diff options
| author |   Ole Troan <ot@cisco.com> | 2021-08-06 09:58:09 +0200 |
|---|---|---|
| committer |   Matthew Smith <mgsmith@netgate.com> | 2021-08-09 18:40:23 +0000 |
| commit | 5d280d5b51ace57f73ac1b43caf6c37c6ae11529 (patch) | |
| tree | f341b5587c3c1e26e80ce64947b3aec579345dee | |
| parent | 1885f795ed16515eff389cc49c0b1a9611cf587e (diff) | |
ip6-nd: only respond to RS if sending RA is enabled
Even when periodic RAs are disabled VPP would respond to
router solicitations. Making it impossible to have an IPv6
enabled interface with hosts connected to it without VPP
acting as a default router.
This change drops RS messages if the radv_info->send_radv is
off.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa
Signed-off-by: Ole Troan <ot@cisco.com>
| -rw-r--r-- | src/vnet/ip6-nd/ip6_ra.c | 7 | ||||
| -rw-r--r-- | test/test_ip6.py | 16 |
2 files changed, 21 insertions, 2 deletions
diff --git a/src/vnet/ip6-nd/ip6_ra.c b/src/vnet/ip6-nd/ip6_ra.c index 270e428afad..895f3092820 100644 --- a/src/vnet/ip6-nd/ip6_ra.c +++ b/src/vnet/ip6-nd/ip6_ra.c @@ -270,6 +270,9 @@ typedef enum ICMP6_ROUTER_SOLICITATION_N_NEXT, } icmp6_router_solicitation_or_advertisement_next_t; +/* + * Note: Both periodic RAs and solicited RS come through here. + */ static_always_inline uword icmp6_router_solicitation (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) @@ -413,7 +416,9 @@ icmp6_router_solicitation (vlib_main_t * vm, error0 = ((!radv_info) ? ICMP6_ERROR_ROUTER_SOLICITATION_RADV_NOT_CONFIG : error0); - + error0 = radv_info->send_radv == 0 ? + ICMP6_ERROR_ROUTER_SOLICITATION_RADV_NOT_CONFIG : + error0; if (error0 == ICMP6_ERROR_NONE) { f64 now = vlib_time_now (vm); diff --git a/test/test_ip6.py b/test/test_ip6.py index 5dc7269f203..dd29041c898 100644 --- a/test/test_ip6.py +++ b/test/test_ip6.py @@ -736,8 +736,22 @@ class TestIPv6(TestIPv6ND): dst_ip=ll) # + # Source an RS from a link local address + # Ensure suppress also applies to solicited RS + # + self.pg0.ip6_ra_config(send_unicast=1, suppress=1) + ll = mk_ll_addr(self.pg0.remote_mac) + p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / + IPv6(dst=self.pg0.local_ip6, src=ll) / + ICMPv6ND_RS()) + pkts = [p] + self.send_and_assert_no_replies(self.pg0, pkts, + "Suppressed RS from link-local") + + # # Send the RS multicast # + self.pg0.ip6_ra_config(no=1, suppress=1) # Reset suppress flag to zero self.pg0.ip6_ra_config(send_unicast=1) dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2")) ll = mk_ll_addr(self.pg0.remote_mac) @@ -757,7 +771,7 @@ class TestIPv6(TestIPv6ND): # If we happen to pick up the periodic RA at this point then so be it, # it's not an error. # - self.pg0.ip6_ra_config(send_unicast=1, suppress=1) + self.pg0.ip6_ra_config(send_unicast=1, suppress=0) p = (Ether(dst=dmac, src=self.pg0.remote_mac) / IPv6(dst="ff02::2", src="::") / ICMPv6ND_RS()) |