From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dor Laor Subject: Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config Date: Thu, 15 Jan 2009 00:08:52 +0200 Message-ID: <496E6274.6050707@redhat.com> References: <1231881829.9095.191.camel@bling> <496DB8D1.2070101@redhat.com> <1231947298.7109.262.camel@lappy> <20090114164155.GA6431@shareable.org> Reply-To: dlaor@redhat.com Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Mark McLoughlin , kvm To: qemu-devel@nongnu.org Return-path: Received: from mx2.redhat.com ([66.187.237.31]:59482 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753690AbZANWIe (ORCPT ); Wed, 14 Jan 2009 17:08:34 -0500 In-Reply-To: <20090114164155.GA6431@shareable.org> Sender: kvm-owner@vger.kernel.org List-ID: Jamie Lokier wrote: > Alex Williamson wrote: > >>> What if the guest will chose the host's mac? >>> Thinking about it, I don't think we should test that. >>> A concerned host mgmt app can add ebtables roles for such a case. >>> >>> Maybe we can optionally allow/deny it? >>> >> What's the topology you're thinking of that the virtio-net MAC is also >> the host MAC? I typically use a bridge with a tap device, so the >> virtio-net MAC is isolated from the host. Thanks, >> > > For example you might forward IPX packets to the guest and IP/ARP to > the host, using an ebtables rule to distinguish them. From the > outside, it would look equivalent to a single host processing both IPX > and IP. > > -- Jamie > > That's a nice common scenario ;) What I meant is that if we allow the guest to change his mac address, it can deliberately change it to other hosts/guests mac and thus create networking problems. Although guest can always mangle packets, maybe it worth enforcing these macs for the guest. Thanks, Dor