From ec0679737e8f9ab31ef6c7c3adb5a0005586b5a7 Mon Sep 17 00:00:00 2001
From: Ghanan Gowripalan <ghanan@google.com>
Date: Thu, 30 Jan 2020 07:12:04 -0800
Subject: Do not include the Source Link Layer option with an unspecified
 source address

When sending NDP messages with an unspecified source address, the Source
Link Layer address must not be included.

Test: stack_test.TestDADResolve
PiperOrigin-RevId: 292341334
---
 pkg/tcpip/stack/ndp.go      | 22 ++--------------------
 pkg/tcpip/stack/ndp_test.go | 12 ++++++++----
 2 files changed, 10 insertions(+), 24 deletions(-)

(limited to 'pkg')

diff --git a/pkg/tcpip/stack/ndp.go b/pkg/tcpip/stack/ndp.go
index 281ae786d..31294345d 100644
--- a/pkg/tcpip/stack/ndp.go
+++ b/pkg/tcpip/stack/ndp.go
@@ -538,29 +538,11 @@ func (ndp *ndpState) sendDADPacket(addr tcpip.Address) *tcpip.Error {
 	r := makeRoute(header.IPv6ProtocolNumber, header.IPv6Any, snmc, ndp.nic.linkEP.LinkAddress(), ref, false, false)
 	defer r.Release()
 
-	linkAddr := ndp.nic.linkEP.LinkAddress()
-	isValidLinkAddr := header.IsValidUnicastEthernetAddress(linkAddr)
-	ndpNSSize := header.ICMPv6NeighborSolicitMinimumSize
-	if isValidLinkAddr {
-		// Only include a Source Link Layer Address option if the NIC has a valid
-		// link layer address.
-		//
-		// TODO(b/141011931): Validate a LinkEndpoint's link address (provided by
-		// LinkEndpoint.LinkAddress) before reaching this point.
-		ndpNSSize += header.NDPLinkLayerAddressSize
-	}
-
-	hdr := buffer.NewPrependable(int(r.MaxHeaderLength()) + ndpNSSize)
-	pkt := header.ICMPv6(hdr.Prepend(ndpNSSize))
+	hdr := buffer.NewPrependable(int(r.MaxHeaderLength()) + header.ICMPv6NeighborSolicitMinimumSize)
+	pkt := header.ICMPv6(hdr.Prepend(header.ICMPv6NeighborSolicitMinimumSize))
 	pkt.SetType(header.ICMPv6NeighborSolicit)
 	ns := header.NDPNeighborSolicit(pkt.NDPPayload())
 	ns.SetTargetAddress(addr)
-
-	if isValidLinkAddr {
-		ns.Options().Serialize(header.NDPOptionsSerializer{
-			header.NDPSourceLinkLayerAddressOption(linkAddr),
-		})
-	}
 	pkt.SetChecksum(header.ICMPv6Checksum(pkt, r.LocalAddress, r.RemoteAddress, buffer.VectorisedView{}))
 
 	sent := r.Stats().ICMP.V6PacketsSent
diff --git a/pkg/tcpip/stack/ndp_test.go b/pkg/tcpip/stack/ndp_test.go
index 8c76e80f2..bc7cfbcb4 100644
--- a/pkg/tcpip/stack/ndp_test.go
+++ b/pkg/tcpip/stack/ndp_test.go
@@ -413,14 +413,18 @@ func TestDADResolve(t *testing.T) {
 					t.Fatalf("got Proto = %d, want = %d", p.Proto, header.IPv6ProtocolNumber)
 				}
 
-				// Check NDP packet.
+				// Check NDP NS packet.
+				//
+				// As per RFC 4861 section 4.3, a possible option is the Source Link
+				// Layer option, but this option MUST NOT be included when the source
+				// address of the packet is the unspecified address.
 				checker.IPv6(t, p.Pkt.Header.View().ToVectorisedView().First(),
+					checker.SrcAddr(header.IPv6Any),
+					checker.DstAddr(header.SolicitedNodeAddr(addr1)),
 					checker.TTL(header.NDPHopLimit),
 					checker.NDPNS(
 						checker.NDPNSTargetAddress(addr1),
-						checker.NDPNSOptions([]header.NDPOption{
-							header.NDPSourceLinkLayerAddressOption(linkAddr1),
-						}),
+						checker.NDPNSOptions(nil),
 					))
 			}
 		})
-- 
cgit v1.2.3