gerrit.fd Code Review - vpp.git/commit

author	Matthew Smith <mgsmith@netgate.com>
	Wed, 25 Aug 2021 22:09:34 +0000 (17:09 -0500)
committer	Damjan Marion <dmarion@me.com>
	Wed, 8 Sep 2021 14:40:23 +0000 (14:40 +0000)
commit	0d56f60c8c9c3c86b6b47f369d23b8c79366aedf
tree	7ec1fdc92e0b8f52ee48cbb8421ab37e1540b5b8	tree \| snapshot
parent	f49734d3b9afb27e3f527e1477fee4952d546f9a	commit \| diff

vrrp: fix source address on advertisements

Type: fix

Advertisements are dropped by anti spoofing check in some situations.

When a VR has "accept mode" enabled, we must add the virtual IP addresses
to the interface when the VR transitions to master state. When this
happens, fib_sas4_get() starts selecting the newly added virtual IP
address as the source address for packets sent on the interface, so
advertisements are sent with that source address.

When the virtual IP address is being used as a NAT pool address on a peer
in the backup state, the peer sees the address as a local address and
drops incoming advertisements with that source address.

RFC 5798 section 5.1.1.1 says advertisements should use the primary
IPv4 address of the interface they are being sent on as the source
IP address. Since the virtual IP address is only temporarily added
while the VR is in the master state, the virtual IP address should
probably not be considered the primary address of the interface. The
definition of Primary IP Address in section 1.6 says that selecting
the first address is a valid selection algorithm. Do that instead of
calling fib_sas4_get().

Change-Id: Id92f0e3237c7fd491dd8d695bb27307d494f8573
Signed-off-by: Matthew Smith <mgsmith@netgate.com>