On Thu, Aug 24, 2023 at 03:32:25PM -0700, Patrick Rohr wrote:
This change adds a new sysctl accept_ra_min_lft which enforces a minimum lifetime value for individual RA sections; in particular, router lifetime, PIO preferred lifetime, and RIO lifetime. If any of those lifetimes are lower than the configured value, the specific RA section is ignored.
This fixes a potential denial of service attack vector where rogue WiFi routers (or devices) can send RAs with low lifetimes to actively drain a mobile device's battery (by preventing sleep).
In addition to this change, Android uses hardware offloads to drop RAs for a fraction of the minimum of all lifetimes present in the RA (some networks have very frequent RAs (5s) with high lifetimes (2h)). Despite this, we have encountered networks that set the router lifetime to 30s which results in very frequent CPU wakeups. Instead of disabling IPv6 (and dropping IPv6 ethertype in the WiFi firmware) entirely on such networks, misconfigured routers must be ignored while still processing RAs from other IPv6 routers on the same network (i.e. to support IoT applications).
This change squashes the following patches into a single commit:
- net-next 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft")
- net-next 5027d54a9c30 ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes")
- net-next 5cb249686e67 ("net: release reference to inet6_dev pointer")
Please don't do this. We want the original commits into the stable tree, after they have landed in Linus's tree.
Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.
thanks,
greg k-h