From 769f9744b75e7733e09c956bb84b85abf37e7314 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 16 Apr 2024 16:28:44 +0900
Subject: [PATCH] network/ndisc: disable Neighbor discovery client if RADV is
 enabled

Running both sd-ndisc and sd-radv should be mostly a misconfiguration,
but may not. So, let's only disable sd-ndisc by default when sd-radv is
enabled, but allow when both are explicitly requested.
---
 man/systemd.network.xml      | 13 +++++++------
 src/network/networkd-ndisc.c |  5 +++++
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 38ab30fb4d4..5e8361f69af 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -888,12 +888,13 @@ Table=1234</programlisting></para>
       <varlistentry>
         <term><varname>IPv6AcceptRA=</varname></term>
         <listitem>
-          <para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the
-          interface. If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they
-          may trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or
-          if no routers are found on the link. The default is to disable RA reception for bridge
-          devices or when IP forwarding is enabled, and to enable it otherwise. Cannot be enabled on
-          devices aggregated in a bond device or when link-local addressing is disabled.</para>
+          <para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface.
+          If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may trigger the
+          start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found
+          on the link. Defaults to false for bridge devices, when IP forwarding is enabled,
+          <varname>IPv6SendRA=</varname> or <varname>KeepMaster=</varname> is enabled. Otherwise, enabled by
+          default. Cannot be enabled on devices aggregated in a bond device or when link-local addressing is
+          disabled.</para>
 
           <para>Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA]
           section, see below.</para>
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index 7e74712680f..4720f616d58 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -53,9 +53,14 @@ bool link_ndisc_enabled(Link *link) {
         if (!link_may_have_ipv6ll(link, /* check_multicast = */ true))
                 return false;
 
+        /* Honor explicitly specified value. */
         if (link->network->ndisc >= 0)
                 return link->network->ndisc;
 
+        /* Disable if RADV is enabled. */
+        if (link_radv_enabled(link))
+                return false;
+
         /* Accept RAs if IPv6 forwarding is disabled, and ignore RAs if IPv6 forwarding is enabled. */
         int t = link_get_ip_forwarding(link, AF_INET6);
         if (t >= 0)