From 3d43789914b99b838ddd75c1c656e674a6807fb7 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Tue, 13 Oct 2020 13:35:39 +0100
Subject: [lacp] Detect and ignore erroneously looped back LACP packets

Some external drivers (observed with the UEFI NII driver provided by
an HPE-branded Mellanox ConnectX-3 Pro) seem to cause LACP packets
transmitted by iPXE to be looped back as received packets.  Since
iPXE's trivial LACP responder will send one response per received
packet, this results in an immediate LACP packet storm.

Detect looped back LACP packets (based on the received LACP actor MAC
address), and refuse to respond to such packets.

Reported-by: Tore Anderson <tore@fud.no>
Tested-by: Tore Anderson <tore@fud.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/eth_slow.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/net')

diff --git a/src/net/eth_slow.c b/src/net/eth_slow.c
index baa51dbc1..fa7a6e361 100644
--- a/src/net/eth_slow.c
+++ b/src/net/eth_slow.c
@@ -153,6 +153,14 @@ static int eth_slow_lacp_rx ( struct io_buffer *iobuf,
 
 	eth_slow_lacp_dump ( iobuf, netdev, "RX" );
 
+	/* Check for looped-back packets */
+	if ( memcmp ( lacp->actor.system, netdev->ll_addr,
+		      sizeof ( lacp->actor.system ) ) == 0 ) {
+		DBGC ( netdev, "SLOW %s RX loopback detected\n",
+		       netdev->name );
+		return -ELOOP;
+	}
+
 	/* If partner is not in sync, collecting, and distributing,
 	 * then block the link until after the next expected LACP
 	 * packet.
-- 
cgit