diff options
author | Andrew Zaborowski <andrew.zaborowski@intel.com> | 2022-06-16 00:47:37 +0200 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2022-06-17 11:07:52 -0500 |
commit | b287eafe3e585fffd108401a051e0aa8504c7bbd (patch) | |
tree | 0230035677668796aa40e301a3f9ff333edfa984 | |
parent | 6eb8b8bccdcbbd15e1c788f125dc58735547b45d (diff) |
netconfig: Set a limit on number of routes from ICMPv6
While some networks can be configured in a way that prevents rogue
Router Advertisements from reaching clients, add a very basic mechanism
to avoid a denial-of-service in such a case by limiting the number of
routes we track from RAs. This won't prevent the loss of routing but
might prevent OOM crashes or slowdowns.
-rw-r--r-- | ell/netconfig.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ell/netconfig.c b/ell/netconfig.c index 79d721c2..ff6bca27 100644 --- a/ell/netconfig.c +++ b/ell/netconfig.c @@ -133,6 +133,8 @@ union netconfig_addr { static struct l_queue *addr_wait_list; static unsigned int rtnl_id; +static const unsigned int max_icmp6_routes = 100; + static void netconfig_update_cleanup(struct l_netconfig *nc) { l_queue_clear(nc->addresses.added, NULL); @@ -743,6 +745,9 @@ static struct netconfig_route_data *netconfig_add_icmp6_route( struct netconfig_route_data *rd; struct l_rtnl_route *rt; + if (l_queue_length(nc->icmp_route_data) >= max_icmp6_routes) + return NULL; /* TODO: log a warning the first time */ + rt = netconfig_route_new(nc, AF_INET6, dst ? dst->address : NULL, dst ? dst->prefix_len : 0, gateway, RTPROT_RA); |