From b553a6b13c68cb72addde48281abe3f3b46e16a4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sun, 21 Feb 2016 14:11:34 +0100
Subject: sd-lldp: filter out LLDP messages coming from our own MAC address

Let's not get confused should we be connected to some bridge that mirrors back
our packets.
---
 src/libsystemd-network/lldp-internal.h |  2 ++
 src/libsystemd-network/sd-lldp.c       | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+)

(limited to 'src/libsystemd-network')

diff --git a/src/libsystemd-network/lldp-internal.h b/src/libsystemd-network/lldp-internal.h
index 279975b5c2..7592bc4305 100644
--- a/src/libsystemd-network/lldp-internal.h
+++ b/src/libsystemd-network/lldp-internal.h
@@ -45,6 +45,8 @@ struct sd_lldp {
         void *userdata;
 
         uint16_t capability_mask;
+
+        struct ether_addr filter_address;
 };
 
 #define log_lldp_errno(error, fmt, ...) log_internal(LOG_DEBUG, error, __FILE__, __LINE__, __func__, "LLDP: " fmt, ##__VA_ARGS__)
diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c
index 65cfa4e184..3af6133a4e 100644
--- a/src/libsystemd-network/sd-lldp.c
+++ b/src/libsystemd-network/sd-lldp.c
@@ -28,6 +28,7 @@
 #include "lldp-neighbor.h"
 #include "lldp-network.h"
 #include "socket-util.h"
+#include "ether-addr-util.h"
 
 #define LLDP_DEFAULT_NEIGHBORS_MAX 128U
 
@@ -99,6 +100,11 @@ static int lldp_add_neighbor(sd_lldp *lldp, sd_lldp_neighbor *n) {
         if (n->ttl <= 0)
                 return changed;
 
+        /* Filter out the filter address */
+        if (!ether_addr_is_null(&lldp->filter_address) &&
+            ether_addr_equal(&lldp->filter_address, &n->source_address))
+                return changed;
+
         /* Only add if the neighbor has a capability we are interested in. Note that we also store all neighbors with
          * no caps field set. */
         if (n->has_capabilities &&
@@ -438,3 +444,18 @@ _public_ int sd_lldp_match_capabilities(sd_lldp *lldp, uint16_t mask) {
 
         return 0;
 }
+
+_public_ int sd_lldp_set_filter_address(sd_lldp *lldp, const struct ether_addr *addr) {
+        assert_return(lldp, -EINVAL);
+
+        /* In order to deal nicely with bridges that send back our own packets, allow one address to be filtered, so
+         * that our own can be filtered out here. */
+
+        if (!addr) {
+                zero(lldp->filter_address);
+                return 0;
+        }
+
+        lldp->filter_address = *addr;
+        return 0;
+}
-- 
cgit v1.2.3-54-g00ecf