From: Steven Luong <sluong@cisco.com>
Date: Sat, 7 Dec 2019 05:12:41 +0000 (-0800)
Subject: bonding: drop traffic on backup interface for active-backup mode
X-Git-Tag: v20.05-rc0~156
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;ds=sidebyside;h=6dfd3785e4d65418f4330a73bf837912c37b8ec2;p=vpp.git

bonding: drop traffic on backup interface for active-backup mode

For active-backup mode, we transmit on one and only one interface. However,
we might still receive traffic on the backup interface. We should drop them
and strictly process incoming traffic on only the active interface.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Idb6b798b30033e84044b151c616be3c157329731
---

diff --git a/src/vnet/bonding/node.c b/src/vnet/bonding/node.c
index 9f6579cda89..de720706822 100644
--- a/src/vnet/bonding/node.c
+++ b/src/vnet/bonding/node.c
@@ -28,6 +28,7 @@ bond_main_t bond_main;
 #define foreach_bond_input_error \
   _(NONE, "no error")            \
   _(IF_DOWN, "interface down")   \
+  _(PASSIVE_IF, "traffic received on passive interface")   \
   _(PASS_THRU, "pass through (CDP, LLDP, slow protocols)")
 
 typedef enum
@@ -158,10 +159,20 @@ bond_update_next (vlib_main_t * vm, vlib_node_runtime_t * node,
   ASSERT (bif);
   ASSERT (vec_len (bif->slaves));
 
-  if (PREDICT_TRUE (bif->admin_up == 0))
+  if (PREDICT_FALSE (bif->admin_up == 0))
     {
       *bond_sw_if_index = slave_sw_if_index;
       *error = node->errors[BOND_INPUT_ERROR_IF_DOWN];
+      return;
+    }
+
+  if (PREDICT_FALSE ((bif->mode == BOND_MODE_ACTIVE_BACKUP) &&
+		     vec_len (bif->active_slaves) &&
+		     (slave_sw_if_index != bif->active_slaves[0])))
+    {
+      *bond_sw_if_index = slave_sw_if_index;
+      *error = node->errors[BOND_INPUT_ERROR_PASSIVE_IF];
+      return;
     }
 
   *bond_sw_if_index = bif->sw_if_index;