BUGFIX: We weren't correctly honouring requests to use a Linux bridge. This patch fixes it.

2025-02-25 18:55:32 -06:00 · 2024-02-05 11:33:32 -06:00 · 2024-02-05 11:33:32 -06:00 · 7180dd7950
commit 7180dd7950
parent 3ab165a591
1 changed files with 20 additions and 18 deletions
--- a/src/rust/lqos_sys/src/lqos_kernel.rs
+++ b/src/rust/lqos_sys/src/lqos_kernel.rs
@ -207,26 +207,28 @@ pub fn attach_xdp_and_tc_to_interface(
  // Attach to the ingress IF it is configured
  if let Ok(etc) = lqos_config::load_config() {
    if let Some(bridge) = &etc.bridge {
-      // Enable "promiscuous" mode on interfaces
-      info!("Enabling promiscuous mode on {}", &bridge.to_internet);
-      std::process::Command::new("/bin/ip")
-            .args(["link", "set", &bridge.to_internet, "promisc", "on"])
-            .output()?;
-      info!("Enabling promiscuous mode on {}", &bridge.to_network);
-      std::process::Command::new("/bin/ip")
-        .args(["link", "set", &bridge.to_network, "promisc", "on"])
-        .output()?;
+      if bridge.use_xdp_bridge {
+        // Enable "promiscuous" mode on interfaces
+        info!("Enabling promiscuous mode on {}", &bridge.to_internet);
+        std::process::Command::new("/bin/ip")
+              .args(["link", "set", &bridge.to_internet, "promisc", "on"])
+              .output()?;
+        info!("Enabling promiscuous mode on {}", &bridge.to_network);
+        std::process::Command::new("/bin/ip")
+          .args(["link", "set", &bridge.to_network, "promisc", "on"])
+          .output()?;

-      // Build the interface and vlan map entries
-      crate::bifrost_maps::clear_bifrost()?;
-      crate::bifrost_maps::map_multi_interface_mode(&bridge.to_internet, &bridge.to_network)?;
+        // Build the interface and vlan map entries
+        crate::bifrost_maps::clear_bifrost()?;
+        crate::bifrost_maps::map_multi_interface_mode(&bridge.to_internet, &bridge.to_network)?;

-      // Actually attach the TC ingress program
-      let error = unsafe {
-        bpf::tc_attach_ingress(interface_index as i32, false, skeleton)
-      };
-      if error != 0 {
-        return Err(Error::msg("Unable to attach TC Ingress to interface"));
+        // Actually attach the TC ingress program
+        let error = unsafe {
+          bpf::tc_attach_ingress(interface_index as i32, false, skeleton)
+        };
+        if error != 0 {
+          return Err(Error::msg("Unable to attach TC Ingress to interface"));
+        }
      }
    }