diff options
author | Matt Muggeridge <Matt.Muggeridge@hpe.com> | 2024-05-14 06:30:22 +1000 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-05-14 07:08:43 +0900 |
commit | 68adffed0224e4b9c787af296ab34c826c845241 (patch) | |
tree | 5b1e970c58ef9490d3d94a59c88697771adb2fd5 | |
parent | network: IPv6 Compliance: Router Advertisement Processing, Reachable Time [v6LC.2.2.15] (#32792) (diff) | |
download | systemd-main.tar.xz systemd-main.zip |
network: IPv6 Compliance RFC4862: Address Lifetime Expiry (Hosts Only) [v6LC.3.2.2]main
RFC 4862 Section 5.5.3, bullet e, sub-bullet 3 applies to existing
addresses, i.e. when address_get() returns success. If the address is
new (i.e. address_get() fails), then we should not be adding 2 hours to
the lifetime_valid_usec. Instead, use the valid_lifetime from the RA's
Prefix Information Option.
This change allows v6LC.3.2.2 to pass. Also verified all v6LC3.2.* tests
pass. This covers all the v6LC tests from Group2: Router Advertisement
Processing and Address Lifetime.
Fixes #32652.
-rw-r--r-- | src/network/networkd-ndisc.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index b1451817bcc..cc33564bf9e 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -1061,25 +1061,26 @@ static int ndisc_address_set_lifetime(Address *address, Link *link, sd_ndisc_rou if (t > 2 * USEC_PER_HOUR) return 0; + if (address_get(link, address, &existing) < 0 || existing->source != NETWORK_CONFIG_SOURCE_NDISC) + return 0; + + if (address->lifetime_valid_usec > existing->lifetime_valid_usec) + return 0; + + /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option + * with regards to the valid lifetime, unless the Router Advertisement from which this option was + * obtained has been authenticated (e.g., via Secure Neighbor Discovery [RFC3971]). If the Router + * Advertisement was authenticated, the valid lifetime of the corresponding address should be set + * to the Valid Lifetime in the received option. + * + * Currently, authentication is not supported. So check the lifetime of the existing address. */ r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, &t); if (r < 0) return r; - if (address_get(link, address, &existing) >= 0 && existing->source == NETWORK_CONFIG_SOURCE_NDISC) { - if (address->lifetime_valid_usec > existing->lifetime_valid_usec) - return 0; - - /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information - * option with regards to the valid lifetime, unless the Router Advertisement from which - * this option was obtained has been authenticated (e.g., via Secure Neighbor Discovery - * [RFC3971]). If the Router Advertisement was authenticated, the valid lifetime of the - * corresponding address should be set to the Valid Lifetime in the received option. - * - * Currently, authentication is not supported. So check the lifetime of the existing address. */ - if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) { - address->lifetime_valid_usec = existing->lifetime_valid_usec; - return 0; - } + if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) { + address->lifetime_valid_usec = existing->lifetime_valid_usec; + return 0; } /* 3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours. */ |