On Monday 02 July 2012 19:14:04 Eric Blake wrote: > On 07/02/2012 09:28 AM, Jean-Baptiste Rouault wrote: > > Hi all, > > > > By default, OpenVZ and VirtualBox (> 4.0.x) filter network packets by MAC > > addresses : only broadcast, multicast and packets directly targeted to > > VMs are transmitted. > > This behaviour prevents from using promiscuous mode inside domains. > > > > I'd like to write some patches to disable these filters from libvirt. > > Would it be ok to modify OpenVZ and VirtualBox drivers so that they > > disable the filters by default ? > > > > If this is not acceptable, what about making it configurable through > > domains' XML ? > > It sounds like exposing this through the domain XML would be useful to > other hypervisors, and certainly something that I would rather have > configurable per-guest instead of hard-coded to one default or another. > We might declare that if the XML element is not present then it is up > to hypervisor defaults whether the interface is promiscuous, to allow > for back-compat, while still allowing the user to explicitly select > narrow or promiscuous with new libvirt. Ok, so what about adding a "promiscuouspolicy" attribute to the "interface" tag ? There are currently 3 possible values with VirtualBox : - Deny - AllowNetwork : allow promiscuous mode but restrict its scope to the internal network - AllowAll So we could create a virDomainNetPromiscuousPolicy enum with these 3 values for a start. Regards -- Jean-Baptiste ROUAULT Ingénieur R&D - diateam : Architectes de l'information Phone : +33 (0)2 98 050 050 Fax : +33 (0)2 98 050 051 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list