From: Anthony Liguori <anthony@codemonkey.ws>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, Alex Williamson <alex.williamson@hp.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 6/7] virtio-net: Add new RX filter controls
Date: Mon, 08 Jun 2009 16:03:50 -0500 [thread overview]
Message-ID: <4A2D7CB6.5060101@codemonkey.ws> (raw)
In-Reply-To: <20090608192911.GA32168@redhat.com>
Daniel P. Berrange wrote:
> On Mon, Jun 08, 2009 at 02:18:04PM -0500, Anthony Liguori wrote:
>
>> Alex Williamson wrote:
>>
>>> e1000 also allows the driver to selectively enable/disable RX of
>>> packets to the broadcast address. This is replicated with the
>>> all/no-bcast options. Finally, there may be cases where we want to
>>> receive only unicast or only multicast address for special purpose
>>> network devices. This is provided by the nouni and nomulti options.
>>> A proprietary guest know as DMX intends to make use of these extra
>>> modes. Are there any other interesting, useful and lightweight packet
>>> filters we could implement? Thanks,
>>>
>>>
>> I've been thinking about whether doing VLAN filtering/tagging within
>> QEMU would make sense. It could potentially simplify bridge setups
>> tremendously. Today, if you want to isolate VMs on separate vlans, it
>> involves creating multiple bridges which gets ugly quickly.
>>
>
> The downside of that would be that you're trusting the integrity of
> QEMU for VLAN filtering. If QEMU got compromised then it could get
> outside the configured VLAN, which is not possible if the VLAN stuff
> is done by the kernel (assuming the QEMU process does not have the
> capabilities to add itself to other bridges).
>
I guess that you can do:
tunctl -p -t tap0
ifconfig tap0 0.0.0.0 up
vconfig add tap0 32
brctl addif br0 tap0
And then use tap0.32 as your device for QEMU. The awkward thing though
is that I don't think you can use TUNSETIFF to set the tun device name
to tap0.32.
But basically, this is the level of functionality that I think is need.
The current mechanism of:
vconfig add eth0 32
brctl addif br0 eth0.32
tunctl -p -t tap0
ifconfig tap0 0.0.0.0 up
brctl addif br0 tap0
Is a pain because then you need a bridge for every possible vlan.
Things get even more complicated when you have to deal with live
migration and nested vlan tags.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2009-06-08 21:04 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-05 20:46 [Qemu-devel] [PATCH 0/7] virtio-net: Filter cleanup/improvements Alex Williamson
2009-06-05 20:46 ` [Qemu-devel] [PATCH 1/7] virtio-net: Add version_id 7 placeholder for vnet header support Alex Williamson
2009-06-05 20:46 ` [Qemu-devel] [PATCH 2/7] virtio-net: Use a byte to store RX mode flags Alex Williamson
2009-06-05 20:47 ` [Qemu-devel] [PATCH 3/7] virtio-net: reorganize receive_filter() Alex Williamson
2009-06-05 20:47 ` [Qemu-devel] [PATCH 4/7] virtio-net: Fix MAC filter overflow handling Alex Williamson
2009-06-05 20:47 ` [Qemu-devel] [PATCH 5/7] virtio-net: MAC filter optimization Alex Williamson
2009-06-05 20:47 ` [Qemu-devel] [PATCH 6/7] virtio-net: Add new RX filter controls Alex Williamson
2009-06-06 20:48 ` Michael S. Tsirkin
2009-06-08 19:01 ` Alex Williamson
2009-06-08 19:18 ` Anthony Liguori
2009-06-08 19:29 ` Daniel P. Berrange
2009-06-08 21:03 ` Anthony Liguori [this message]
2009-06-09 9:57 ` Daniel P. Berrange
2009-06-09 15:00 ` Jamie Lokier
2009-06-09 15:42 ` [Qemu-devel] " Jan Kiszka
2009-06-09 23:50 ` Jamie Lokier
2009-06-10 8:46 ` Michael S. Tsirkin
2009-06-10 8:58 ` Jan Kiszka
2009-06-10 9:07 ` Michael S. Tsirkin
2009-06-10 9:13 ` Gleb Natapov
2009-06-10 9:17 ` Michael S. Tsirkin
2009-06-10 9:22 ` Gleb Natapov
2009-06-10 9:35 ` Michael S. Tsirkin
2009-06-08 20:18 ` [Qemu-devel] " Alex Williamson
2009-06-05 20:47 ` [Qemu-devel] [PATCH 7/7] virtio-net: Increase filter and control limits Alex Williamson
2009-06-06 20:44 ` Michael S. Tsirkin
2009-06-08 18:49 ` Alex Williamson
2009-06-09 19:25 ` [Qemu-devel] [PATCH 0/7] virtio-net: Filter cleanup/improvements Mark McLoughlin
2009-06-09 21:08 ` Alex Williamson
2009-06-10 6:51 ` Rusty Russell
2009-06-10 20:43 ` Alex Williamson
2009-06-12 17:07 ` Mark McLoughlin
2009-06-12 19:19 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A2D7CB6.5060101@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=alex.williamson@hp.com \
--cc=berrange@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).