From 258753a9d848e0157457086b0d6fa17ee6900786 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@vyos.io>
Date: Sat, 17 Feb 2024 15:31:21 -0500
Subject: Clarify the reason to disallow the first IPv6 address of a network as
 a host address

---
 src/ipaddrcheck_functions.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/ipaddrcheck_functions.c b/src/ipaddrcheck_functions.c
index 2b3cc22..2d2dff3 100644
--- a/src/ipaddrcheck_functions.c
+++ b/src/ipaddrcheck_functions.c
@@ -324,6 +324,21 @@ int is_ipv6_host(CIDR *address)
 {
     int result;
 
+    /* We reuse the same logic that prevents IPv4 network addresses
+       from being assigned to interfaces (address == network_address),
+       but the reason is slightly differnt.
+
+       As per https://www.rfc-editor.org/rfc/rfc4291 section 2.6.1,
+       >[Subnet-Router anycast address] is syntactically
+       >the same as a unicast address for an interface on the link with the
+       >interface identifier set to zero.
+
+       So, the first address of the subnet must not be used for link addresses,
+       even if the semantic reason is different.
+       There's absolutely nothing wrong with assigning the last address, though,
+       since there's no broadcast in IPv6.
+      */
+
     if( (cidr_get_proto(address) == CIDR_IPV6) &&
         ((cidr_equals(address, cidr_addr_network(address)) < 0) ||
         (cidr_get_pflen(address) >= 127)) )
-- 
cgit v1.2.3