiguration based on Section 5.5.3 of RFC 4862.
+	 * 5.5.3 (a). Ignore the prefix without the A bit set.
+	 * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input.
+	 * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime.
+	 */
+	if (new->ndpr_raf_auto == 0 ||
+	    new->ndpr_pltime > new->ndpr_vltime)
+		return;
+
 	/* check if prefix already exists on the same interface */
 	if ((pr = nd6_prefix_lookup(new)) != NULL)
 		nd6_prefix_update(new, pr);
@@ -1603,18 +1613,6 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr,
 		pfxrtr_add(pr, dr);
 
 	/*
-	 * Address autoconfiguration based on Section 5.5.3 of RFC 4862.
-	 * Note that pr must be non NULL at this point.
-	 *
-	 * 5.5.3 (a). Ignore the prefix without the A bit set.
-	 * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input.
-	 * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime.
-	 */
-	if (new->ndpr_raf_auto == 0 ||
-	    new->ndpr_pltime > new->ndpr_vltime)
-		goto end;
-
-	/*
 	 * 5.5.3 (d).  If the prefix advertised is not equal to the prefix of
 	 * an address configured by stateless autoconfiguration already in the
 	 * list of addresses associated with the interface, and the Valid