From 5e80932275419e688b3ad608d6371867953fe4b9 Mon Sep 17 00:00:00 2001
From: Ethan Jackson <ethan@nicira.com>
Date: Wed, 11 May 2011 17:55:41 -0700
Subject: [PATCH] cfm: No longer trigger fault upon unexpected ccm_interval.

According to the 802.1ag specification, when a CCM is received
which advertises a misconfigured transmission interval, a fault
should be triggered.  This patch goes against the spec by simply
warning when this happens.  This is done for several reasons.

  - Faults can cause controllers to make potentially expensive
    changes in the network topology.
  - Faults can be maliciously triggered by crafting invalid CCMs.
  - Reducing the number of places in the code where rmp->fault and
    cfm->fault are changed makes the code easier to debug and
    reason about.
---
 lib/cfm.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/cfm.c b/lib/cfm.c
index a504714cf..943cfc10d 100644
--- a/lib/cfm.c
+++ b/lib/cfm.c
@@ -378,6 +378,15 @@ cfm_process_heartbeat(struct cfm *cfm, const struct ofpbuf *p)
         return;
     }
 
+    /* According to the 802.1ag specification, reception of a CCM with an
+     * incorrect ccm_interval should trigger a fault.  We ignore this
+     * requirement for several reasons.
+     *
+     * Faults can cause a controller or Open vSwitch to make potentially
+     * expensive changes to the network topology.  It seems prudent to trigger
+     * them judiciously, especially when CFM is used to check slave status of
+     * bonds. Furthermore, faults can be maliciously triggered by crafting
+     * invalid CCMs. */
     if (memcmp(ccm->maid, cfm->maid, sizeof ccm->maid)) {
         cfmi->x_recv_time = time_msec();
         cfm->fault = true;
@@ -391,8 +400,12 @@ cfm_process_heartbeat(struct cfm *cfm, const struct ofpbuf *p)
 
         if (rmp) {
             rmp->recv_time = time_msec();
-            rmp->fault = ccm_interval != cfmi->ccm_interval;
-            cfm->fault = rmp->fault || cfm->fault;
+
+            if (ccm_interval != cfmi->ccm_interval) {
+                VLOG_WARN_RL(&rl, "received a CCM with an invalid interval"
+                             " (%"PRIu8") from RMP %"PRIu16, ccm_interval,
+                             rmp->mpid);
+            }
         } else {
             cfmi->x_recv_time = time_msec();
             cfm->fault = true;
-- 
2.43.0