From KVM
Line 8: Line 8:
 
* set promiscuous mode on guest virtio-net device
 
* set promiscuous mode on guest virtio-net device
 
* all this controllable by host admin
 
* all this controllable by host admin
 +
 +
 +
 +
  
 
TODO:
 
TODO:
Line 17: Line 21:
  
 
* Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.
 
* Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.
 +
 +
 +
QEMU:
 +
 +
* Amos Kong works on QEMU side [http://lists.nongnu.org/archive/html/qemu-devel/2013-06/msg00658.html] to add event notification when guest change rx-filter config (main-mac, rx-mode, mac-table, vlan-table). Libvirt will query the rx-filter config from monitor (query-rx-filter), then sync the change to host device.

Revision as of 11:59, 5 June 2013

guest programmable mac/vlan filtering with macvtap

This would be nice to have to be able to do bridging or use macvlan inside the guest.

We neet to be able to:

  • change mac address of the guest virtio-net interface.
  • create a vlan device on the guest virtio-net device
  • set promiscuous mode on guest virtio-net device
  • all this controllable by host admin



TODO:

  • There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
  • Implement filtering in macvtap. The filtering information will be received through TUNSETTXFILTER ioctl (by above patch).
  • Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
  • Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.


QEMU:

  • Amos Kong works on QEMU side [2] to add event notification when guest change rx-filter config (main-mac, rx-mode, mac-table, vlan-table). Libvirt will query the rx-filter config from monitor (query-rx-filter), then sync the change to host device.