bridge: add support for promiscuous mode

plugins/main/bridge/bridge.go

@@ -46,6 +46,7 @@ type NetConf struct {
 	IPMasq       bool   `json:"ipMasq"`
 	MTU          int    `json:"mtu"`
 	HairpinMode  bool   `json:"hairpinMode"`
+	PromiscMode  bool   `json:"promiscMode"`
 }
 
 type gwInfo struct {
@@ -196,7 +197,7 @@ func bridgeByName(name string) (*netlink.Bridge, error) {
 	return br, nil
 }
 
-func ensureBridge(brName string, mtu int) (*netlink.Bridge, error) {
+func ensureBridge(brName string, mtu int, promiscMode bool) (*netlink.Bridge, error) {
 	br := &netlink.Bridge{
 		LinkAttrs: netlink.LinkAttrs{
 			Name: brName,
@@ -214,6 +215,12 @@ func ensureBridge(brName string, mtu int) (*netlink.Bridge, error) {
 		return nil, fmt.Errorf("could not add %q: %v", brName, err)
 	}
 
+	if promiscMode {
+		if err := netlink.SetPromiscOn(br); err != nil {
+			return nil, fmt.Errorf("could not set promiscuous mode on %q: %v", brName, err)
+		}
+	}
+
 	// Re-fetch link to read all attributes and if it already existed,
 	// ensure it's really a bridge with similar configuration
 	br, err = bridgeByName(brName)
@@ -275,7 +282,7 @@ func calcGatewayIP(ipn *net.IPNet) net.IP {
 
 func setupBridge(n *NetConf) (*netlink.Bridge, *current.Interface, error) {
 	// create bridge if necessary
-	br, err := ensureBridge(n.BrName, n.MTU)
+	br, err := ensureBridge(n.BrName, n.MTU, n.PromiscMode)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create bridge %q: %v", n.BrName, err)
 	}
@@ -310,6 +317,10 @@ func cmdAdd(args *skel.CmdArgs) error {
 		n.IsGW = true
 	}
 
+	if n.HairpinMode && n.PromiscMode {
+		return fmt.Errorf("cannot set hairpin mode and promiscous mode at the same time.")
+	}
+
 	br, brInterface, err := setupBridge(n)
 	if err != nil {
 		return err