Support running Gatekeeper and Grantor on KVM

[AltraMayor]

While running Gatekeeper on KVM, a couple of issues have been identified.

The following log entry is likely the biggest issue here since it means that Gatekeeper is not properly parsing packets. GATEKEEPER: l2: gk: invalid Ethernet field or frame not Ethernet II:38 The current L2 implementation in Gatekeeper doesn't support alternatives to Ethernet II.

IPv6 multicast addresses in the format 0x33-33-mm-mm-mm-mm are not being properly handled. Log entry example:

GATEKEEPER: acl: a packet failed to match any ACL rules, the whole packet is dumped below:
dump mbuf at 0x10f09c040, iova=5769c0d0, buf_len=2176
  pkt_len=90, ol_flags=0, nb_segs=1, in_port=1
  segment at 0x10f09c040, data=0x10f09c150, data_len=90
  Dump data at [0x10f09c150], len=90
00000000: 33 33 00 00 00 16 FE 54 00 4B 73 5F 86 DD 60 00 | 33.....T.Ks_..`.
00000010: 00 00 00 24 00 01 00 00 00 00 00 00 00 00 00 00 | ...$............
00000020: 00 00 00 00 00 00 FF 02 00 00 00 00 00 00 00 00 | ................
00000030: 00 00 00 00 00 16 3A 00 05 02 00 00 01 00 8F 00 | ......:.........
00000040: FB DF 00 00 00 01 04 00 00 00 FF 02 00 00 00 00 | ................
00000050: 00 00 00 00 00 01 FF 4B 73 5F                   | .......Ks_

Information about these multicast addresses can be found in the article Mapping IPv6 Multicast Addresses to Ethernet Addresses. One has to investigate if Gatekeeper has to do something with these packets or just silently dropping them.

See this Gatekeeper log for examples of the issues described above.

Supporting KVM will enable Gatekeeper to be deployed on more cloud providers and be an easier alternative to test Gatekeeper.