GuestProgrammableMacVlanFiltering: Difference between revisions
From KVM
No edit summary |
No edit summary |
||
| Line 10: | Line 10: | ||
TODO: | TODO: | ||
* There's a patch [ | * There's a patch [http://thread.gmane.org/gmane.comp.emulators.qemu/37714/focus=37719] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments. | ||
* Implement VIRTIO_NET_F_MAC, VIRTIO_NET_F_CTRL_VLAN handling in qemu virtio-net. These capabilities are advertised but commands are silently dropped. | * Implement VIRTIO_NET_F_MAC, VIRTIO_NET_F_CTRL_VLAN handling in qemu virtio-net. These capabilities are advertised but commands are silently dropped. | ||
* Control should be done via qemu capabilities. Need a way to disable access that qemu can't override unless it has net admin capability. | * Control should be done via qemu capabilities. Need a way to disable access that qemu can't override unless it has net admin capability. | ||
Revision as of 12:01, 1 November 2010
guest programmable mac/vlan filtering with macvtap
This would be nice to have to be able to do bridging or use macvlan inside the guest.
We neet to be able to:
- change mac address of the guest virtio-net interface.
- create a vlan device on the guest virtio-net device
- set promiscuous mode on guest virtio-net device
- all this controllable by host admin
TODO:
- There's a patch [1] proposed by Alex Williamson to do TX mac filtering in TUN. It's still in RFC state, no recent activity in thread. Try rewrite based on comments.
- Implement VIRTIO_NET_F_MAC, VIRTIO_NET_F_CTRL_VLAN handling in qemu virtio-net. These capabilities are advertised but commands are silently dropped.
- Control should be done via qemu capabilities. Need a way to disable access that qemu can't override unless it has net admin capability.