GuestProgrammableMacVlanFiltering

From KVM
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

guest programmable mac/vlan filtering with macvtap

This would be nice to have to be able to do bridging or use macvlan inside the guest.

We neet to be able to:

  • change mac address of the guest virtio-net interface.
  • create a vlan device on the guest virtio-net device
  • set promiscuous mode on guest virtio-net device
  • all this controllable by host admin



TODO:

  • There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
  • Implement filtering in macvtap. The filtering information will be received through TUNSETTXFILTER ioctl (by above patch).
  • Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
  • Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.


QEMU:

  • Amos Kong works on QEMU side [2] to add event notification when guest change rx-filter config (main-mac, rx-mode, mac-table, vlan-table). Libvirt will query the rx-filter config from monitor (query-rx-filter), then sync the change to host device.
Retrieved from "https://linux-kvm.org/index.php?title=GuestProgrammableMacVlanFiltering&oldid=173280"