GuestProgrammableMacVlanFiltering

From KVM
Revision as of 10:07, 16 November 2010 by Dragos.tatulea (talk | contribs)

guest programmable mac/vlan filtering with macvtap

This would be nice to have to be able to do bridging or use macvlan inside the guest.

We neet to be able to:

  • change mac address of the guest virtio-net interface.
  • create a vlan device on the guest virtio-net device
  • set promiscuous mode on guest virtio-net device
  • all this controllable by host admin

TODO:

  • There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
  • Implement ioctl+filtering in macvtap as well. Based on above patch MAC filtering information will be forwarded to the guest kernel via TUNSETTXFILTER (indirectly).
  • Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
  • Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.