lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 30 Oct 2010 13:55:25 -0700
From:	Sridhar Samudrala <sri@...ibm.com>
To:	Arnd Bergmann <arnd@...db.de>
CC:	Patrick McHardy <kaber@...sh.net>,
	Stephen Hemminger <shemminger@...tta.com>,
	"Michael S. Tsirkin" <mst@...hat.com>,
	netdev <netdev@...r.kernel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>
Subject: Re: [PATCH] macvlan: Introduce 'passthru' mode to takeover the underlying
 device

On 10/29/2010 6:45 AM, Arnd Bergmann wrote:
> On Friday 29 October 2010, Sridhar Samudrala wrote:
>> With the current default 'vepa' mode, a KVM guest using virtio with
>> macvtap backend has the following limitations.
>> - cannot change/add a mac address on the guest virtio-net
> I believe this could be changed if there is a neeed, but I actually
> consider it one of the design points of macvlan that the guest
> is not able to change the mac address. With 802.1Qbg you rely on
> the switch being able to identify the guest by its MAC address,
> which the host kernel must ensure.
>
Currently the host cannot prevent a guest user from trying to change/add 
a mac address
on the guest virtio-net. From guest point of view, the request succeeds, 
but the incoming packets
are dropped siliently by the host interface.

>> - cannot create a vlan device on the guest virtio-net
> Why not? If this doesn't work, it's probably a bug!
Because the host is not aware of the guest vlan tag and the host 
external interface will filter out
incoming vlan tagged packets.

> Why does the passthru mode enable it if it doesn't work
> already?
>
passthru mode puts the host external interface in promiscuous mode which 
allows vlan tagged
packets to be received.

Even in tap/bridge mode, this works because adding an external interface 
to the bridge causes it to be
put in promiscuous mode.

Thanks
Sridhar

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists