On Mon, Jun 08, 2009 at 02:18:04PM -0500, Anthony Liguori wrote:
Alex Williamson wrote:
e1000 also allows the driver to selectively enable/disable RX of
packets to the broadcast address. This is replicated with the
all/no-bcast options. Finally, there may be cases where we want to
receive only unicast or only multicast address for special purpose
network devices. This is provided by the nouni and nomulti options.
A proprietary guest know as DMX intends to make use of these extra
modes. Are there any other interesting, useful and lightweight packet
filters we could implement? Thanks,
I've been thinking about whether doing VLAN filtering/tagging within
QEMU would make sense. It could potentially simplify bridge setups
tremendously. Today, if you want to isolate VMs on separate vlans, it
involves creating multiple bridges which gets ugly quickly.
The downside of that would be that you're trusting the integrity of
QEMU for VLAN filtering. If QEMU got compromised then it could get
outside the configured VLAN, which is not possible if the VLAN stuff
is done by the kernel (assuming the QEMU process does not have the
capabilities to add itself to other bridges).