Allow the configuration files to specify the MAC address of network interfaces

AltraMayor / gatekeeper

The first open-source DDoS protection system

https://github.com/AltraMayor/gatekeeper/wiki

GNU General Public License v3.0

1.28k stars 226 forks source link

Allow the configuration files to specify the MAC address of network interfaces #473

Open AltraMayor opened 3 years ago

AltraMayor commented 3 years ago

For strict control of their networks, Internet exchanges have many filters in place to prescribe the allowed traffic. A class of these filters is on the MAC addresses of the interfaces connected to the IX. When one needs to replace the NIC that connects to the IX on a Gatekeeper server, being able to simply specify the MAC address to be used saves operation time.

AltraMayor commented 4 months ago

The kernel limits the MAC address that a KNI interface can have; for example, 01:02:03:04:05:06 is not allowed; it's likely the case because that address is multicast. One has to identify which MAC addresses are allowed to avoid bugs. A KNI interface will initialize with a random MAC address if the requested MAC address is not valid. rte_is_unicast_ether_addr() and its sisters may be helpful.

AltraMayor commented 4 months ago

Test scenarios for this issue:

A single interface as the front interface;
A single interface in LACP mode as the front interface;
Two interfaces in LACP mode as the front interface.

To solve this issue, both functions rte_eth_dev_default_mac_addr_set() and rte_eth_bond_mac_address_set() may be needed.