Topi Wala <walatopi@xxxxxxxxx> writes: > Hi, > > I've installed an xdp-filter (dny_all) on my tap interface (and am > only letting through L2 packets that match my src/dst mac), and it > still lets through NDv6 traffic. Do L2 multicast packets not get > "received" by the xdp filter? Running tcpdump inside Qemu linux > connected to this tap interface shows me NDv6 multicast packets from > the ToR switch. All packets should be received by the XDP program; but only in the ingress direction. So what do mean "running tcpdump inside the qemu instance"? That sounds like you're talking about packets going *out* of the TAP interface from the host PoV? XDP won't see those (you'll have to run the program on the physical interface). -Toke
|