<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/08/2014 05:46 AM, yue wrote:<br>
</div>
<blockquote
cite="mid:5cb9ea89.fada.1440f9a6973.Coremail.libvirt@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:arial">
<div>hi, all</div>
<div>nwfilter has many rules which depends on mac of vm, but i
find the mac address inside vm is different from mac outside
of vm.</div>
<div><span>outside mac:</span></div>
<div><span>vnet0 Link encap:Ethernet HWaddr FE:54:00:71:15:7B ,</span></div>
<div><span>inside mac:</span></div>
<div><span>eth0 Link encap:Ethernet HWaddr 52:54:00:71:15:7B
,virtio</span> </div>
<div> </div>
<div>why?</div>
</div>
</blockquote>
<br>
The two ends of a tap interface ((1) vnet0 on the host side, and (2)
the backend which connects via the qemu process to eth0 on the
guest) *must* have different MAC addresses, otherwise, it would be
impossible to know whether to forward a packet with that MAC address
across the tap, or deliver it on the local side. If you want to see
the result of making both sides of a tap interface the same MAC
address, just modify the piece of code in libvirt that replaces the
1st MAC byte with 0xFE and try starting up a guest - you will see an
entry in the system log complaining about the duplicated MAC address
(I don't remember the exact wording as it's been so long since I saw
it).<br>
<br>
<br>
<blockquote
cite="mid:5cb9ea89.fada.1440f9a6973.Coremail.libvirt@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:arial">
<div> i am afraid that nwfilter use the wrong one. </div>
</div>
</blockquote>
<br>
Why do you say that?<br>
<br>
<blockquote
cite="mid:5cb9ea89.fada.1440f9a6973.Coremail.libvirt@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:arial">
<div>how nwfilter chooses mac? and what is the usage of vnet0's
mac?</div>
</div>
</blockquote>
<br>
Packet's destined for that MAC address are delivered to the host via
vnet0, and *if* you gave an IP address to vnet0, that would be the
mac address returned from an ARP request from vnet0's IP address,
and packets with that IP address would be delivered to the host via
vnet0.<br>
<br>
However, for qemu's use of tap interfaces, the host side of the tap
doesn't have an IP address, so the tap interface's MAC isn't used
for anything. Mainly, it is something that has to be there, but
needs to keep out of the way; the simple way to do that in an
orderly fashion is to replace the first byte of the guest's mac
address with 0xFE, just to be sure there isn't a clash with the
guest's MAC.<br>
</body>
</html>