network: IPv6 Compliance RFC4862: Address Lifetime Expiry (Hosts Only) [v6LC.3.2.2]

RFC 4862 Section 5.5.3, bullet e, sub-bullet 3 applies to existing
addresses, i.e. when address_get() returns success. If the address is
new (i.e. address_get() fails), then we should not be adding 2 hours to
the lifetime_valid_usec. Instead, use the valid_lifetime from the RA's
Prefix Information Option.

This change allows v6LC.3.2.2 to pass. Also verified all v6LC3.2.* tests
pass. This covers all the v6LC tests from Group2: Router Advertisement
Processing and Address Lifetime.

Fixes #32652.

diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index b1451817bccdaa57563b71f2d423f2515db2116e..cc33564bf9ee1752eed385d0207f2af87efd6c9b 100644 (file)
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -1061,25 +1061,26 @@ static int ndisc_address_set_lifetime(Address *address, Link *link, sd_ndisc_rou
         if (t > 2 * USEC_PER_HOUR)
                 return 0;
 
+        if (address_get(link, address, &existing) < 0 || existing->source != NETWORK_CONFIG_SOURCE_NDISC)
+                return 0;
+
+        if (address->lifetime_valid_usec > existing->lifetime_valid_usec)
+                return 0;
+
+        /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option
+         *    with regards to the valid lifetime, unless the Router Advertisement from which this option was
+         *    obtained has been authenticated (e.g., via Secure Neighbor Discovery [RFC3971]). If the Router
+         *    Advertisement was authenticated, the valid lifetime of the corresponding address should be set
+         *    to the Valid Lifetime in the received option.
+         *
+         * Currently, authentication is not supported. So check the lifetime of the existing address. */
         r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, &t);
         if (r < 0)
                 return r;
 
-        if (address_get(link, address, &existing) >= 0 && existing->source == NETWORK_CONFIG_SOURCE_NDISC) {
-                if (address->lifetime_valid_usec > existing->lifetime_valid_usec)
-                        return 0;
-
-                /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information
-                 *    option with regards to the valid lifetime, unless the Router Advertisement from which
-                 *    this option was obtained has been authenticated (e.g., via Secure Neighbor Discovery
-                 *    [RFC3971]). If the Router Advertisement was authenticated, the valid lifetime of the
-                 *    corresponding address should be set to the Valid Lifetime in the received option.
-                 *
-                 * Currently, authentication is not supported. So check the lifetime of the existing address. */
-                if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) {
-                        address->lifetime_valid_usec = existing->lifetime_valid_usec;
-                        return 0;
-                }
+        if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) {
+                address->lifetime_valid_usec = existing->lifetime_valid_usec;
+                return 0;
         }
 
         /* 3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours. */