Proxmox offers various constructs for building virtual networks. We’ll focus on using bridges to emulate physical links, as we did in UNetLa

Proxmox offers various constructs for building virtual networks. We’ll focus on using bridges to emulate physical links, as we did in UNetLab v1.

Linux bridges handle frames differently:

• Broadcast frames are forwarded to all ports.
• Multicast frames are forwarded to a subset of ports.
• Peer-to-peer frames are not forwarded.
• All other frames are forwarded to all ports.

Key files in the Linux Kernel sources  are br_input.c and br_sysfs_br.c.

In br_input.c, the br_handle_frame function decides whether to forward or discard frames based on the destination MAC address. Frames with destination 0x01 are always discarded. A mask  called fwd_mask affects the function’s outcome in some cases.

We aim to introduce the mask concept for the 0x01 case as well.

In br_sysfs_br.c, the set_group_fwd_mask function sometimes prevents evaluating the group_fwd_mask. We will modify this to always evaluate the mask.

With a modified kernel, you can control the /sys/class/net/vmbr1/bridge/group_fwd_mask mask to enable or disable forwarding any packet. Our modified kernel allows values up to 65535, forwarding any frame, achieving our goal.

Compiling the Kernel

Continue reading the post on Patreon .