I wonder how to have seL4 host not passing network frames to Linux VM guest. I mean, I would like to have seL4 dealing with TCP/IP and processing packets at the host level but then I want to use a custom communication channel with the Linux guest. So, the very first step would be to stop forwarding network frames to the guest. Any hint where I can start experimenting with this?
You could perhaps use the VirtIO networking driver to expose a virtual network card over to the VM and then have that virtual card be backed by the actual Ethernet device on the board. You could then insert a firewall/packet processing layer in between the Ethernet device and the VirtIO networking driver to process packets before they're delivered to the VirtIO networking driver and into the virtual machine. So it'd look like this:
Ethernet device -> Packet processing layer -> VirtIO networking driver -> VM
There's an example of the VirtIO networking drivers in use in  and a Firewall CAmkES component in .  shows the Firewall in use.
Hope this helps, Damon
 https://github.com/nomadeel/camkes-vm-examples/tree/master/apps/Arm/vm_virti...  https://github.com/seL4/camkes-vm/tree/master/components/Firewall  https://github.com/nomadeel/camkes-vm-examples/blob/master/apps/x86/cma34cr_...