From af55c4e98fd164669bb3d1149fb097c365085353 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Thu, 21 Oct 2021 12:13:44 +0200 Subject: [PATCH] ndp: Don't sabotage DAD by replying to probing neighbour solicitation If the solicitation comes from ::, it's the guest performing duplicate address detection -- don't answer that. Signed-off-by: Stefano Brivio --- ndp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ndp.c b/ndp.c index 3487e51..92abbe9 100644 --- a/ndp.c +++ b/ndp.c @@ -76,6 +76,9 @@ int ndp(struct ctx *c, struct ethhdr *eh, size_t len) sizeof(struct in6_addr)) return -1; + if (IN6_IS_ADDR_UNSPECIFIED(&ip6h->saddr)) + return 1; + info("NDP: received NS, sending NA"); ihr->icmp6_type = NA; ihr->icmp6_code = 0;