ip: Add nodst option to macvlan type source

The default behavior for source MACVLAN is to duplicate packets to
appropriate type source devices, and then do the normal destination MACVLAN
flow. This patch adds an option to skip destination MACVLAN processing if
any matching source MACVLAN device has the option set.

This allows setting up a "catch all" device for source MACVLAN: create one
or more devices with type source nodst, and one device with e.g. type vepa,
and incoming traffic will be received on exactly one device.

Signed-off-by: Jethro Beekman <kernel@jbeekman.nl>
Signed-off-by: David Ahern <dsahern@kernel.org>

diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c
index 302a3748d7b2ace02fd8952c93835489db4d0bfa..9c109ef614f09c7e56aa824bb1534b3d4383d5d1 100644 (file)
--- a/ip/iplink_macvlan.c
+++ b/ip/iplink_macvlan.c
@@ -33,7 +33,7 @@ static void print_explain(struct link_util *lu, FILE *f)
                "Usage: ... %s mode MODE [flag MODE_FLAG] MODE_OPTS [bcqueuelen BC_QUEUE_LEN]\n"
                "\n"
                "MODE: private | vepa | bridge | passthru | source\n"
-               "MODE_FLAG: null | nopromisc\n"
+               "MODE_FLAG: null | nopromisc | nodst\n"
                "MODE_OPTS: for mode \"source\":\n"
                "\tmacaddr { { add | del } <macaddr> | set [ <macaddr> [ <macaddr>  ... ] ] | flush }\n"
                "BC_QUEUE_LEN: Length of the rx queue for broadcast/multicast: [0-4294967295]\n",
@@ -58,7 +58,7 @@ static int mode_arg(const char *arg)
 static int flag_arg(const char *arg)
 {
        fprintf(stderr,
-               "Error: argument of \"flag\" must be \"nopromisc\" or \"null\", not \"%s\"\n",
+               "Error: argument of \"flag\" must be \"nopromisc\", \"nodst\" or \"null\", not \"%s\"\n",
                arg);
        return -1;
 }
@@ -102,6 +102,8 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv,
 
                        if (strcmp(*argv, "nopromisc") == 0)
                                flags |= MACVLAN_FLAG_NOPROMISC;
+                       else if (strcmp(*argv, "nodst") == 0)
+                               flags |= MACVLAN_FLAG_NODST;
                        else if (strcmp(*argv, "null") == 0)
                                flags |= 0;
                        else
@@ -159,6 +161,9 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv,
                } else if (matches(*argv, "nopromisc") == 0) {
                        flags |= MACVLAN_FLAG_NOPROMISC;
                        has_flags = 1;
+               } else if (matches(*argv, "nodst") == 0) {
+                       flags |= MACVLAN_FLAG_NODST;
+                       has_flags = 1;
                } else if (matches(*argv, "bcqueuelen") == 0) {
                        __u32 bc_queue_len;
                        NEXT_ARG();
@@ -229,6 +234,9 @@ static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]
        if (flags & MACVLAN_FLAG_NOPROMISC)
                print_bool(PRINT_ANY, "nopromisc", "nopromisc ", true);
 
+       if (flags & MACVLAN_FLAG_NODST)
+               print_bool(PRINT_ANY, "nodst", "nodst ", true);
+
        if (tb[IFLA_MACVLAN_BC_QUEUE_LEN] &&
                RTA_PAYLOAD(tb[IFLA_MACVLAN_BC_QUEUE_LEN]) >= sizeof(__u32)) {
                __u32 bc_queue_len = rta_getattr_u32(tb[IFLA_MACVLAN_BC_QUEUE_LEN]);

diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index fd67e611e947471c9a378aa850528eb03762ad72..b257f5731f1e70f7c789484df424c5c6de3fa001 100644 (file)
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -1354,7 +1354,7 @@ the following additional arguments are supported:
 .BI "ip link add link " DEVICE " name " NAME
 .BR type " { " macvlan " | " macvtap " } "
 .BR mode " { " private " | " vepa " | " bridge " | " passthru
-.RB " [ " nopromisc " ] | " source " } "
+.RB " [ " nopromisc " ] | " source " [ " nodst " ] } "
 .RB " [ " bcqueuelen " { " LENGTH " } ] "
 
 .in +8
@@ -1393,12 +1393,15 @@ forces the underlying interface into promiscuous mode. Passing the
 .BR nopromisc " flag prevents this, so the promisc flag may be controlled "
 using standard tools.
 
-.B mode source
+.BR mode " " source " [ " nodst " ] "
 - allows one to set a list of allowed mac address, which is used to match
 against source mac address from received frames on underlying interface. This
 allows creating mac based VLAN associations, instead of standard port or tag
 based. The feature is useful to deploy 802.1x mac based behavior,
-where drivers of underlying interfaces doesn't allows that.
+where drivers of underlying interfaces doesn't allows that. By default, packets
+are also considered (duplicated) for destination-based MACVLAN. Passing the
+.BR nodst " flag stops matching packets from also going through the "
+destination-based flow.
 
 .BR bcqueuelen " { " LENGTH " } "
 - Set the length of the RX queue used to process broadcast and multicast packets.