GuestProgrammableMacVlanFiltering: Difference between revisions

From KVM
No edit summary
No edit summary
Line 12: Line 12:
* There's a patch [http://thread.gmane.org/gmane.comp.emulators.qemu/37714/focus=37719] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
* There's a patch [http://thread.gmane.org/gmane.comp.emulators.qemu/37714/focus=37719] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.


* Implement VIRTIO_NET_F_MAC, VIRTIO_NET_F_CTRL_VLAN handling in qemu virtio-net. These capabilities are advertised but commands are silently dropped.
* Implement ioctl+filtering in macvtap as well. Based on above patch MAC filtering information will be forwarded to the guest kernel via TUNSETTXFILTER (indirectly).  


* Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
* Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.


* Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.
* Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.

Revision as of 09:07, 16 November 2010

guest programmable mac/vlan filtering with macvtap

This would be nice to have to be able to do bridging or use macvlan inside the guest.

We neet to be able to:

  • change mac address of the guest virtio-net interface.
  • create a vlan device on the guest virtio-net device
  • set promiscuous mode on guest virtio-net device
  • all this controllable by host admin

TODO:

  • There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
  • Implement ioctl+filtering in macvtap as well. Based on above patch MAC filtering information will be forwarded to the guest kernel via TUNSETTXFILTER (indirectly).
  • Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
  • Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.
Retrieved from "https://linux-kvm.org/index.php?title=GuestProgrammableMacVlanFiltering&oldid=3394"