VPP-113: BVI shall filter unicast DMAC for L2 to L3 forwading

As BVI receive a packet with unicast DMAC from the BD, including unknown unicast flood packet, the packet should not be L3 forwarded unless its DMAC matches the MAC of the BVI. Change-Id: I46e18629c901062592c8ebe3a238c5cfdc1096b4 Signed-off-by: John Lo <loj@cisco.com>
author: John Lo <loj@cisco.com> 2016-06-04 00:02:37 -0400
committer: John Lo <loj@cisco.com> 2016-06-04 00:02:37 -0400
commit: 19042148849d2a71a79277f73aafbbd1b9478466 (patch)
tree: 82a713b4ee0a008f010fb3eacf5b60143584f01a /vnet/vnet/l2/l2_bvi.h
parent: 2671f1188d41313a6b54f5bd3d83973850f34934 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/vnet/vnet/l2/l2_bvi.h b/vnet/vnet/l2/l2_bvi.h
index b3b20d63104..54b7606e06a 100644
--- a/vnet/vnet/l2/l2_bvi.h
+++ b/vnet/vnet/l2/l2_bvi.h
@@ -25,7 +25,7 @@
 #include <vnet/l2/l2_input.h>
 
 #define TO_BVI_ERR_OK        0
-#define TO_BVI_ERR_TAGGED    1
+#define TO_BVI_ERR_BAD_MAC   1
 #define TO_BVI_ERR_ETHERTYPE 2
 
 // Send a packet from L2 processing to L3 via the BVI interface.
@@ -43,6 +43,17 @@ l2_to_bvi (vlib_main_t * vlib_main,
   u8 l2_len;
   u16 ethertype;
   u8 * l3h;
+  ethernet_header_t * e0;
+  vnet_hw_interface_t * hi;
+
+  e0 = vlib_buffer_get_current (b0);
+  hi = vnet_get_sup_hw_interface (vnet_main, bvi_sw_if_index);
+
+  // Perform L3 my-mac filter
+  if ((!ethernet_address_cast(e0->dst_address)) &&
+      (!eth_mac_equal((u8 *)e0, hi->hw_address))) {
+      return TO_BVI_ERR_BAD_MAC;
+  }
 
   // Save L2 header position which may be changed due to packet replication
   vnet_buffer (b0)->ethernet.start_of_ethernet_header = b0->current_data;
author	John Lo <loj@cisco.com>	2016-06-04 00:02:37 -0400
committer	John Lo <loj@cisco.com>	2016-06-04 00:02:37 -0400
commit	19042148849d2a71a79277f73aafbbd1b9478466 (patch)
tree	82a713b4ee0a008f010fb3eacf5b60143584f01a /vnet/vnet/l2/l2_bvi.h
parent	2671f1188d41313a6b54f5bd3d83973850f34934 (diff)