zebra: limit RTADV socket rcvbuf to 20MB

[hengwu0]

The RTADV raw ICMPv6 socket previously did not enforce an upper bound for the receive buffer size. In abnormal situations, excessive inbound packets combined with slow or stalled consumption by FRR can cause the kernel socket buffer to grow continuously and eventually trigger OOM.

Limit SO_RCVBUF to 20MB to cap the worst-case memory usage while still providing sufficient buffering headroom for RS/RA bursts.

Signed-off-by: hengwu0 [email protected]

[greptile-apps]

Greptile Overview

Greptile Summary

Added a 20MB receive buffer limit to the RTADV ICMPv6 socket to prevent out-of-memory conditions caused by excessive Router Advertisement/Router Solicitation packet bursts.

• Implemented SO_RCVBUF limit of 20,971,520 bytes (20MB) in rtadv_make_socket()
• Added proper error handling that closes the socket and logs a warning if buffer size setting fails
• Prevents unbounded kernel socket buffer growth during abnormal traffic conditions or slow packet consumption
• Maintains sufficient headroom for legitimate RS/RA bursts while capping worst-case memory usage

The change follows existing patterns in the codebase (similar buffer limiting exists in kernel_netlink.c) and is placed appropriately after socket creation but before other socket options are configured.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The change is a straightforward security hardening that adds a bounded limit to socket buffer size, follows established patterns in the codebase, includes proper error handling, and addresses a legitimate OOM vulnerability without breaking existing functionality
• No files require special attention

Important Files Changed

Filename	Overview
zebra/rtadv.c	Added SO_RCVBUF limit of 20MB to prevent OOM from excessive ICMPv6 packets

Sequence Diagram

sequenceDiagram
    participant App as FRR Application
    participant Socket as rtadv_make_socket()
    participant Kernel as Linux Kernel
    participant Network as ICMPv6 Network
    
    App->>Socket: Create RTADV socket
    Socket->>Kernel: ns_socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)
    Kernel-->>Socket: Return socket fd
    
    Note over Socket,Kernel: New: Limit receive buffer
    Socket->>Kernel: setsockopt(SO_RCVBUF, 20MB)
    alt Success
        Kernel-->>Socket: Buffer size set
    else Failure
        Kernel-->>Socket: Error
        Socket->>Kernel: close(sock)
        Socket-->>App: Return error
    end
    
    Socket->>Kernel: setsockopt_ipv6_pktinfo()
    Socket->>Kernel: setsockopt_ipv6_multicast_loop()
    Socket->>Kernel: setsockopt_ipv6_unicast_hops()
    Socket->>Kernel: Additional socket options...
    
    Socket-->>App: Return configured socket
    
    Note over Network,Kernel: During operation
    Network->>Kernel: ICMPv6 RA/RS packets
    Kernel->>Kernel: Buffer packets (max 20MB)
    App->>Kernel: rtadv_read() event
    Kernel-->>App: Receive buffered packets

Loading

[hengwu0]

This fixes #15303 and #15365, where the Recv-Q can keep increasing under misconfiguration or other unexpected conditions.

[ton31337]

Let's use setsockopt_so_recvbuf().

[mjstapp]

Magic number? could we have a define for this value?

[mjstapp]

Please run checkpatch and ensure it's clear

[hengwu0]

fixed @ton31337 @mjstapp

[ton31337]

LGTM