On Mon, 2011-02-28 at 13:32 +0200, Michael S. Tsirkin wrote: > On Mon, Feb 28, 2011 at 07:20:38PM +0800, Amos Kong wrote: > > Communicate between two vms, and try to capture packages from another vm in > > the same lan. > > This test used tcpdump, so we need limit it with Linux guests. > > > > Signed-off-by: Amos Kong <akong@xxxxxxxxxx> > > I don't think there's any such privacy guarantee for a plain > bridged setup: the bridge might flood packets to > all endpoints sometimes, and rx mac address filters > even if present are guest controllable so they represent > a performance optimization, not a privacy guarantee. > > This is analogous to a physical shared lan: any box can > enable promisc mode and snoop on packets. > > You need vlans, or netfilter, or some other filtering > if you want to enforce privacy. Amos, per Michael's comments, perhaps we should put vm1 and vm2 on a vlan and vm3 on a different vlan to have a more valid packet privacy testing? I'll refrain from adding this test to the upstream tree until we have a more satisfactory test/solution. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
