libvirt/tests/networkxml2xmlin
Laine Stump 40961978ee conf: new network bridge device attribute macTableManager
The macTableManager attribute of a network's bridge subelement tells
libvirt how the bridge's MAC address table (used to determine the
egress port for packets) is managed. In the default mode, "kernel",
management is left to the kernel, which usually determines entries in
part by turning on promiscuous mode on all ports of the bridge,
flooding packets to all ports when the correct destination is unknown,
and adding/removing entries to the fdb as it sees incoming traffic
from particular MAC addresses.  In "libvirt" mode, libvirt turns off
learning and flooding on all the bridge ports connected to guest
domain interfaces, and adds/removes entries according to the MAC
addresses in the domain interface configurations. A side effect of
turning off learning and unicast_flood on the ports of a bridge is
that (with Linux kernel 3.17 and newer), the kernel can automatically
turn off promiscuous mode on one or more of the bridge's ports
(usually only the one interface that is used to connect the bridge to
the physical network). The result is better performance (because
packets aren't being flooded to all ports, and can be dropped earlier
when they are of no interest) and slightly better security (a guest
can still send out packets with a spoofed source MAC address, but will
only receive traffic intended for the guest interface's configured MAC
address).

The attribute looks like this in the configuration:

  <network>
    <name>test</name>
    <bridge name='br0' macTableManager='libvirt'/>
    ...

This patch only adds the config knob, documentation, and test
cases. The functionality behind this knob is added in later patches.
2014-12-08 14:41:37 -05:00
..
8021Qbh-net.xml
bandwidth-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
dhcp6host-routed-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
direct-net.xml
empty-allow-ipv6.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
host-bridge-net.xml
host-bridge-no-flood.xml conf: new network bridge device attribute macTableManager 2014-12-08 14:41:37 -05:00
hostdev-pf.xml network: support <driver name='vfio'/> in network definitions 2013-04-26 21:51:12 -04:00
hostdev.xml
isolated-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
nat-network-dns-forward-plain.xml network: permit upstream forwarding of unqualified DNS names 2013-08-14 09:46:22 -04:00
nat-network-dns-forwarders.xml Add forwarder attribute to <dns/> element 2013-09-17 17:47:33 -06:00
nat-network-dns-hosts.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
nat-network-dns-srv-record-minimal.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
nat-network-dns-srv-record.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
nat-network-dns-srv-records.xml Test network update XML parsing 2013-08-28 08:05:46 +02:00
nat-network-dns-txt-record.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
nat-network-explicit-flood.xml conf: new network bridge device attribute macTableManager 2014-12-08 14:41:37 -05:00
nat-network-forward-nat-address.xml Add '<nat>' element to '<forward>' network schemas 2013-09-05 13:45:49 +02:00
nat-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
netboot-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
netboot-proxy-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
openvswitch-net.xml Configure native vlan modes on Open vSwitch ports 2013-06-25 00:22:36 -04:00
passthrough-address-crash.xml conf: net: Correctly switch how to format address fields 2014-08-21 15:55:07 +02:00
passthrough-pf.xml
routed-network.xml Remove the space before the slash in network XML 2013-08-28 08:05:46 +02:00
vepa-net.xml conf: add trustGuestRxFilters attribute to network and domain interface 2014-10-06 11:49:10 -04:00