ip6-nd: only respond to RS if sending RA is enabled

Even when periodic RAs are disabled VPP would respond to
router solicitations. Making it impossible to have an IPv6
enabled interface with hosts connected to it without VPP
acting as a default router.

This change drops RS messages if the radv_info->send_radv is
off.

Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa
Signed-off-by: Ole Troan <ot@cisco.com>

diff --git a/src/vnet/ip6-nd/ip6_ra.c b/src/vnet/ip6-nd/ip6_ra.c
index 270e428..895f309 100644 (file)
--- a/src/vnet/ip6-nd/ip6_ra.c
+++ b/src/vnet/ip6-nd/ip6_ra.c
@@ -270,6 +270,9 @@ typedef enum
   ICMP6_ROUTER_SOLICITATION_N_NEXT,
 } icmp6_router_solicitation_or_advertisement_next_t;
 
+/*
+ * Note: Both periodic RAs and solicited RS come through here.
+ */
 static_always_inline uword
 icmp6_router_solicitation (vlib_main_t * vm,
                           vlib_node_runtime_t * node, vlib_frame_t * frame)
@@ -413,7 +416,9 @@ icmp6_router_solicitation (vlib_main_t * vm,
                  error0 = ((!radv_info) ?
                            ICMP6_ERROR_ROUTER_SOLICITATION_RADV_NOT_CONFIG :
                            error0);
-
+                 error0 = radv_info->send_radv == 0 ?
+                            ICMP6_ERROR_ROUTER_SOLICITATION_RADV_NOT_CONFIG :
+                            error0;
                  if (error0 == ICMP6_ERROR_NONE)
                    {
                      f64 now = vlib_time_now (vm);

diff --git a/test/test_ip6.py b/test/test_ip6.py
index 5dc7269..dd29041 100644 (file)
--- a/test/test_ip6.py
+++ b/test/test_ip6.py
@@ -735,9 +735,23 @@ class TestIPv6(TestIPv6ND):
                                 "RS sourced from link-local",
                                 dst_ip=ll)
 
+        #
+        # Source an RS from a link local address
+        # Ensure suppress also applies to solicited RS
+        #
+        self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
+        ll = mk_ll_addr(self.pg0.remote_mac)
+        p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
+             IPv6(dst=self.pg0.local_ip6, src=ll) /
+             ICMPv6ND_RS())
+        pkts = [p]
+        self.send_and_assert_no_replies(self.pg0, pkts,
+                                        "Suppressed RS from link-local")
+
         #
         # Send the RS multicast
         #
+        self.pg0.ip6_ra_config(no=1, suppress=1)  # Reset suppress flag to zero
         self.pg0.ip6_ra_config(send_unicast=1)
         dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
         ll = mk_ll_addr(self.pg0.remote_mac)
@@ -757,7 +771,7 @@ class TestIPv6(TestIPv6ND):
         # If we happen to pick up the periodic RA at this point then so be it,
         # it's not an error.
         #
-        self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
+        self.pg0.ip6_ra_config(send_unicast=1, suppress=0)
         p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
              IPv6(dst="ff02::2", src="::") /
              ICMPv6ND_RS())