From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MEB5Y-0006HG-Mh
	for qemu-devel@nongnu.org; Tue, 09 Jun 2009 19:50:44 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MEB5U-0006Fa-42
	for qemu-devel@nongnu.org; Tue, 09 Jun 2009 19:50:44 -0400
Received: from [199.232.76.173] (port=45975 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MEB5T-0006FT-SH
	for qemu-devel@nongnu.org; Tue, 09 Jun 2009 19:50:39 -0400
Received: from mail2.shareable.org ([80.68.89.115]:44269)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1MEB5T-0007EN-Ax
	for qemu-devel@nongnu.org; Tue, 09 Jun 2009 19:50:39 -0400
Date: Wed, 10 Jun 2009 00:50:31 +0100
From: Jamie Lokier <jamie@shareable.org>
Message-ID: <20090609235031.GA15362@shareable.org>
References: <20090605204647.3355.81929.stgit@kvm.aw>
	<20090605204718.3355.28647.stgit@kvm.aw>
	<20090606204845.GC26877@redhat.com>
	<7162ab20906081201y4c598899mdfd5d42c42e17038@mail.gmail.com>
	<4A2D63EC.9040003@codemonkey.ws>
	<20090608192911.GA32168@redhat.com>
	<4A2D7CB6.5060101@codemonkey.ws> <20090609095701.GC1480@redhat.com>
	<20090609150012.GA3921@shareable.org>
	<4A2E82E8.6050209@siemens.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4A2E82E8.6050209@siemens.com>
Subject: [Qemu-devel] Re: [PATCH 6/7] virtio-net: Add new RX filter controls
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: qemu-devel@nongnu.org, Alex Williamson <alex.williamson@hp.com>, "Michael S. Tsirkin" <mst@redhat.com>

Jan Kiszka wrote:
> > The pcap interface is close to that for ease of configurability, but a
> > bridge would behave better, especially with multiple VMs, and maybe
> > perform better.
> 
> Pcap on Linux suffers from the limitation that injected packets are not
> visible to the host, thus guest<->host communication doesn't work.

Ew.

> The same is true for PF_PACKET (or does libpcap actually use that
> internally?).

Yes it does.

> Haven't analyzed the reasons in details yet, but I bet
> it's not solvable in user space.

I think that's probably right, and good solutions would be:

   - A new option to the kernel bridging to attach a bridge
     to an existing net interface in a way which allows the interface's IP
     configuration to keep working

   - An alternate pcap mode which makes packets visible to the host.

   - An "auto-bridging" tap device mode, where it's told which network
     interface to bridge to, with an invisible bridge.

Bridging would be better than pcap because it can more easily take
advantage of multiple MAC address support in the network interface
(like macvlan), to filter properly, although I don't know if the
existing Linux bridge code does that.  And it more closely resembles
what you'd do with physical machines instead of VMs, which is plug
them into a switch.

-- Jamie