From 7180dd7950c5f11a91971222ca90c3a409b30f92 Mon Sep 17 00:00:00 2001
From: Herbert Wolverson <herberticus@gmail.com>
Date: Mon, 5 Feb 2024 11:33:32 -0600
Subject: [PATCH] BUGFIX: We weren't correctly honouring requests to use a
 Linux bridge. This patch fixes it.

---
 src/rust/lqos_sys/src/lqos_kernel.rs | 38 +++++++++++++++-------------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/src/rust/lqos_sys/src/lqos_kernel.rs b/src/rust/lqos_sys/src/lqos_kernel.rs
index 66746369..405d865b 100644
--- a/src/rust/lqos_sys/src/lqos_kernel.rs
+++ b/src/rust/lqos_sys/src/lqos_kernel.rs
@@ -207,26 +207,28 @@ pub fn attach_xdp_and_tc_to_interface(
   // Attach to the ingress IF it is configured
   if let Ok(etc) = lqos_config::load_config() {
     if let Some(bridge) = &etc.bridge {
-      // Enable "promiscuous" mode on interfaces
-      info!("Enabling promiscuous mode on {}", &bridge.to_internet);
-      std::process::Command::new("/bin/ip")
-            .args(["link", "set", &bridge.to_internet, "promisc", "on"])
-            .output()?;
-      info!("Enabling promiscuous mode on {}", &bridge.to_network);
-      std::process::Command::new("/bin/ip")
-        .args(["link", "set", &bridge.to_network, "promisc", "on"])
-        .output()?;
+      if bridge.use_xdp_bridge {
+        // Enable "promiscuous" mode on interfaces
+        info!("Enabling promiscuous mode on {}", &bridge.to_internet);
+        std::process::Command::new("/bin/ip")
+              .args(["link", "set", &bridge.to_internet, "promisc", "on"])
+              .output()?;
+        info!("Enabling promiscuous mode on {}", &bridge.to_network);
+        std::process::Command::new("/bin/ip")
+          .args(["link", "set", &bridge.to_network, "promisc", "on"])
+          .output()?;
 
-      // Build the interface and vlan map entries
-      crate::bifrost_maps::clear_bifrost()?;
-      crate::bifrost_maps::map_multi_interface_mode(&bridge.to_internet, &bridge.to_network)?;
+        // Build the interface and vlan map entries
+        crate::bifrost_maps::clear_bifrost()?;
+        crate::bifrost_maps::map_multi_interface_mode(&bridge.to_internet, &bridge.to_network)?;
 
-      // Actually attach the TC ingress program
-      let error = unsafe {
-        bpf::tc_attach_ingress(interface_index as i32, false, skeleton)
-      };
-      if error != 0 {
-        return Err(Error::msg("Unable to attach TC Ingress to interface"));
+        // Actually attach the TC ingress program
+        let error = unsafe {
+          bpf::tc_attach_ingress(interface_index as i32, false, skeleton)
+        };
+        if error != 0 {
+          return Err(Error::msg("Unable to attach TC Ingress to interface"));
+        }
       }
     }