bonding: drop traffic on backup interface for active-backup mode

For active-backup mode, we transmit on one and only one interface. However,
we might still receive traffic on the backup interface. We should drop them
and strictly process incoming traffic on only the active interface.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Idb6b798b30033e84044b151c616be3c157329731
(cherry picked from commit 6dfd3785e4d65418f4330a73bf837912c37b8ec2)

diff --git a/src/vnet/bonding/node.c b/src/vnet/bonding/node.c
index 9f6579c..de72070 100644 (file)
--- a/src/vnet/bonding/node.c
+++ b/src/vnet/bonding/node.c
@@ -28,6 +28,7 @@ bond_main_t bond_main;
 #define foreach_bond_input_error \
   _(NONE, "no error")            \
   _(IF_DOWN, "interface down")   \
+  _(PASSIVE_IF, "traffic received on passive interface")   \
   _(PASS_THRU, "pass through (CDP, LLDP, slow protocols)")
 
 typedef enum
@@ -158,10 +159,20 @@ bond_update_next (vlib_main_t * vm, vlib_node_runtime_t * node,
   ASSERT (bif);
   ASSERT (vec_len (bif->slaves));
 
-  if (PREDICT_TRUE (bif->admin_up == 0))
+  if (PREDICT_FALSE (bif->admin_up == 0))
     {
       *bond_sw_if_index = slave_sw_if_index;
       *error = node->errors[BOND_INPUT_ERROR_IF_DOWN];
+      return;
+    }
+
+  if (PREDICT_FALSE ((bif->mode == BOND_MODE_ACTIVE_BACKUP) &&
+                    vec_len (bif->active_slaves) &&
+                    (slave_sw_if_index != bif->active_slaves[0])))
+    {
+      *bond_sw_if_index = slave_sw_if_index;
+      *error = node->errors[BOND_INPUT_ERROR_PASSIVE_IF];
+      return;
     }
 
   *bond_sw_if_index = bif->sw_if_index;