From: Michael Brown <mcb30@ipxe.org>
Date: Tue, 13 Oct 2020 12:35:39 +0000 (+0100)
Subject: [lacp] Detect and ignore erroneously looped back LACP packets
X-Git-Tag: v1.21.1~80
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d43789914b99b838ddd75c1c656e674a6807fb7;p=thirdparty%2Fipxe.git

[lacp] Detect and ignore erroneously looped back LACP packets

Some external drivers (observed with the UEFI NII driver provided by
an HPE-branded Mellanox ConnectX-3 Pro) seem to cause LACP packets
transmitted by iPXE to be looped back as received packets.  Since
iPXE's trivial LACP responder will send one response per received
packet, this results in an immediate LACP packet storm.

Detect looped back LACP packets (based on the received LACP actor MAC
address), and refuse to respond to such packets.

Reported-by: Tore Anderson <tore@fud.no>
Tested-by: Tore Anderson <tore@fud.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/src/net/eth_slow.c b/src/net/eth_slow.c
index baa51dbc1..fa7a6e361 100644
--- a/src/net/eth_slow.c
+++ b/src/net/eth_slow.c
@@ -153,6 +153,14 @@ static int eth_slow_lacp_rx ( struct io_buffer *iobuf,
 
 	eth_slow_lacp_dump ( iobuf, netdev, "RX" );
 
+	/* Check for looped-back packets */
+	if ( memcmp ( lacp->actor.system, netdev->ll_addr,
+		      sizeof ( lacp->actor.system ) ) == 0 ) {
+		DBGC ( netdev, "SLOW %s RX loopback detected\n",
+		       netdev->name );
+		return -ELOOP;
+	}
+
 	/* If partner is not in sync, collecting, and distributing,
 	 * then block the link until after the next expected LACP
 	 * packet.