diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-07-10 06:28:59 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-08-24 12:59:34 +0200 |
| commit | bf943a9d49941801b45e4631f010359619173d12 (patch) | |
| tree | 3c5125c6114f728b666f3be140e6f27e7b8cc20f /src | |
| parent | hostname: Make sure we pass error to bus_verify_polkit_async() (diff) | |
| download | systemd-bf943a9d49941801b45e4631f010359619173d12.tar.xz systemd-bf943a9d49941801b45e4631f010359619173d12.zip | |
network/ndisc: do not store too many captive portals provided through RA
Prompted by https://github.com/systemd/systemd/pull/28285#issuecomment-1627585140.
Diffstat (limited to 'src')
| -rw-r--r-- | src/network/networkd-ndisc.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index c6ca7f95e2..de03abad22 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -27,6 +27,9 @@ #define NDISC_DNSSL_MAX 64U #define NDISC_RDNSS_MAX 64U +/* Not defined RFC, but let's set an upper limit to make not consume much memory. + * This should be safe as typically there should be at most 1 portal per network. */ +#define NDISC_CAPTIVE_PORTAL_MAX 64U bool link_ipv6_accept_ra_enabled(Link *link) { assert(link); @@ -914,6 +917,19 @@ static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt) return 0; } + if (set_size(link->ndisc_captive_portals) >= NDISC_CAPTIVE_PORTAL_MAX) { + NDiscCaptivePortal *c, *target = NULL; + + /* Find the portal who has the minimal lifetime and drop it to store new one. */ + SET_FOREACH(c, link->ndisc_captive_portals) + if (!target || c->lifetime_usec < target->lifetime_usec) + target = c; + + assert(target); + assert(set_remove(link->ndisc_captive_portals, target) == target); + ndisc_captive_portal_free(target); + } + new_entry = new(NDiscCaptivePortal, 1); if (!new_entry) return log_oom(); |