On Friday 06 February 2009, Alex Williamson wrote: > Now that virtio-net knows what packets the guest wants to see, we > can start moving the filtering down the stack. This patch adds > an interface to set the software filter in the tap device. It's > fairly limited, but we can back it up with our own filtering if it > overflows. I think you've got the abstraction wrong here. Devices certainly shouldn't care what else is connected to the vlan. Remember that a qemu vlan is an arbitrary set of network devices. You need to be able to support multiple devices all with their own filters. There should be two interface points between the the vlan and the device: 1) The device can indicate that it only cares about incoming (vlan to device) packets sent to a subset of MAC addresses. 2) The vlan can request that a device discards outgoing (device to vlan) packets that don't match a subset of MAC addresses. Typically a emulated NIC will implement (1) and a host interface will implement (2). The generic vlan code should be responsible for using the information provided by (1) to set (2) appropriately. Remember that network devices can be hotplugged. On a related note, you need to add comments making it clear that this is a performance optimisation, and must not be relied on. A device may still receive packets that should have been filtered out. If a device needs reliable filtering (most "real" hardware does), then this still needs to be implemented per-device. Paul -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html