tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: introducing a limit for the number of prefixes/routes from RA (IPv6)

In article <iqdgq4$hhs$>, S.P.Zeidler 
<> wrote:
>at present, there is no limit to the number of prefixes (and thus, routes=
>that a IPv6 autohost will accept via router advertisements.
>If an attacker floods the net with random RA announcements, at several
>thousand (for my laptop: 5000 and a bit) the machine slows down to not
>even updating time any longer. As soon as the flood stops, at least in th=
>case I tested, the machine fully recovered (apart from very unseemly
>ifconfig output, and ifconfig taking noteable time to complete).
>Daemons may not be coping with the number of addresses gracefully, too.
>Limiting just the number of routes processed already fixes the slowdown,
>but not the issues network programs may run into.
>In order to deal with this, I propose to set a limit on the number of
>prefixes and routes an autohost will accept. I name routes separately
>since RFC4191 provides a mechanism for sending routes additionally to
>prefixes; we do not yet support this but may do so in the future.
>A proposed patch is at

I would also add a sysctl to print the current numroutes.


Home | Main Index | Thread Index | Old Index