NDv6 and xdp-filter

NDv6 and xdp-filter

[Topi Wala]

Hi,

I've installed an xdp-filter (dny_all) on my tap interface (and am
only letting through L2 packets that match my src/dst mac), and it
still lets through NDv6 traffic. Do L2 multicast packets not get
"received" by the xdp filter? Running tcpdump inside Qemu linux
connected to this tap interface shows me NDv6 multicast packets from
the ToR switch.

Thanks,
Hari

Re: NDv6 and xdp-filter

[Toke Høiland-Jørgensen]

Topi Wala <walatopi@gmail.com> writes:

> Hi,
>
> I've installed an xdp-filter (dny_all) on my tap interface (and am
> only letting through L2 packets that match my src/dst mac), and it
> still lets through NDv6 traffic. Do L2 multicast packets not get
> "received" by the xdp filter? Running tcpdump inside Qemu linux
> connected to this tap interface shows me NDv6 multicast packets from
> the ToR switch.

All packets should be received by the XDP program; but only in the
ingress direction. So what do mean "running tcpdump inside the qemu
instance"? That sounds like you're talking about packets going *out* of
the TAP interface from the host PoV? XDP won't see those (you'll have to
run the program on the physical interface).

-Toke