diff options
author | Neale Ranns <nranns@cisco.com> | 2017-05-18 03:03:22 -0700 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2017-05-23 09:48:52 +0000 |
commit | 8142499cd1cb3b8d0168d0e6cf5309c5b4813cc4 (patch) | |
tree | b6191c8b7417aa3a6865ec8b90837d852b90b539 /src/vnet/ipsec-gre | |
parent | f3b53643e87e7521c57cccc157385d2fa4bd0d80 (diff) |
ARP/ND entries for the same address on different interfaces (VPP-848)
there are, intentionally, no validation checks in the ARP/ND code to prevent an ARP/ND entry from being installed for an address that is not local to the interface's sub-net. This is ok, since the adjacency/FIB code is designed to handle this case using the 'refinement' criteria - i.e. only installing a FIB entry for the address if the address 'refines' (i.e. is more specific than) the interface's sub-net.
However, the refinement criteria currently operates on the FIB entry's prefix (which is a /32, so on the address) and not on the next-hop in the path.
So, enter multiple ARP entries for the same address on different links, and this refinement criteria uses only the last added path, and so will remove the FIB entry should the ARP entries be added in the 'wrong' order.
This fix updates the refinement criteria to work on each path of the FIB entry. The entry is installed if one of the paths refines the covers and only paths refining the cover contribute forwarding.
Per-path refinement checks are stored in path-extensions. The patch is rather large as path-extension, which were previously used only for out-going MPLS labels, have been generalized.
Change-Id: I00be359148cb948c32c52109e832a70537a7920a
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec-gre')
0 files changed, 0 insertions, 0 deletions