diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2025-09-16 07:34:55 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2025-09-16 07:34:55 +0000 |
| commit | 588a5fad3e8b98955b60707e3e92b8b43566e3f7 (patch) | |
| tree | cfbb85c6ca35412245297b32653a45dc9555c9db | |
| parent | effcd0ded0ef1c92bef29c1e9bbf517c97bb45b8 (diff) | |
IPv6: fix off-by-one in pltime and vltime expiration checks
Previously, the macros used '>' instead of '>=' when comparing elapsed
time against the preferred and valid lifetimes. This caused any deprecated
address to become usable again for one extra second after receiving each
Router Advertisement. In that short window, the address could be
selected as a source for outgoing connections.
Update the checks to use '>=' so that addresses are deprecated or
invalid when their lifetime expires.
PR: 289177
Reported by: Dmitry Nexus <fbsd.4f6a at nexus tel>
Reviewed by: zlei
Submitted by: Marek Zarychta
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52323
| -rw-r--r-- | sys/netinet6/in6.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 1ca846ebf514..67c3ccbb1be8 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -358,11 +358,11 @@ extern const struct in6_addr in6addr_linklocal_allv2routers; #define IFA6_IS_DEPRECATED(a) \ ((a)->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && \ - (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \ + (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \ (a)->ia6_lifetime.ia6t_pltime) #define IFA6_IS_INVALID(a) \ ((a)->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME && \ - (u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \ + (u_int32_t)((time_uptime - (a)->ia6_updatetime)) >= \ (a)->ia6_lifetime.ia6t_vltime) #endif /* _KERNEL */ |