ndp: Don't sabotage DAD by replying to probing neighbour solicitation
If the solicitation comes from ::, it's the guest performing duplicate address detection -- don't answer that. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio
3
ndp.c
3
ndp.c
@@ -76,6 +76,9 @@ int ndp(struct ctx *c, struct ethhdr *eh, size_t len)
|
|||||||
sizeof(struct in6_addr))
|
sizeof(struct in6_addr))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
if (IN6_IS_ADDR_UNSPECIFIED(&ip6h->saddr))
|
||||||
|
return 1;
|
||||||
|
|
||||||
info("NDP: received NS, sending NA");
|
info("NDP: received NS, sending NA");
|
||||||
ihr->icmp6_type = NA;
|
ihr->icmp6_type = NA;
|
||||||
ihr->icmp6_code = 0;
|
ihr->icmp6_code = 0;
|
||||||
|
|||||||
Reference in New Issue
Block a user