vxlan: support group-based policy

With this change, the vxlan backend may be configured to create GBP-enabled
vxlan devices.

README.md

@@ -72,6 +72,7 @@ This is the only mandatory key.
   * `Type` (string): `vxlan`
   * `VNI`  (number): VXLAN Identifier (VNI) to be used. Defaults to 1.
   * `Port` (number): UDP port to use for sending encapsulated packets. Defaults to kernel default, currently 8472.
+  * `GBP` (boolean): Enable [VXLAN Group Based Policy](https://github.com/torvalds/linux/commit/3511494ce2f3d3b77544c79b87511a4ddb61dc89).  Defaults to false.
 
 * host-gw: create IP routes to subnets via remote machine IPs.
   Note that this requires direct layer2 connectivity between hosts running flannel.

backend/vxlan/device.go

@@ -34,6 +34,7 @@ type vxlanDeviceAttrs struct {
 	vtepIndex int
 	vtepAddr  net.IP
 	vtepPort  int
+	gbp       bool
 }
 
 type vxlanDevice struct {
@@ -61,6 +62,7 @@ func newVXLANDevice(devAttrs *vxlanDeviceAttrs) (*vxlanDevice, error) {
 		SrcAddr:      devAttrs.vtepAddr,
 		Port:         devAttrs.vtepPort,
 		Learning:     false,
+		GBP:          devAttrs.gbp,
 	}
 
 	link, err := ensureLink(link)

backend/vxlan/vxlan.go

@@ -70,6 +70,7 @@ func (be *VXLANBackend) RegisterNetwork(ctx context.Context, network string, con
 	cfg := struct {
 		VNI  int
 		Port int
+		GBP  bool
 	}{
 		VNI: defaultVNI,
 	}
@@ -86,6 +87,7 @@ func (be *VXLANBackend) RegisterNetwork(ctx context.Context, network string, con
 		vtepIndex: be.extIface.Iface.Index,
 		vtepAddr:  be.extIface.IfaceAddr,
 		vtepPort:  cfg.Port,
+		gbp:       cfg.GBP,
 	}
 
 	dev, err := newVXLANDevice(&devAttrs)