diff options
| -rw-r--r-- | src/vnet/ip6-nd/ip6_nd.c | 13 | ||||
| -rw-r--r-- | test/test_ip6.py | 12 |
2 files changed, 21 insertions, 4 deletions
diff --git a/src/vnet/ip6-nd/ip6_nd.c b/src/vnet/ip6-nd/ip6_nd.c index 917abddf7bb..311cbf743f7 100644 --- a/src/vnet/ip6-nd/ip6_nd.c +++ b/src/vnet/ip6-nd/ip6_nd.c @@ -215,10 +215,15 @@ icmp6_neighbor_solicitation_or_advertisement (vlib_main_t * vm, /* It's an address that belongs to one of our interfaces * that's good. */ } - else - if (fib_entry_is_sourced - (fei, FIB_SOURCE_IP6_ND_PROXY) || - fib_entry_is_sourced (fei, FIB_SOURCE_IP6_ND)) + else if (FIB_ENTRY_FLAG_LOCAL & + fib_entry_get_flags_for_source ( + fei, FIB_SOURCE_IP6_ND)) + { + /* It's one of our link local addresses + * that's good. */ + } + else if (fib_entry_is_sourced (fei, + FIB_SOURCE_IP6_ND_PROXY)) { /* The address was added by IPv6 Proxy ND config. * We should only respond to these if the NS arrived on diff --git a/test/test_ip6.py b/test/test_ip6.py index 8abd8d6807f..7635a01c7ce 100644 --- a/test/test_ip6.py +++ b/test/test_ip6.py @@ -505,6 +505,18 @@ class TestIPv6(TestIPv6ND): tgt_ip=self.pg0.local_ip6_ll) # + # do not respond to a NS for the peer's address + # + p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) / + IPv6(dst=d, + src=self.pg0._remote_hosts[3].ip6_ll) / + ICMPv6ND_NS(tgt=self.pg0._remote_hosts[3].ip6_ll) / + ICMPv6NDOptSrcLLAddr( + lladdr=self.pg0.remote_mac)) + + self.send_and_assert_no_replies(self.pg0, p) + + # # we should have learned an ND entry for the peer's link-local # but not inserted a route to it in the FIB # |