From: Matt Muggeridge <Matt.Muggeridge@hpe.com>
Date: Mon, 13 May 2024 20:30:22 +0000 (+1000)
Subject: network: IPv6 Compliance RFC4862: Address Lifetime Expiry (Hosts Only) [v6LC.3.2.2]
X-Git-Tag: v256-rc2~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=68adffed0224e4b9c787af296ab34c826c845241;p=thirdparty%2Fsystemd.git

network: IPv6 Compliance RFC4862: Address Lifetime Expiry (Hosts Only) [v6LC.3.2.2]

RFC 4862 Section 5.5.3, bullet e, sub-bullet 3 applies to existing
addresses, i.e. when address_get() returns success. If the address is
new (i.e. address_get() fails), then we should not be adding 2 hours to
the lifetime_valid_usec. Instead, use the valid_lifetime from the RA's
Prefix Information Option.

This change allows v6LC.3.2.2 to pass. Also verified all v6LC3.2.* tests
pass. This covers all the v6LC tests from Group2: Router Advertisement
Processing and Address Lifetime.

Fixes #32652.
---

diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index b1451817bcc..cc33564bf9e 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -1061,25 +1061,26 @@ static int ndisc_address_set_lifetime(Address *address, Link *link, sd_ndisc_rou
         if (t > 2 * USEC_PER_HOUR)
                 return 0;
 
+        if (address_get(link, address, &existing) < 0 || existing->source != NETWORK_CONFIG_SOURCE_NDISC)
+                return 0;
+
+        if (address->lifetime_valid_usec > existing->lifetime_valid_usec)
+                return 0;
+
+        /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option
+         *    with regards to the valid lifetime, unless the Router Advertisement from which this option was
+         *    obtained has been authenticated (e.g., via Secure Neighbor Discovery [RFC3971]). If the Router
+         *    Advertisement was authenticated, the valid lifetime of the corresponding address should be set
+         *    to the Valid Lifetime in the received option.
+         *
+         * Currently, authentication is not supported. So check the lifetime of the existing address. */
         r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, &t);
         if (r < 0)
                 return r;
 
-        if (address_get(link, address, &existing) >= 0 && existing->source == NETWORK_CONFIG_SOURCE_NDISC) {
-                if (address->lifetime_valid_usec > existing->lifetime_valid_usec)
-                        return 0;
-
-                /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information
-                 *    option with regards to the valid lifetime, unless the Router Advertisement from which
-                 *    this option was obtained has been authenticated (e.g., via Secure Neighbor Discovery
-                 *    [RFC3971]). If the Router Advertisement was authenticated, the valid lifetime of the
-                 *    corresponding address should be set to the Valid Lifetime in the received option.
-                 *
-                 * Currently, authentication is not supported. So check the lifetime of the existing address. */
-                if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) {
-                        address->lifetime_valid_usec = existing->lifetime_valid_usec;
-                        return 0;
-                }
+        if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) {
+                address->lifetime_valid_usec = existing->lifetime_valid_usec;
+                return 0;
         }
 
         /* 3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours. */