git: b0037260b73f - stable/14 - in6: Modify address prefix lifetimes when updating address lifetimes

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 05 Feb 2026 18:37:00 UTC 
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=b0037260b73f405d7ae5140f50cd279c0a9a30cd

commit b0037260b73f405d7ae5140f50cd279c0a9a30cd
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-01-12 13:49:54 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-02-05 18:36:43 +0000

    in6: Modify address prefix lifetimes when updating address lifetimes
    
    When one uses SIOCAIFADDR_IN6 to add a v6 address, it's possible to set
    the preferred and valid lifetimes of the address.  If the address
    already exists, this ioctl will recalculate and update the expiry times
    based on the provided timestamps.
    
    When adding a new address, the lifetimes are inherited by the prefix as
    well, but only if we create a new prefix.  If the prefix already exists,
    as it will in the case where an address is being updated rather than
    being added, we do not touch the prefix lifetimes at all.  This means
    that the original address lifetime still applies to the route associated
    with that prefix, so when the prefix expires, the route goes away.
    
    This behaviour doesn't make a lot of sense: if the admin updates an
    address lifetime, we should ensure that the prefix lifetime is updated
    too.  Make that change, ensuring that we do not shorten the prefix
    lifetime, as the prefix might be shared among multiple interface
    addresses.
    
    Add a regression test.
    
    Co-authored by: Franco Fichtner <franco@opnsense.org>
    Reviewed by:    pouria, zlei, ae
    MFC after:      2 weeks
    Sponsored by:   OPNsense
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D54562
    
    (cherry picked from commit 74999aac5effb9b32d12f413ef51e87b15c8a0d8)
---
 sys/netinet6/in6.c        | 22 ++++++++++++++
 tests/sys/netinet6/ndp.sh | 76 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 98 insertions(+)

diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 86e59283f9b1..fb661ade438d 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1326,6 +1326,28 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *i
 				(*carp_detach_p)(&ia->ia_ifa, false);
 			goto out;
 		}
+	} else if (pr->ndpr_raf_onlink) {
+		time_t expiry;
+
+		/*
+		 * If the prefix already exists, update lifetimes, but avoid
+		 * shortening them.
+		 */
+		ND6_WLOCK();
+		expiry = in6_expire_time(pr0.ndpr_pltime);
+		if (pr->ndpr_preferred != 0 &&
+		    (pr->ndpr_preferred < expiry || expiry == 0)) {
+			pr->ndpr_pltime = pr0.ndpr_pltime;
+			pr->ndpr_preferred = expiry;
+		}
+		expiry = in6_expire_time(pr0.ndpr_vltime);
+		if (pr->ndpr_expire != 0 &&
+		    (pr->ndpr_expire < expiry || expiry == 0)) {
+			pr->ndpr_vltime = pr0.ndpr_vltime;
+			pr->ndpr_expire = expiry;
+		}
+		pr->ndpr_lastupdate = time_uptime;
+		ND6_WUNLOCK();
 	}
 
 	/* relate the address to the prefix */
diff --git a/tests/sys/netinet6/ndp.sh b/tests/sys/netinet6/ndp.sh
index 10c101c09a19..03fab97fed43 100755
--- a/tests/sys/netinet6/ndp.sh
+++ b/tests/sys/netinet6/ndp.sh
@@ -249,10 +249,86 @@ ndp_prefix_lifetime_cleanup() {
 	vnet_cleanup
 }
 
+atf_test_case "ndp_prefix_lifetime_extend"
+ndp_prefix_lifetime_extend_head() {
+	atf_set descr 'Test prefix lifetime updates via ifconfig'
+	atf_set require.user root
+	atf_set require.progs jq
+}
+
+get_prefix_attr() {
+	local prefix=$1
+	local attr=$2
+
+	ndp -p --libxo json | \
+	    jq -r '.ndp.["prefix-list"][] |
+	           select(.prefix == "'${prefix}'") | .["'${attr}'"]'
+}
+
+# Given a prefix, return its expiry time in seconds.
+prefix_expiry() {
+	get_prefix_attr $1 "expires_sec"
+}
+
+# Given a prefix, return its valid and preferred lifetimes.
+prefix_lifetimes() {
+	local p v
+
+	v=$(get_prefix_attr $1 "valid-lifetime")
+	p=$(get_prefix_attr $1 "preferred-lifetime")
+	echo $v $p
+}
+
+ndp_prefix_lifetime_extend_body() {
+	local epair ex1 ex2 ex3 prefix pltime vltime
+
+	atf_check -o save:epair ifconfig epair create
+	epair=$(cat epair)
+	atf_check ifconfig ${epair} up
+
+	prefix="2001:db8:ffff:1000::"
+
+	atf_check ifconfig ${epair} inet6 ${prefix}1/64 pltime 5 vltime 10
+	t=$(prefix_lifetimes ${prefix}/64)
+	if [ "${t}" != "10 5" ]; then
+		atf_fail "Unexpected lifetimes: ${t}"
+	fi
+	ex1=$(prefix_expiry ${prefix}/64)
+	if [ "${ex1}" -gt 10 ]; then
+		atf_fail "Unexpected expiry time: ${ex1}"
+	fi
+
+	# Double the address lifetime and verify that the prefix is
+	# updated.
+	atf_check ifconfig ${epair} inet6 ${prefix}1/64 pltime 10 vltime 20
+	t=$(prefix_lifetimes ${prefix}/64)
+	if [ "${t}" != "20 10" ]; then
+		atf_fail "Unexpected lifetimes: ${t}"
+	fi
+	ex2=$(prefix_expiry ${prefix}/64)
+	if [ "${ex2}" -le "${ex1}" ]; then
+		atf_fail "Expiry time was not extended: ${ex1} <= ${ex2}"
+	fi
+
+	# Add a second address from the same prefix with a shorter
+	# lifetime, and make sure that the prefix lifetime is not
+	# shortened.
+	atf_check ifconfig ${epair} inet6 ${prefix}2/64 pltime 5 vltime 10
+	t=$(prefix_lifetimes ${prefix}/64)
+	if [ "${t}" != "20 10" ]; then
+		atf_fail "Unexpected lifetimes: ${t}"
+	fi
+	ex3=$(prefix_expiry ${prefix}/64)
+	if [ "${ex3}" -lt "${ex2}" ]; then
+		atf_fail "Expiry time was shortened: ${ex2} <= ${ex3}"
+	fi
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "ndp_add_gu_success"
 	atf_add_test_case "ndp_del_gu_success"
 	atf_add_test_case "ndp_slaac_default_route"
 	atf_add_test_case "ndp_prefix_lifetime"
+	atf_add_test_case "ndp_prefix_lifetime_extend"
 }