From e2b6736e1f5c9a841e37ea1e0c3db4c1989a10ba Mon Sep 17 00:00:00 2001
From: Neale Ranns <neale@graphiant.com>
Date: Fri, 2 Apr 2021 07:34:39 +0000
Subject: ip6-nd: Solicitation reply only if target is our link-local

Type: fix

The fib source IP6_ND is used for all link-local entries, hence
solicitation responses were sent for a peer's address. Constrain the
source check to also in clude the LOCAL flag, which indicates that the
link-local address is ours.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iba7e66049e4d89ee3f36d77aeb09310b978d70de
---
 src/vnet/ip6-nd/ip6_nd.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'src/vnet/ip6-nd')

diff --git a/src/vnet/ip6-nd/ip6_nd.c b/src/vnet/ip6-nd/ip6_nd.c
index 917abddf7bb..311cbf743f7 100644
--- a/src/vnet/ip6-nd/ip6_nd.c
+++ b/src/vnet/ip6-nd/ip6_nd.c
@@ -215,10 +215,15 @@ icmp6_neighbor_solicitation_or_advertisement (vlib_main_t * vm,
 			  /* It's an address that belongs to one of our interfaces
 			   * that's good. */
 			}
-		      else
-			if (fib_entry_is_sourced
-			    (fei, FIB_SOURCE_IP6_ND_PROXY) ||
-			    fib_entry_is_sourced (fei, FIB_SOURCE_IP6_ND))
+		      else if (FIB_ENTRY_FLAG_LOCAL &
+			       fib_entry_get_flags_for_source (
+				 fei, FIB_SOURCE_IP6_ND))
+			{
+			  /* It's one of our link local addresses
+			   * that's good. */
+			}
+		      else if (fib_entry_is_sourced (fei,
+						     FIB_SOURCE_IP6_ND_PROXY))
 			{
 			  /* The address was added by IPv6 Proxy ND config.
 			   * We should only respond to these if the NS arrived on
-- 
cgit 1.2.3-korg