From 6970f4c4af0ca53f289500a5cc35a7720e960791 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 20 Oct 2021 18:51:13 +0200
Subject: [PATCH] dhcp: do not advertise link-local VIPs

Since 2b7beb78b3804f6 it's possible to operate link-local addresses
in virtual IPs, but now these get picked up by radvd and that should
not be the case.

Reported by: @bimbar
---
 src/etc/inc/plugins.inc.d/dhcpd.inc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/dhcpd.inc b/src/etc/inc/plugins.inc.d/dhcpd.inc
index aa832d26f..520a8e0be 100644
--- a/src/etc/inc/plugins.inc.d/dhcpd.inc
+++ b/src/etc/inc/plugins.inc.d/dhcpd.inc
@@ -316,10 +316,12 @@ function dhcpd_radvd_configure($verbose = false, $blacklist = array())
         }
 
         foreach (config_read_array('virtualip', 'vip') as $vip) {
-            if ($vip['interface'] == $dhcpv6if && is_ipaddrv6($vip['subnet'])) {
-                $subnetv6 = gen_subnetv6($vip['subnet'], $vip['subnet_bits']);
-                $stanzas[] = "{$subnetv6}/{$vip['subnet_bits']}";
+            if ($vip['interface'] != $dhcpv6if || !is_ipaddrv6($vip['subnet']) || is_linklocal($vip['subnet'])) {
+                continue;
             }
+
+            $subnetv6 = gen_subnetv6($vip['subnet'], $vip['subnet_bits']);
+            $stanzas[] = "{$subnetv6}/{$vip['subnet_bits']}";
         }
 
         /* VIPs may duplicate readings from system */
@@ -505,7 +507,7 @@ function dhcpd_radvd_configure($verbose = false, $blacklist = array())
         }
 
         foreach (config_read_array('virtualip', 'vip') as $vip) {
-            if ($vip['interface'] != $if || !is_ipaddrv6($vip['subnet'])) {
+            if ($vip['interface'] != $if || !is_ipaddrv6($vip['subnet']) || is_linklocal($vip['subnet'])) {
                 continue;
             }