[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [RFC] Allowing promiscuous mode for domains network interfaces



On Monday 02 July 2012 19:14:04 Eric Blake wrote:
> On 07/02/2012 09:28 AM, Jean-Baptiste Rouault wrote:
> > Hi all,
> > 
> > By default, OpenVZ and VirtualBox (> 4.0.x) filter network packets by MAC
> > addresses : only broadcast, multicast and packets directly targeted to
> > VMs are transmitted.
> > This behaviour prevents from using promiscuous mode inside domains.
> > 
> > I'd like to write some patches to disable these filters from libvirt.
> > Would it be ok to modify OpenVZ and VirtualBox drivers so that they
> > disable the filters by default ?
> > 
> > If this is not acceptable, what about making it configurable through
> > domains' XML ?
> 
> It sounds like exposing this through the domain XML would be useful to
> other hypervisors, and certainly something that I would rather have
> configurable per-guest instead of hard-coded to one default or another.
>  We might declare that if the XML element is not present then it is up
> to hypervisor defaults whether the interface is promiscuous, to allow
> for back-compat, while still allowing the user to explicitly select
> narrow or promiscuous with new libvirt.

Ok, so what about adding a "promiscuouspolicy" attribute to the "interface" 
tag ?

There are currently 3 possible values with VirtualBox :
- Deny
- AllowNetwork : allow promiscuous mode but restrict its scope to the internal 
network
- AllowAll

So we could create a virDomainNetPromiscuousPolicy enum with these 3 values 
for a start.

Regards

-- 
Jean-Baptiste ROUAULT
Ingénieur R&D - diateam : Architectes de l'information
Phone : +33 (0)2 98 050 050 Fax : +33 (0)2 98 050 051


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]