From ab2395c9669df96d2d567e6ee8ef7535cfbf64de Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 5 Jun 2020 16:52:42 +0200
Subject: [PATCH] device/lldp: drop our own rate limiting for maximum number of
 LLDP neighbours

Systemd's LLDP client also internally tracks all neighbours, and it thus
already needs a maximum already. For systemd, that is currently 128.
We don't need to implement our own rate limiting on top of that,
because if we wouldn't trust the LLDP client to get this right,
it would be DoS-able already.

Also decrease the number of maximum neighbours from 4k to 128.
Note that already previously we wouldn't ever get more than 128
entries.
---
 src/devices/nm-lldp-listener.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/devices/nm-lldp-listener.c b/src/devices/nm-lldp-listener.c
index b2ac2950ef..22f356d115 100644
--- a/src/devices/nm-lldp-listener.c
+++ b/src/devices/nm-lldp-listener.c
@@ -16,7 +16,7 @@
 
 #include "systemd/nm-sd.h"
 
-#define MAX_NEIGHBORS         4096
+#define MAX_NEIGHBORS         128
 #define MIN_UPDATE_INTERVAL_NS (2 * NM_UTILS_NSEC_PER_SEC)
 
 #define LLDP_MAC_NEAREST_BRIDGE          ((const struct ether_addr *) ((uint8_t[ETH_ALEN]) { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x0e }))
@@ -901,13 +901,6 @@ process_lldp_neighbor (NMLldpListener *self, sd_lldp_neighbor *neighbor_sd, gboo
 		return;
 	}
 
-	/* ensure that we have at most MAX_NEIGHBORS entries */
-	if (   !neigh_old /* only matters in the "add" case. */
-	    && (g_hash_table_size (priv->lldp_neighbors) + 1 > MAX_NEIGHBORS)) {
-		_LOGT ("process: ignore neighbor due to overall limit of %d", MAX_NEIGHBORS);
-		return;
-	}
-
 	_LOGD ("process: %s neigh: "LOG_NEIGH_FMT,
 	        neigh_old ? "update" : "new",
 	        LOG_NEIGH_ARG (neigh));
@@ -921,7 +914,11 @@ handle_changed:
 static void
 lldp_event_handler (sd_lldp *lldp, sd_lldp_event event, sd_lldp_neighbor *n, void *userdata)
 {
-	process_lldp_neighbor (userdata, n, event != SD_LLDP_EVENT_REMOVED);
+	process_lldp_neighbor (userdata,
+	                       n,
+	                       NM_IN_SET (event, SD_LLDP_EVENT_ADDED,
+	                                         SD_LLDP_EVENT_UPDATED,
+	                                         SD_LLDP_EVENT_REFRESHED));
 }
 
 gboolean
@@ -963,6 +960,9 @@ nm_lldp_listener_start (NMLldpListener *self, int ifindex, GError **error)
 		goto err;
 	}
 
+	ret = sd_lldp_set_neighbors_max (priv->lldp_handle, MAX_NEIGHBORS);
+	nm_assert (ret == 0);
+
 	priv->ifindex = ifindex;
 
 	ret = sd_lldp_attach_event (priv->lldp_handle, NULL, 0);