From 218f3738d8aaff19cd932caa9103f74e7cf7955c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 2 Sep 2023 14:40:25 +0900 Subject: [PATCH] network/ndisc: drop captive portals with zero lifetime earlier This also adds a comment about that we use the main lifetime for captive portals. --- src/network/networkd-ndisc.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index 12217227b31..8e66d83fbb1 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -885,6 +885,9 @@ static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt) if (r < 0) return log_link_warning_errno(link, r, "Failed to get router address from RA: %m"); + /* RFC 4861 section 4.2. states that the lifetime in the message header should be used only for the + * default gateway, but the captive portal option does not have a lifetime field, hence, we use the + * main lifetime for the portal. */ r = sd_ndisc_router_get_lifetime(rt, &lifetime_sec); if (r < 0) return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m"); @@ -909,7 +912,19 @@ static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt) if (!in_charset(captive_portal, URI_VALID)) return log_link_warning_errno(link, SYNTHETIC_ERRNO(EBADMSG), "Received invalid captive portal, ignoring."); - exist = set_get(link->ndisc_captive_portals, &(NDiscCaptivePortal) { .captive_portal = captive_portal }); + if (lifetime_usec == 0) { + /* Drop the portal with zero lifetime. */ + ndisc_captive_portal_free(set_remove(link->ndisc_captive_portals, + &(NDiscCaptivePortal) { + .captive_portal = captive_portal, + })); + return 0; + } + + exist = set_get(link->ndisc_captive_portals, + &(NDiscCaptivePortal) { + .captive_portal = captive_portal, + }); if (exist) { /* update existing entry */ exist->router = router;