summaryrefslogtreecommitdiffstats
path: root/src/plugins/vrrp/node.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/vrrp/node.c')
-rw-r--r--src/plugins/vrrp/node.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/plugins/vrrp/node.c b/src/plugins/vrrp/node.c
index a916bcc03ff..0cd5b59ac58 100644
--- a/src/plugins/vrrp/node.c
+++ b/src/plugins/vrrp/node.c
@@ -334,11 +334,18 @@ vrrp_arp_nd_next (vlib_buffer_t * b, u32 * next_index, u32 * vr_index,
if (*vr_index == ~0)
return;
- /* only reply if the VR is in the master state */
vr = vrrp_vr_lookup_index (*vr_index);
if (!vr || vr->runtime.state != VRRP_VR_STATE_MASTER)
- return;
+ {
+ /* RFC 5798 - section 6.4.2 - Backup "MUST NOT respond" to ARP/ND.
+ * So we must drop the request rather than allowing it to continue
+ * on the feature arc.
+ */
+ *next_index = VRRP_ARP_INPUT_NEXT_DROP;
+ return;
+ }
+ /* RFC 5798 section 6.4.3: Master "MUST respond" to ARP/ND. */
eth = ethernet_buffer_get_header (b);
rewrite = ethernet_build_rewrite (vnm, sw_if_index, link_type,
eth->src_address);