Hi. I'm developing small OS. Currently I'm working on virtio network front-end device driver, specifically MAC filtering function.
I have problem that MAC filtering with virtio-net does not work rightly what I expected. What I have to do is this.
1. Our guest OS has two MAC. One is specified MAC from virtio device which is externally exposed, and other is internal MAC that we intentionally made.
ex) Specified MAC from virtio device - 80:00:27:86:70:bb. Internal MAC - 00:11:11:11:11:11
2. I had used making external MAC to promiscuos mode and intenally changed it to internal MAC address.
3. The problem is that there are too many useless packet, so we decided not to use promiscuos mode. Instead, using MAC filtering I made only two MACs are acceptable(which are two I mentioned above)
4. This exactly works what I expected on QEMU enviroment (emulator version 2.0.0 (Debian 2.0.0+dfsg-2ubuntu1.13)). But On virtualbox, if I turned off promiscuos mode and made filtering table, nothing except multicast packet and address of itselt (80:00:27:86:80:bb) can be received.
5. I built virtualbox OSE for detailed logging, and investigate OSE verison source(DevVirtioNet.cpp) And I noticed that no packets which has different MAC with address of itself are putted even to virtio device (MAC filtering routine never occured).
6. So now, I doubt that MAC filtering at lower level occurs or even multiple MAC addresses are not available at all on virtualbox. But I cannot find where it is on source.
In conclusion, anybody knows why MAC filtering on virtio network device doesn't work?
My developing envirnoment below
Host OS : Ubuntu 14.04 - 3.13.-57-generic
Guest OS : own 64bit OS on x86-64 system non-based linux
Virtualbox verison : 4.2.26 OSE
Network setting : One adapter (bridged mode to tap interface). Promisc allow all. Also tap interface on promiscuos mode.
Is MAC filtering available with virtio network device?
Re: Is MAC filtering available with virtio network device?
VirtualBox by default uses MAC based filtering straight in the virtual switch code. It knows the MAC address of the VM, and doesn't deliver any other packets (besides multicast and broadcast). The reason is of course security - otherwise a VM can try to redirect traffic etc etc.