diff options
author | Ole Troan <otroan@employees.org> | 2023-10-13 09:19:45 +0200 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2023-10-16 14:48:46 +0000 |
commit | dbeb56d2dab0a5c86b4b61b5dccdcb997cdaef1f (patch) | |
tree | 52bd509f77f23975a2de6a7c12cc07b8f611059a /src/vnet | |
parent | f68afe85a6e4d5e00fdad1af19a76eb40fdfa388 (diff) |
ip-neighbor: do not use sas to determine NS source address
Using the source address selection algorithm to determine the best source
of an NS for address resolution risks incompatible behavior.
It may choose a source address that is off-link to the other host.
Which may drop it.
A safer approach is to always use the link-local address as the SA.
It's recommended to pick a source that an application will later use,
as VPP is mostly a router, that rarely applies. And regardlessly we have
no mechanism to signal from an application that triggered address resolutiuon
what source address it intends to use.
Type: fix
Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54
Signed-off-by: Ole Troan <otroan@employees.org>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ip-neighbor/ip6_neighbor.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/vnet/ip-neighbor/ip6_neighbor.c b/src/vnet/ip-neighbor/ip6_neighbor.c index e3a47df2076..fd0dbfcd2bb 100644 --- a/src/vnet/ip-neighbor/ip6_neighbor.c +++ b/src/vnet/ip-neighbor/ip6_neighbor.c @@ -217,13 +217,14 @@ ip6_discover_neighbor_inline (vlib_main_t * vm, * Choose source address based on destination lookup * adjacency. */ - if (!fib_sas6_get (sw_if_index0, &ip0->dst_address, &src) || - !ip6_sas_by_sw_if_index (sw_if_index0, &ip0->dst_address, &src)) + const ip6_address_t *ll = ip6_get_link_local_address (sw_if_index0); + if (!ll) { /* There is no address on the interface */ p0->error = node->errors[IP6_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]; continue; } + ip6_address_copy (&src, ll); b0 = ip6_neighbor_probe (vm, vnm, sw_if_index0, thread_index, &src, &ip0->dst_address); |