gerrit.fd Code Review - vpp.git/commit

author	Matthew Smith <mgsmith@netgate.com>
	Wed, 2 Sep 2020 21:42:55 +0000 (16:42 -0500)
committer	Damjan Marion <dmarion@me.com>
	Fri, 4 Sep 2020 12:55:42 +0000 (12:55 +0000)
commit	f1cd3da20f1a5a7ed94a18b6d7ea4bf9d491a7d3
tree	8896ff1cce263697e4ca96640e3885ec34dfd0c1	tree \| snapshot
parent	0be1b764a3111a4107f81e42fba9cf99bf1c9baf	commit \| diff

vrrp: improve RFC compliance for ARP/ND

Type: fix

The ARP/ND feature nodes reply to requests for a VR virtual IP address
when a VR is in the master state. If the VR is in the backup state, the
request is passed to the next node on the feature arc.

This can cause an incorrect response to be sent. If some other feature
(e.g. NAT) causes a virtual IP address to be configured as a "local"
address on the system, a later node on the feature arc may respond to
an ARP/ND request with the real MAC address of the interface.

RFC 5798 says that a router must respond to ARP/ND requests for VR
virtual IP addresses with the VR virtual MAC address. And it says a
router must not respond to ARP/ND requests for VR virtual IP addresses
when the VR is in the backup state. Ensure that ARP/ND requests for
VR virtual IP addresses are dropped when in the backup state rather
than allowing them to continue on the feature arc where another node
may end up responding.

In order to do this, enable/disable the feature nodes when leaving
or entering the init state instead of the master state.

Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

src/plugins/vrrp/node.c		diff \| blob \| history
src/plugins/vrrp/vrrp.c		diff \| blob \| history