fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-27 03:30:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

device/lldp: drop our own rate limiting for maximum number of LLDP neighbours

Browse source 
Systemd's LLDP client also internally tracks all neighbours, and it thus
already needs a maximum already. For systemd, that is currently 128.
We don't need to implement our own rate limiting on top of that,
because if we wouldn't trust the LLDP client to get this right,
it would be DoS-able already.

Also decrease the number of maximum neighbours from 4k to 128.
Note that already previously we wouldn't ever get more than 128
entries.
This commit is contained in:
Thomas Haller 2020-06-05 16:52:42 +02:00
parent 7d9ba20893
commit ab2395c966
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/devices/nm-lldp-listener.c
View file

@ -16,7 +16,7 @@
#include "systemd/nm-sd.h"
#define MAX_NEIGHBORS 4096
#define MAX_NEIGHBORS 128
#define MIN_UPDATE_INTERVAL_NS (2 * NM_UTILS_NSEC_PER_SEC)
#define LLDP_MAC_NEAREST_BRIDGE ((const struct ether_addr *) ((uint8_t[ETH_ALEN]) { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x0e }))
@ -901,13 +901,6 @@ process_lldp_neighbor (NMLldpListener *self, sd_lldp_neighbor *neighbor_sd, gboo
return;
}
/* ensure that we have at most MAX_NEIGHBORS entries */
if ( !neigh_old /* only matters in the "add" case. */
&& (g_hash_table_size (priv->lldp_neighbors) + 1 > MAX_NEIGHBORS)) {
_LOGT ("process: ignore neighbor due to overall limit of %d", MAX_NEIGHBORS);
return;
}
_LOGD ("process: %s neigh: "LOG_NEIGH_FMT,
neigh_old ? "update" : "new",
LOG_NEIGH_ARG (neigh));
@ -921,7 +914,11 @@ handle_changed:
static void
lldp_event_handler (sd_lldp *lldp, sd_lldp_event event, sd_lldp_neighbor *n, void *userdata)
{
process_lldp_neighbor (userdata, n, event != SD_LLDP_EVENT_REMOVED);
process_lldp_neighbor (userdata,
n,
NM_IN_SET (event, SD_LLDP_EVENT_ADDED,
SD_LLDP_EVENT_UPDATED,
SD_LLDP_EVENT_REFRESHED));
}
gboolean
@ -963,6 +960,9 @@ nm_lldp_listener_start (NMLldpListener *self, int ifindex, GError **error)
goto err;
}
ret = sd_lldp_set_neighbors_max (priv->lldp_handle, MAX_NEIGHBORS);
nm_assert (ret == 0);
priv->ifindex = ifindex;
ret = sd_lldp_attach_event (priv->lldp_handle, NULL, 0);