Detect looped-back NDP DAD messages

...as per RFC 7527.

If a looped-back DAD message is received, do not fail DAD since our own
DAD message does not indicate that a neighbor has the address assigned.

Test: ndp_test.TestDADResolveLoopback
PiperOrigin-RevId: 363224288

1 files changed, 9 insertions, 4 deletions

diff --git a/pkg/tcpip/network/arp/arp.go b/pkg/tcpip/network/arp/arp.go
index 43a4b7cac..7ae38d684 100644
--- a/pkg/tcpip/network/arp/arp.go
+++ b/pkg/tcpip/network/arp/arp.go
@@ -38,6 +38,7 @@ const (
 
 var _ stack.DuplicateAddressDetector = (*endpoint)(nil)
 var _ stack.LinkAddressResolver = (*endpoint)(nil)
+var _ ip.DADProtocol = (*endpoint)(nil)
 
 // ARP endpoints need to implement stack.NetworkEndpoint because the stack
 // considers the layer above the link-layer a network layer; the only
@@ -82,7 +83,8 @@ func (*endpoint) DuplicateAddressProtocol() tcpip.NetworkProtocolNumber {
 	return header.IPv4ProtocolNumber
 }
 
-func (e *endpoint) SendDADMessage(addr tcpip.Address) tcpip.Error {
+// SendDADMessage implements ip.DADProtocol.
+func (e *endpoint) SendDADMessage(addr tcpip.Address, _ []byte) tcpip.Error {
 	return e.sendARPRequest(header.IPv4Any, addr, header.EthernetBroadcastAddress)
 }
 
@@ -284,9 +286,12 @@ func (p *protocol) NewEndpoint(nic stack.NetworkInterface, dispatcher stack.Tran
 
 	e.mu.Lock()
 	e.mu.dad.Init(&e.mu, p.options.DADConfigs, ip.DADOptions{
-		Clock:    p.stack.Clock(),
-		Protocol: e,
-		NICID:    nic.ID(),
+		Clock:     p.stack.Clock(),
+		SecureRNG: p.stack.SecureRNG(),
+		// ARP does not support sending nonce values.
+		NonceSize: 0,
+		Protocol:  e,
+		NICID:     nic.ID(),
 	})
 	e.mu.Unlock()