From 3983ac23bea6241c6f3d619043fea08d67be30c3 Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Fri, 10 Mar 2017 11:53:27 -0800
Subject: Adjacency refinement; check the cover's interface against the
 adjacency's

Change-Id: I3fa2f35056b74e479288bb956f2713f727a81c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/vnet/fib/fib_entry_src_adj.c | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

(limited to 'src/vnet/fib/fib_entry_src_adj.c')

diff --git a/src/vnet/fib/fib_entry_src_adj.c b/src/vnet/fib/fib_entry_src_adj.c
index 64f82a73..99902230 100644
--- a/src/vnet/fib/fib_entry_src_adj.c
+++ b/src/vnet/fib/fib_entry_src_adj.c
@@ -48,7 +48,7 @@ fib_entry_src_adj_remove (fib_entry_src_t *src)
 
 /*
  * Source activate. 
- * Called when the source is teh new longer best source on the entry
+ * Called when the source is the new longer best source on the entry
  */
 static int
 fib_entry_src_adj_activate (fib_entry_src_t *src,
@@ -75,8 +75,8 @@ fib_entry_src_adj_activate (fib_entry_src_t *src,
 			      fib_entry_get_index(fib_entry));
 
     /*
-     * if the ocver is attached then this adj source entry can install, 
-     * via the adj. otherwise install a drop.
+     * if the cover is attached on the same interface as this adj source then
+     * install the FIB entry via the adj. otherwise install a drop.
      * This prevents ARP/ND entries that on interface X that do not belong
      * on X's subnet from being added to the FIB. To do so would allow
      * nefarious gratuitous ARP requests from attracting traffic to the sender.
@@ -86,7 +86,33 @@ fib_entry_src_adj_activate (fib_entry_src_t *src,
      *   ip route add 10.0.0.0/24 Eth0
      * is attached. and we want adj-fibs to install on Eth0.
      */
-    return (FIB_ENTRY_FLAG_ATTACHED & fib_entry_get_flags_i(cover));
+    if (FIB_ENTRY_FLAG_ATTACHED & fib_entry_get_flags_i(cover))
+    {
+        u32 cover_itf = fib_entry_get_resolving_interface(src->adj.fesa_cover);
+        u32 adj_itf = fib_path_list_get_resolving_interface(src->fes_pl);
+
+        if (cover_itf == adj_itf)
+        {
+            return (1);
+        }
+        else
+        {
+            /*
+             * if the interface the adj is on is unnumbered to the
+             * cover's, then allow that too.
+             */
+            vnet_sw_interface_t *swif;
+
+            swif = vnet_get_sw_interface (vnet_get_main(), adj_itf);
+
+            if (swif->flags & VNET_SW_INTERFACE_FLAG_UNNUMBERED &&
+                cover_itf == swif->unnumbered_sw_if_index)
+            {
+                return (1);
+            }
+        }
+    }
+    return (0);
 }
 
 /*
-- 
cgit 1.2.3-korg