vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1

The subnet router anycast address is predefined. Its format is as follows:

|                         n bits                 |   128-n bits   |
+------------------------------------------------+----------------+
|                   subnet prefix                | 00000000000000 |
+------------------------------------------------+----------------+
The "subnet prefix" in an anycast address is the prefix that identifies a
specific link. This anycast address is syntactically the same as a unicast
address for an interface on the link with the interface identifier set to zero.

Packets sent to the Subnet-Router anycast address will be delivered to one
router on the subnet. All routers are required to support the Subnet-Router
anycast addresses for the subnets to which they have interfaces.

The Subnet-Router anycast address is intended to be used for applications where
a node needs to communicate with any one of the set of routers.

Our code as of now returns the subnet router anycast address as the
first_host_address().

2 files changed, 11 insertions, 13 deletions

diff --git a/python/vyos/template.py b/python/vyos/template.py
index 77b6a5ab0..29ea0889b 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -316,20 +316,15 @@ def is_ipv6(text):
     except: return False
 
 @register_filter('first_host_address')
-def first_host_address(text):
+def first_host_address(prefix):
     """ Return first usable (host) IP address from given prefix.
     Example:
       - 10.0.0.0/24 -> 10.0.0.1
       - 2001:db8::/64 -> 2001:db8::
     """
     from ipaddress import ip_interface
-    from ipaddress import IPv4Network
-    from ipaddress import IPv6Network
-
-    addr = ip_interface(text)
-    if addr.version == 4:
-        return str(addr.ip +1)
-    return str(addr.ip)
+    tmp = ip_interface(prefix).network
+    return str(tmp.network_address +1)
 
 @register_filter('last_host_address')
 def last_host_address(text):
diff --git a/src/tests/test_template.py b/src/tests/test_template.py
index 2d065f545..cff977283 100644
--- a/src/tests/test_template.py
+++ b/src/tests/test_template.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -81,9 +81,13 @@ class TestVyOSTemplate(TestCase):
             self.assertEqual(vyos.template.netmask_from_cidr('2001:db8:1:/64'), 'ffff:ffff:ffff:ffff::')
 
     def test_first_host_address(self):
-        self.assertEqual(vyos.template.first_host_address('10.0.0.0/24'),  '10.0.0.1')
-        self.assertEqual(vyos.template.first_host_address('10.0.0.128/25'),  '10.0.0.129')
-        self.assertEqual(vyos.template.first_host_address('2001:db8::/64'),  '2001:db8::')
+        self.assertEqual(vyos.template.first_host_address('10.0.0.0/24'), '10.0.0.1')
+        self.assertEqual(vyos.template.first_host_address('10.0.0.10/24'), '10.0.0.1')
+        self.assertEqual(vyos.template.first_host_address('10.0.0.255/24'), '10.0.0.1')
+        self.assertEqual(vyos.template.first_host_address('10.0.0.128/25'), '10.0.0.129')
+        self.assertEqual(vyos.template.first_host_address('2001:db8::/64'), '2001:db8::1')
+        self.assertEqual(vyos.template.first_host_address('2001:db8::1000/64'), '2001:db8::1')
+        self.assertEqual(vyos.template.first_host_address('2001:db8::ffff:ffff:ffff:ffff/64'), '2001:db8::1')
 
     def test_last_host_address(self):
         self.assertEqual(vyos.template.last_host_address('10.0.0.0/24'),  '10.0.0.254')
@@ -181,4 +185,3 @@ class TestVyOSTemplate(TestCase):
         for group_name, group_config in data['ike_group'].items():
             ciphers = vyos.template.get_esp_ike_cipher(group_config)
             self.assertIn(IKEv2_DEFAULT, ','.join(ciphers))
-