Loop created when using tc mirred action in linux transparent bridging

[Morgan Yang]

Hi All:

I have been working on a solution that would us tc mirrer action to mirror virtual machine traffic to a gretap tunnel. I have noticed the following setup always cause a kernel crash. 

Upon reading jamal's notes at https://github.com/shemminger/iproute2/blob/master/doc/actions/mirred-usage, it seems to be due to loop.

Here a rough picture of my setup

<Eth1> -> <Br0> -> <Vnet0> -> (tc mirred) -> Tun0 -> <Eth1>

I have a hardware limitation so I can not add additional NIC's for isolation. I also can not use redirect as it would blackhole the packets.

On the brighter side, the issue does not happen with NAT bridge, only transparent bridging. 

I have tried different ways to mitigate this, such as adding "action drop" based on IP src and IP dst, but it seems the filters never catch anything and the system would always crash.

Does anyone have any suggestions to mitigate this?

Much Thanks

Morgan Yang