From 0ddad04eda2a29a8df861d8b743f3c7be0333ce8 Mon Sep 17 00:00:00 2001
From: "Kevin P. Fleming" <kevin@km6g.us>
Date: Sat, 8 Feb 2020 15:40:40 -0500
Subject: [PATCH] network: Document the lack of actual DAD usage in
 prefixstable algorithm

The RFC 7217 (prefixstable) algorithm can use Duplicate Address
Detection to produce multiple candidate addresses, but the implementation
here does not currently employ that mechanism.
---
 src/network/networkd-ndisc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index 4a677319482..f97cd1c771b 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -268,6 +268,11 @@ static int ndisc_router_generate_address(Link *link, unsigned prefixlen, uint32_
         ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i)
                 if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
                     && memcmp(&j->prefix, &addr, FAMILY_ADDRESS_SIZE(address->family)) == 0) {
+                        /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
+                           does not actually attempt Duplicate Address Detection; the counter will be incremented
+                           only when the address generation algorithm produces an invalid address, and the loop
+                           may exit with an address which ends up being unusable due to duplication on the link.
+                        */
                         for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
                                 r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &address->in_addr.in6);
                                 if (r < 0)
-- 
2.47.3