diff options
| -rw-r--r-- | src/vnet/ethernet/arp.c | 6 | ||||
| -rw-r--r-- | test/test_neighbor.py | 14 |
2 files changed, 19 insertions, 1 deletions
diff --git a/src/vnet/ethernet/arp.c b/src/vnet/ethernet/arp.c index f46e6f5a5bc..149f0a5dc96 100644 --- a/src/vnet/ethernet/arp.c +++ b/src/vnet/ethernet/arp.c @@ -1123,6 +1123,12 @@ arp_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) &arp0->ip4_over_ethernet[0]); goto drop1; } + else if (arp0->opcode == + clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request) && + (dst_is_local0 == 0)) + { + goto drop1; + } send_reply: /* Send a reply. diff --git a/test/test_neighbor.py b/test/test_neighbor.py index 68dde2fb840..565a8b4442d 100644 --- a/test/test_neighbor.py +++ b/test/test_neighbor.py @@ -641,7 +641,6 @@ class ARPTestCase(VppTestCase): # # 4 - don't respond to ARP requests that has mac source different # from ARP request HW source - # the router # p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) / ARP(op="who-has", @@ -652,6 +651,19 @@ class ARPTestCase(VppTestCase): "ARP req for non-local source") # + # 5 - don't respond to ARP requests for address within the + # interface's sub-net but not the interface's address + # + self.pg0.generate_remote_hosts(2) + p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) / + ARP(op="who-has", + hwsrc=self.pg0.remote_mac, + psrc=self.pg0.remote_hosts[0].ip4, + pdst=self.pg0.remote_hosts[1].ip4)) + self.send_and_assert_no_replies(self.pg0, p, + "ARP req for non-local destination") + + # # cleanup # dyn_arp.remove_vpp_config() |