ip6-nd: only respond to RS if sending RA is enabled

Even when periodic RAs are disabled VPP would respond to router solicitations. Making it impossible to have an IPv6 enabled interface with hosts connected to it without VPP acting as a default router. This change drops RS messages if the radv_info->send_radv is off. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-06 09:58:09 +02:00
parent 1885f795ed
commit 5d280d5b51
2 changed files with 21 additions and 2 deletions
@@ -270,6 +270,9 @@ typedef enum
  ICMP6_ROUTER_SOLICITATION_N_NEXT,
 } icmp6_router_solicitation_or_advertisement_next_t;

+/*
+ * Note: Both periodic RAs and solicited RS come through here.
+ */
 static_always_inline uword
 icmp6_router_solicitation (vlib_main_t * vm,
 			   vlib_node_runtime_t * node, vlib_frame_t * frame)
@@ -413,7 +416,9 @@ icmp6_router_solicitation (vlib_main_t * vm,
 		  error0 = ((!radv_info) ?
 			    ICMP6_ERROR_ROUTER_SOLICITATION_RADV_NOT_CONFIG :
 			    error0);
-
+		  error0 = radv_info->send_radv == 0 ?
+			     ICMP6_ERROR_ROUTER_SOLICITATION_RADV_NOT_CONFIG :
+			     error0;
 		  if (error0 == ICMP6_ERROR_NONE)
 		    {
 		      f64 now = vlib_time_now (vm);
@@ -735,9 +735,23 @@ class TestIPv6(TestIPv6ND):
                                "RS sourced from link-local",
                                dst_ip=ll)

+        #
+        # Source an RS from a link local address
+        # Ensure suppress also applies to solicited RS
+        #
+        self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
+        ll = mk_ll_addr(self.pg0.remote_mac)
+        p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
+             IPv6(dst=self.pg0.local_ip6, src=ll) /
+             ICMPv6ND_RS())
+        pkts = [p]
+        self.send_and_assert_no_replies(self.pg0, pkts,
+                                        "Suppressed RS from link-local")
+
        #
        # Send the RS multicast
        #
+        self.pg0.ip6_ra_config(no=1, suppress=1)  # Reset suppress flag to zero
        self.pg0.ip6_ra_config(send_unicast=1)
        dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
        ll = mk_ll_addr(self.pg0.remote_mac)
@@ -757,7 +771,7 @@ class TestIPv6(TestIPv6ND):
        # If we happen to pick up the periodic RA at this point then so be it,
        # it's not an error.
        #
-        self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
+        self.pg0.ip6_ra_config(send_unicast=1, suppress=0)
        p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
             IPv6(dst="ff02::2", src="::") /
             ICMPv6ND_RS())