--- /dev/null
+From 1671bcfd76fdc0b9e65153cf759153083755fe4c Mon Sep 17 00:00:00 2001
+From: Patrick Rohr <prohr@google.com>
+Date: Wed, 19 Jul 2023 07:52:13 -0700
+Subject: net: add sysctl accept_ra_min_rtr_lft
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Patrick Rohr <prohr@google.com>
+
+commit 1671bcfd76fdc0b9e65153cf759153083755fe4c upstream.
+
+This change adds a new sysctl accept_ra_min_rtr_lft to specify the
+minimum acceptable router lifetime in an RA. If the received RA router
+lifetime is less than the configured value (and not 0), the RA is
+ignored.
+This is useful for mobile devices, whose battery life can be impacted
+by networks that configure RAs with a short lifetime. On such networks,
+the device should never gain IPv6 provisioning and should attempt to
+drop RAs via hardware offload, if available.
+
+Signed-off-by: Patrick Rohr <prohr@google.com>
+Cc: Maciej Żenczykowski <maze@google.com>
+Cc: Lorenzo Colitti <lorenzo@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/networking/ip-sysctl.rst | 8 ++++++++
+ include/linux/ipv6.h | 1 +
+ include/uapi/linux/ipv6.h | 1 +
+ net/ipv6/addrconf.c | 10 ++++++++++
+ net/ipv6/ndisc.c | 18 ++++++++++++++++--
+ 5 files changed, 36 insertions(+), 2 deletions(-)
+
+--- a/Documentation/networking/ip-sysctl.rst
++++ b/Documentation/networking/ip-sysctl.rst
+@@ -2287,6 +2287,14 @@ accept_ra_min_hop_limit - INTEGER
+
+ Default: 1
+
++accept_ra_min_rtr_lft - INTEGER
++ Minimum acceptable router lifetime in Router Advertisement.
++
++ RAs with a router lifetime less than this value shall be
++ ignored. RAs with a router lifetime of 0 are unaffected.
++
++ Default: 0
++
+ accept_ra_pinfo - BOOLEAN
+ Learn Prefix Information in Router Advertisement.
+
+--- a/include/linux/ipv6.h
++++ b/include/linux/ipv6.h
+@@ -33,6 +33,7 @@ struct ipv6_devconf {
+ __s32 accept_ra_defrtr;
+ __u32 ra_defrtr_metric;
+ __s32 accept_ra_min_hop_limit;
++ __s32 accept_ra_min_rtr_lft;
+ __s32 accept_ra_pinfo;
+ __s32 ignore_routes_with_linkdown;
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+--- a/include/uapi/linux/ipv6.h
++++ b/include/uapi/linux/ipv6.h
+@@ -198,6 +198,7 @@ enum {
+ DEVCONF_IOAM6_ID_WIDE,
+ DEVCONF_NDISC_EVICT_NOCARRIER,
+ DEVCONF_ACCEPT_UNTRACKED_NA,
++ DEVCONF_ACCEPT_RA_MIN_RTR_LFT,
+ DEVCONF_MAX
+ };
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -202,6 +202,7 @@ static struct ipv6_devconf ipv6_devconf
+ .ra_defrtr_metric = IP6_RT_PRIO_USER,
+ .accept_ra_from_local = 0,
+ .accept_ra_min_hop_limit= 1,
++ .accept_ra_min_rtr_lft = 0,
+ .accept_ra_pinfo = 1,
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ .accept_ra_rtr_pref = 1,
+@@ -262,6 +263,7 @@ static struct ipv6_devconf ipv6_devconf_
+ .ra_defrtr_metric = IP6_RT_PRIO_USER,
+ .accept_ra_from_local = 0,
+ .accept_ra_min_hop_limit= 1,
++ .accept_ra_min_rtr_lft = 0,
+ .accept_ra_pinfo = 1,
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ .accept_ra_rtr_pref = 1,
+@@ -5602,6 +5604,7 @@ static inline void ipv6_store_devconf(st
+ array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide;
+ array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier;
+ array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na;
++ array[DEVCONF_ACCEPT_RA_MIN_RTR_LFT] = cnf->accept_ra_min_rtr_lft;
+ }
+
+ static inline size_t inet6_ifla6_size(void)
+@@ -6794,6 +6797,13 @@ static const struct ctl_table addrconf_s
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
++ },
++ {
++ .procname = "accept_ra_min_rtr_lft",
++ .data = &ipv6_devconf.accept_ra_min_rtr_lft,
++ .maxlen = sizeof(int),
++ .mode = 0644,
++ .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "accept_ra_pinfo",
+--- a/net/ipv6/ndisc.c
++++ b/net/ipv6/ndisc.c
+@@ -1281,6 +1281,8 @@ static enum skb_drop_reason ndisc_router
+ if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
+ return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
+
++ lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
++
+ if (!ipv6_accept_ra(in6_dev)) {
+ ND_PRINTK(2, info,
+ "RA: %s, did not accept ra for dev: %s\n",
+@@ -1288,6 +1290,13 @@ static enum skb_drop_reason ndisc_router
+ goto skip_linkparms;
+ }
+
++ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
++ ND_PRINTK(2, info,
++ "RA: router lifetime (%ds) is too short: %s\n",
++ lifetime, skb->dev->name);
++ goto skip_linkparms;
++ }
++
+ #ifdef CONFIG_IPV6_NDISC_NODETYPE
+ /* skip link-specific parameters from interior routers */
+ if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
+@@ -1340,8 +1349,6 @@ static enum skb_drop_reason ndisc_router
+ goto skip_defrtr;
+ }
+
+- lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
+-
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ pref = ra_msg->icmph.icmp6_router_pref;
+ /* 10b is handled as if it were 00b (medium) */
+@@ -1493,6 +1500,13 @@ skip_linkparms:
+ goto out;
+ }
+
++ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
++ ND_PRINTK(2, info,
++ "RA: router lifetime (%ds) is too short: %s\n",
++ lifetime, skb->dev->name);
++ goto out;
++ }
++
+ #ifdef CONFIG_IPV6_ROUTE_INFO
+ if (!in6_dev->cnf.accept_ra_from_local &&
+ ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
--- /dev/null
+From 5027d54a9c30bc7ec808360378e2b4753f053f25 Mon Sep 17 00:00:00 2001
+From: Patrick Rohr <prohr@google.com>
+Date: Wed, 26 Jul 2023 16:07:01 -0700
+Subject: net: change accept_ra_min_rtr_lft to affect all RA lifetimes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Patrick Rohr <prohr@google.com>
+
+commit 5027d54a9c30bc7ec808360378e2b4753f053f25 upstream.
+
+accept_ra_min_rtr_lft only considered the lifetime of the default route
+and discarded entire RAs accordingly.
+
+This change renames accept_ra_min_rtr_lft to accept_ra_min_lft, and
+applies the value to individual RA sections; in particular, router
+lifetime, PIO preferred lifetime, and RIO lifetime. If any of those
+lifetimes are lower than the configured value, the specific RA section
+is ignored.
+
+In order for the sysctl to be useful to Android, it should really apply
+to all lifetimes in the RA, since that is what determines the minimum
+frequency at which RAs must be processed by the kernel. Android uses
+hardware offloads to drop RAs for a fraction of the minimum of all
+lifetimes present in the RA (some networks have very frequent RAs (5s)
+with high lifetimes (2h)). Despite this, we have encountered networks
+that set the router lifetime to 30s which results in very frequent CPU
+wakeups. Instead of disabling IPv6 (and dropping IPv6 ethertype in the
+WiFi firmware) entirely on such networks, it seems better to ignore the
+misconfigured routers while still processing RAs from other IPv6 routers
+on the same network (i.e. to support IoT applications).
+
+The previous implementation dropped the entire RA based on router
+lifetime. This turned out to be hard to expand to the other lifetimes
+present in the RA in a consistent manner; dropping the entire RA based
+on RIO/PIO lifetimes would essentially require parsing the whole thing
+twice.
+
+Fixes: 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft")
+Cc: Lorenzo Colitti <lorenzo@google.com>
+Signed-off-by: Patrick Rohr <prohr@google.com>
+Reviewed-by: Maciej Żenczykowski <maze@google.com>
+Reviewed-by: David Ahern <dsahern@kernel.org>
+Link: https://lore.kernel.org/r/20230726230701.919212-1-prohr@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/networking/ip-sysctl.rst | 8 ++++----
+ include/linux/ipv6.h | 2 +-
+ include/uapi/linux/ipv6.h | 2 +-
+ net/ipv6/addrconf.c | 13 ++++++++-----
+ net/ipv6/ndisc.c | 27 +++++++++++----------------
+ 5 files changed, 25 insertions(+), 27 deletions(-)
+
+--- a/Documentation/networking/ip-sysctl.rst
++++ b/Documentation/networking/ip-sysctl.rst
+@@ -2287,11 +2287,11 @@ accept_ra_min_hop_limit - INTEGER
+
+ Default: 1
+
+-accept_ra_min_rtr_lft - INTEGER
+- Minimum acceptable router lifetime in Router Advertisement.
++accept_ra_min_lft - INTEGER
++ Minimum acceptable lifetime value in Router Advertisement.
+
+- RAs with a router lifetime less than this value shall be
+- ignored. RAs with a router lifetime of 0 are unaffected.
++ RA sections with a lifetime less than this value shall be
++ ignored. Zero lifetimes stay unaffected.
+
+ Default: 0
+
+--- a/include/linux/ipv6.h
++++ b/include/linux/ipv6.h
+@@ -33,7 +33,7 @@ struct ipv6_devconf {
+ __s32 accept_ra_defrtr;
+ __u32 ra_defrtr_metric;
+ __s32 accept_ra_min_hop_limit;
+- __s32 accept_ra_min_rtr_lft;
++ __s32 accept_ra_min_lft;
+ __s32 accept_ra_pinfo;
+ __s32 ignore_routes_with_linkdown;
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+--- a/include/uapi/linux/ipv6.h
++++ b/include/uapi/linux/ipv6.h
+@@ -198,7 +198,7 @@ enum {
+ DEVCONF_IOAM6_ID_WIDE,
+ DEVCONF_NDISC_EVICT_NOCARRIER,
+ DEVCONF_ACCEPT_UNTRACKED_NA,
+- DEVCONF_ACCEPT_RA_MIN_RTR_LFT,
++ DEVCONF_ACCEPT_RA_MIN_LFT,
+ DEVCONF_MAX
+ };
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -202,7 +202,7 @@ static struct ipv6_devconf ipv6_devconf
+ .ra_defrtr_metric = IP6_RT_PRIO_USER,
+ .accept_ra_from_local = 0,
+ .accept_ra_min_hop_limit= 1,
+- .accept_ra_min_rtr_lft = 0,
++ .accept_ra_min_lft = 0,
+ .accept_ra_pinfo = 1,
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ .accept_ra_rtr_pref = 1,
+@@ -263,7 +263,7 @@ static struct ipv6_devconf ipv6_devconf_
+ .ra_defrtr_metric = IP6_RT_PRIO_USER,
+ .accept_ra_from_local = 0,
+ .accept_ra_min_hop_limit= 1,
+- .accept_ra_min_rtr_lft = 0,
++ .accept_ra_min_lft = 0,
+ .accept_ra_pinfo = 1,
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ .accept_ra_rtr_pref = 1,
+@@ -2733,6 +2733,9 @@ void addrconf_prefix_rcv(struct net_devi
+ return;
+ }
+
++ if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft)
++ return;
++
+ /*
+ * Two things going on here:
+ * 1) Add routes for on-link prefixes
+@@ -5604,7 +5607,7 @@ static inline void ipv6_store_devconf(st
+ array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide;
+ array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier;
+ array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na;
+- array[DEVCONF_ACCEPT_RA_MIN_RTR_LFT] = cnf->accept_ra_min_rtr_lft;
++ array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft;
+ }
+
+ static inline size_t inet6_ifla6_size(void)
+@@ -6799,8 +6802,8 @@ static const struct ctl_table addrconf_s
+ .proc_handler = proc_dointvec,
+ },
+ {
+- .procname = "accept_ra_min_rtr_lft",
+- .data = &ipv6_devconf.accept_ra_min_rtr_lft,
++ .procname = "accept_ra_min_lft",
++ .data = &ipv6_devconf.accept_ra_min_lft,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+--- a/net/ipv6/ndisc.c
++++ b/net/ipv6/ndisc.c
+@@ -1281,8 +1281,6 @@ static enum skb_drop_reason ndisc_router
+ if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
+ return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
+
+- lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
+-
+ if (!ipv6_accept_ra(in6_dev)) {
+ ND_PRINTK(2, info,
+ "RA: %s, did not accept ra for dev: %s\n",
+@@ -1290,13 +1288,6 @@ static enum skb_drop_reason ndisc_router
+ goto skip_linkparms;
+ }
+
+- if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
+- ND_PRINTK(2, info,
+- "RA: router lifetime (%ds) is too short: %s\n",
+- lifetime, skb->dev->name);
+- goto skip_linkparms;
+- }
+-
+ #ifdef CONFIG_IPV6_NDISC_NODETYPE
+ /* skip link-specific parameters from interior routers */
+ if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
+@@ -1337,6 +1328,14 @@ static enum skb_drop_reason ndisc_router
+ goto skip_defrtr;
+ }
+
++ lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
++ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
++ ND_PRINTK(2, info,
++ "RA: router lifetime (%ds) is too short: %s\n",
++ lifetime, skb->dev->name);
++ goto skip_defrtr;
++ }
++
+ /* Do not accept RA with source-addr found on local machine unless
+ * accept_ra_from_local is set to true.
+ */
+@@ -1500,13 +1499,6 @@ skip_linkparms:
+ goto out;
+ }
+
+- if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
+- ND_PRINTK(2, info,
+- "RA: router lifetime (%ds) is too short: %s\n",
+- lifetime, skb->dev->name);
+- goto out;
+- }
+-
+ #ifdef CONFIG_IPV6_ROUTE_INFO
+ if (!in6_dev->cnf.accept_ra_from_local &&
+ ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
+@@ -1531,6 +1523,9 @@ skip_linkparms:
+ if (ri->prefix_len == 0 &&
+ !in6_dev->cnf.accept_ra_defrtr)
+ continue;
++ if (ri->lifetime != 0 &&
++ ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
++ continue;
+ if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
+ continue;
+ if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
projects / thirdparty / kernel / stable-queue.git / commitdiff
