Clear neighbor table on NIC down

Note, this includes static entries to match linux's behaviour.

```
  $ ip neigh show dev eth0
  192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE
  $ sudo ip neigh add 192.168.42.172 lladdr 22:33:44:55:66:77 dev eth0
  $ ip neigh show dev eth0
  192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE
  192.168.42.172 lladdr 22:33:44:55:66:77 PERMANENT
  $ sudo ifconfig eth0 down
  $ ip neigh show dev eth0
  $ sudo ifconfig eth0 up
  $ ip neigh show dev eth0
```

Test: stack_test.TestClearNeighborCacheOnNICDisable
PiperOrigin-RevId: 351696306

1 files changed, 10 insertions, 0 deletions

diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 4a34805b5..8a946b4fa 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -217,6 +217,16 @@ func (n *NIC) disableLocked() {
 		ep.Disable()
 	}
 
+	// Clear the neighbour table (including static entries) as we cannot guarantee
+	// that the current neighbour table will be valid when the NIC is enabled
+	// again.
+	//
+	// This matches linux's behaviour at the time of writing:
+	// https://github.com/torvalds/linux/blob/71c061d2443814de15e177489d5cc00a4a253ef3/net/core/neighbour.c#L371
+	if err := n.clearNeighbors(); err != nil && err != tcpip.ErrNotSupported {
+		panic(fmt.Sprintf("n.clearNeighbors(): %s", err))
+	}
+
 	if !n.setEnabled(false) {
 		panic("should have only done work to disable the NIC if it was enabled")
 	}