Fix coverity warnings, VPP-486

[vpp.git] / vnet / vnet / ip / ip6_neighbor.c

diff --git a/vnet/vnet/ip/ip6_neighbor.c b/vnet/vnet/ip/ip6_neighbor.c
index 5d059e9..97e7e84 100644 (file)
--- a/vnet/vnet/ip/ip6_neighbor.c
+++ b/vnet/vnet/ip/ip6_neighbor.c
@@ -427,6 +427,17 @@ vnet_set_ip6_ethernet_neighbor (vlib_main_t * vm,
     n->key = k;
     n->adj_index = ADJ_INDEX_INVALID;
   }
+  else
+  {
+    /*
+     * prevent a DoS attack from the data-plane that
+     * spams us with no-op updates to the MAC address
+     */
+    if (0 == memcmp(n->link_layer_address,
+                   link_layer_address,
+                   n_bytes_link_layer_address))
+      return -1;
+  }
 
   /* Update time stamp and ethernet address. */
   clib_memcpy (n->link_layer_address,
@@ -812,7 +823,8 @@ icmp6_neighbor_solicitation_or_advertisement (vlib_main_t * vm,
                                                         128);
 
                  if (FIB_NODE_INDEX_INVALID == fei || 
-                     !(FIB_ENTRY_FLAG_LOCAL & fib_entry_get_flags(fei)))
+                     !(FIB_ENTRY_FLAG_LOCAL &
+                       fib_entry_get_flags_for_source(fei, FIB_SOURCE_INTERFACE)))
                    {
                      error0 = ICMP6_ERROR_NEIGHBOR_SOLICITATION_SOURCE_UNKNOWN;
                    }
@@ -1693,7 +1705,7 @@ ip6_neighbor_sw_interface_add_del (vnet_main_t * vnm,
         a->seed = random_default_seed();
         
         /* for generating random interface ids */
-        a->randomizer = 0x1119194911191949;
+        a->randomizer = 0x1119194911191949ULL;
         a->randomizer = random_u64 ((u32 *)&a->randomizer);
         
         a->initial_adverts_count = MAX_INITIAL_RTR_ADVERTISEMENTS ; 
@@ -3405,8 +3417,9 @@ int vnet_ip6_nd_term (vlib_main_t * vm,
 
   /* Check if anyone want ND events for L2 BDs */
   p = mhash_get (&nm->mac_changes_by_address, &ip6a_zero);
-  if (p && shg == 0)
-    { /* Only SHG 0 interface which is more likely local */
+  if (p && shg == 0 && /* Only SHG 0 interface which is more likely local */ 
+      !ip6_address_is_link_local_unicast (&ip->src_address))
+    { 
       u32 next_index = p[0];
       while (next_index != (u32)~0)
         {