Hypervisor

Hi everyone,

I will create the network virtualization in Hurd,
so I need to implement a mechanism which help pfinet servers communicate
with each other.
That is, for example, if pfinet 1 has IP A and pfinet 2 has IP B,
the packet sent by pfinet 1 with destination address IP B should be
received by pfinet 2.
Sub-hurd should also be able to use this mechanism to communicate with
each other.
Meanwhile this mechanism should allow non-privileged the user to start
his own pfinet.

The possible approach is to create a hypervisor whose role is:
1. to create some virtual network interface, so pfinet can send packets
to it.
2. to receive the packet from pfinet, and forward the packet to other
pfinets in hurd
3. or forward the packet to the real network device in the kernel and
send it to the network.
4. to guard the network traffic and filter illegal packets (forged by
some malicious users) from pfinet or some other programs.

To implement it, I have to solve some problems:

1. What kind of programming interface should the hypervisor provide to
pfinet or other programs?
In the current implementation of pfinet, the pfinet server gets the
privileged port,
opens the network interface by calling device_open() and set the filter
rules by calling device_set_filter().
My solution is:
Since we want every user to be able to run pfinet, we should modify the
code of pfinet:
pfinet explicitly get the send right to hypervisor by opening some files
created by hypervisor or getting it from the proc server.
I'm not sure whether the pfinet still needs to set filter rules when it
sends packets to the hypervisor.

2. How does the hypervisor route packets to the right pfinet server or
the network device in the kernel?
As my understanding, if there are two pfinet servers running in the same
network interface and a packet comes,
both pfinet servers should be able to receive the packet in the current
hurd.
This is right because the pfinet server can drop the packet it doesn't want.
The hypervisor can do the same thing:
If it receives a packet from a pfinet server or from the network device
in the kernel,
it can send the packet to all pfinet servers that are connected to the
hypervisor.
(maybe the hypervisor should make a choice to send the packet to the
real network interface
or to pfinet servers when it receives a packet from a pfinet server)
But the problem is that every user can run pfinet now,
so one user may be able to watch other users' packets if every pfinet
packets can get the packet.
It should be a secure issue.

3. How does the hypervisor guard the network traffic and filter illegal
packets?
I have no idea how to do it.
and I'm not very sure I should do it.

Could someone give me some advices or comments?
Thank you in advance.

Best,
Zheng Da