Re: xennet input processing and mac filtering

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Wed, Aug 28, 2024 at 06:20:48AM -0700, Brian Buhrow wrote:
> [...]
> In the case of xennent(4), I think the filtering is done at the backend, i.e. on the dom0 side,
> but I'm not entirely certain of that.

No the backend deosn't do filtering on mac address. It would need to know
if the frontend is in promiscous mode or not, and get multicast filter from
the frontend. This is not part of the interface between frontend and backend.

> A quick check with tcpdump on a domu machine running with xennet(4), while sending data to
> another domu machine on the same bridge, shows the domu doesn't receive packets for the MAC
> addresses it doesn't own.  That could either be because the bridge code blocks output to the
> watching domu's virtual port or because the backend sender on the specific domu is blocking
> such traffic.  I didn't look, but perhaps there is code in the xennet(4) driver  to tell the
> backend which MAC addresses it should listen for.

It's because the bridge knows where the destination mac is and routes the
packet instead of broadcasting it.

I think the frontend code assumes that ether_input() will do the filtering,
and maybe this has changed since the frontend was written

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--