From: Kevin P. Fleming <kevin@km6g.us>
Date: Sat, 8 Feb 2020 20:40:40 +0000 (-0500)
Subject: network: Document the lack of actual DAD usage in prefixstable algorithm
X-Git-Tag: v245-rc2~62^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0ddad04eda2a29a8df861d8b743f3c7be0333ce8;p=thirdparty%2Fsystemd.git

network: Document the lack of actual DAD usage in prefixstable algorithm

The RFC 7217 (prefixstable) algorithm can use Duplicate Address
Detection to produce multiple candidate addresses, but the implementation
here does not currently employ that mechanism.
---

diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index 4a677319482..f97cd1c771b 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -268,6 +268,11 @@ static int ndisc_router_generate_address(Link *link, unsigned prefixlen, uint32_
         ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i)
                 if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
                     && memcmp(&j->prefix, &addr, FAMILY_ADDRESS_SIZE(address->family)) == 0) {
+                        /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
+                           does not actually attempt Duplicate Address Detection; the counter will be incremented
+                           only when the address generation algorithm produces an invalid address, and the loop
+                           may exit with an address which ends up being unusable due to duplication on the link.
+                        */
                         for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
                                 r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &address->in_addr.in6);
                                 if (r < 0)