GuestProgrammableMacVlanFiltering: Difference between revisions

From KVM
No edit summary
 
m (Add categories)
 
(8 intermediate revisions by 2 users not shown)
Line 8: Line 8:
* set promiscuous mode on guest virtio-net device
* set promiscuous mode on guest virtio-net device
* all this controllable by host admin
* all this controllable by host admin


TODO:
TODO:
* There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
* There's a patch [http://thread.gmane.org/gmane.comp.emulators.qemu/37714/focus=37719] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
 
* Implement filtering in macvtap. The filtering information will be received through TUNSETTXFILTER ioctl (by above patch).
 
* Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
 
* Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.
 


* Implement VIRTIO_NET_F_MAC, VIRTIO_NET_F_CTRL_VLAN handling in qemu virtio-net. These capabilities are advertised but commands are silently dropped.
QEMU:


* Control should be done via qemu capabilities. Need a way to disable access that qemu can't override unless it has net admin capability.
* Amos Kong works on QEMU side [http://git.qemu.org/?p=qemu.git;a=commit;h=b1be42803b31a913bab65bab563a8760ad2e7f7f] to add event notification when guest change rx-filter config (main-mac, rx-mode, mac-table, vlan-table). Libvirt will query the rx-filter config from monitor (query-rx-filter), then sync the change to host device.


http://thread.gmane.org/gmane.comp.emulators.qemu/37714/focus=37719
[[Category:TODO]][[Category:Docs]][[Category:Networking]]

Latest revision as of 15:51, 16 May 2015

guest programmable mac/vlan filtering with macvtap

This would be nice to have to be able to do bridging or use macvlan inside the guest.

We neet to be able to:

  • change mac address of the guest virtio-net interface.
  • create a vlan device on the guest virtio-net device
  • set promiscuous mode on guest virtio-net device
  • all this controllable by host admin



TODO:

  • There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
  • Implement filtering in macvtap. The filtering information will be received through TUNSETTXFILTER ioctl (by above patch).
  • Implement promiscuous mode in guest virtio-net driver. No ideas here, yet.
  • Control should be done via qemu/virtio features. Need a way to disable access that qemu can't override unless it has net admin capability.


QEMU:

  • Amos Kong works on QEMU side [2] to add event notification when guest change rx-filter config (main-mac, rx-mode, mac-table, vlan-table). Libvirt will query the rx-filter config from monitor (query-rx-filter), then sync the change to host device.
Retrieved from "https://linux-kvm.org/index.php?title=GuestProgrammableMacVlanFiltering&oldid=173280"