Add a small utility that uses a kprobe to extract the currently active
slave ifindex from a bond interface. This value is normally only exported
to userspace for bond types where it can be explicitly set, but the bond
driver has an internal notion of an active interface regardless of the bond
type. We can extract this value with a kprobe by attaching to a function in
the bond driver and triggering an operation that causes this function to be
called.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Filter not only the multicast packets themselves, but also any IGMP (and
ICMPv6 MLD) packets coming in on multiple interfaces.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Add a debug mode to pkt-loop-filter that outputs debug messages for every
dropped packet (with the reason it was dropped). Also add a small script to
read the kernel trace pipe, after making sure tracing is active (otherwise
there will be no output in the pipe).
The source MAC address+VLAN is squeezed into a single u64 when printing as
a quick workaround to the lack of MAC address printing in BPF printk.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Multicast, which also includes broadcast, frames can be identified by
looking at the LSB of the first octet of the destination MAC address.
Original-patch-by: Jonathan Toppins <jtoppins@redhat.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This adds filtering of multicast traffic to the set of interfaces. The
filtering works by marking one of the interfaces as "primary" (which is
just the first interface name that is supplied on the command line) and
filtering everything with an all-ones destination MAC address if it's
coming in on any interface that's not the primary one.
To handle interfaces going down, we actually supply all the ifindexes to
the BPF program, and also install a tracing hook that listens to ifdown
events and switches the logic to the next ifindex in the sequence if the
primary one goes down. This is a bit rudimentary but should at least
provide basic filtering.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This is needed to be able to react to interfaces going down so we can
allow multicast on a secondary interface if the primary goes down. We don't
actually react to the event yet, just print it; handling this will be added
in a subsequent commit.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Add an example to filter looping packets on (for instance) a bond
interface, by recording the egress MAC+VLAN and dropping any packets that
come in on other (related) interfaces with the same MAC+VLAN.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
