How to pass all traffic through to a VM

[amlamarra]

I've got a Security Onion VM running on my FreeNAS machine (I'll provide the specs if it helps) with 2 interfaces, one for management and one for monitoring. The VM's management interface is simply attached to the same NIC used for FreeNAS management, em0. I have another NIC, em1, that is plugged into a switch that's mirroring all network traffic to it. I've attached the second NIC of the VM to em1, but it only sees broadcast traffic. The host FreeNAS system can see all of the network traffic with "tcpdump -i em1".

I've done a lot of Google searching for this and came across this blog post that may help: http://empt1e.blogspot.com/2016/10/bhyve-networking-options.html

However, I can't figure out how to modify the bhyve options when FreeNAS starts a VM. Is this possible?

 

[KevDog]

What have your tried?

Nice reference post btw.

I've only done something similar with the use of bridges. I'm not sure if that's what you want to do or not?

 

[amlamarra]

I made the change to /boot/loader.conf that was mentioned in that article, but nothing changed after reboot.

Code:

root@freenas ~ # grep pptdevs /boot/loader.conf
pptdevs="2/0/1"
root@freenas ~ # pciconf -l -v | grep em1
em1@pci0:2:0:1: class=0x020000 card=0x115e8086 chip=0x105e8086 rev=0x06 hdr=0x00
root@freenas ~ # pciconf -l -v | grep ppt0
root@freenas ~ #

Also, the Security Onion VM still only sees broadcast traffic.

 

[KevDog]

So are the two NICs on different VLANs -- on two separate bridges --- Just trying to find out more info how you setup your system.

 

[amlamarra]

No VLANs here. And technically, I have 3 NICs with a total of 4 ethernet ports. 1 NIC is built into the motherboard, 1 NIC has 1 port, and another NIC has 2 ports. But I'm only using 2 of the 4 ports right now. The other 2 are for future plans. The single NIC with 2 ports has em0 and em1. These are the 2 being used. One is the management interface for FreeNAS, 2 VMs (an Ubuntu server VM & Security Onion), and 6 jails. The other is my network tap. That one goes to a port on my switch that mirrors all its traffic to there.

 

[KevDog]

Still kind of unclear how you've set things up in terms of networking. What ip addresses are assigned? Are there bridges involved? ifconfig? You need to post far more detail than just a cursory explanation of what you're doing.

 

[amlamarra]

I guess I'm just asking how to do NIC passthru for a VM in FreeNAS. Not how I should do it, but how anybody would do it.

And I did mean to post ifconfig output but forgot.

Code:

root@freenas ~ # ifconfig
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Management
        options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 68:05:ca:42:84:fc
        hwaddr 68:05:ca:42:84:fc
        inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 68:05:ca:42:84:fd
        hwaddr 68:05:ca:42:84:fd
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
em2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether b8:ca:3a:7f:94:9c
        hwaddr b8:ca:3a:7f:94:9c
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect
        status: no carrier
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 00:e0:4c:69:2c:6b
        hwaddr 00:e0:4c:69:2c:6b
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Attached to UbuntuServer1804
        options=80000<LINKSTATE>
        ether 00:bd:df:d3:f8:00
        hwaddr 00:bd:df:d3:f8:00
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect
        status: active
        groups: tap
        Opened by PID 1683
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:84:c9:1d:f4:00
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.7 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 17 priority 128 path cost 2000
        member: vnet0.5 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 15 priority 128 path cost 2000
        member: vnet0.4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 14 priority 128 path cost 2000
        member: vnet0.3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 13 priority 128 path cost 2000
        member: vnet0.2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 12 priority 128 path cost 2000
        member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 11 priority 128 path cost 2000
        member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 2000000
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 2000000
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Attached to SecurityOnion
        options=80000<LINKSTATE>
        ether 00:bd:85:e4:f8:01
        hwaddr 00:bd:85:e4:f8:01
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect
        status: active
        groups: tap
        Opened by PID 1970
tap2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Attached to SecurityOnion
        options=80000<LINKSTATE>
        ether 00:bd:8b:e4:f8:02
        hwaddr 00:bd:8b:e4:f8:02
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect
        status: active
        groups: tap
        Opened by PID 1970
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:84:c9:1d:f4:01
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 55
        member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 9 priority 128 path cost 2000000
vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: blog as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:62:08:67
        hwaddr 02:4f:d0:00:0b:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: guac as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:fa:f0:c0
        hwaddr 02:4f:d0:00:0c:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0.3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: librenms as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:06:82:9b
        hwaddr 02:4f:d0:00:0d:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0.4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: nextcloud as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:ba:b5:81
        hwaddr 02:4f:d0:00:0e:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0.5: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: plexserver as nic: epair0b
        options=8<VLAN_MTU>
        ether 92:42:de:51:2f:d2
        hwaddr 02:4f:d0:00:0f:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0.7: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: zoneminder as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:40:ed:c2
        hwaddr 02:4f:d0:00:11:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair

 

[amlamarra]

And just in case I need to passthru an entire NIC (and not an individual port), I tried my other NIC in /boot/loader.conf

Code:

root@freenas ~ # grep pptdevs /boot/loader.conf
pptdevs="7/0/0"
root@freenas ~ # pciconf -lv | grep re0
re0@pci0:7:0:0: class=0x020000 card=0x012310ec chip=0x816810ec rev=0x0c hdr=0x00
root@freenas ~ # pciconf -lv | grep ppt
root@freenas ~ #

 

[amlamarra]

Ok, so I figured out what I was doing wrong in /boot/loader.conf. I added the following lines:

Code:

vmm_load="YES"
pptdevs="7/0/0"

And now my re0 NIC is showing up as ppt0. However, it doesn't show up as a NIC:

Code:

root@freenas ~ # pciconf -lv | grep ppt0
ppt0@pci0:7:0:0:        class=0x020000 card=0x012310ec chip=0x816810ec rev=0x0c hdr=0x00

root@freenas ~ # ifconfig ppt0
ifconfig: interface ppt0 does not exist

So I'm unable to attach my VM to it. At least not through the GUI.

I did discover from another forum post that the VM settings are stored in a sqlite database file. However, it doesn't look like I'll be able to modify that to get what I want:

Code:

root@freenas ~ # sqlite3 /data/freenas-v1.db
SQLite version 3.29.0 2019-07-10 17:32:03
Enter ".help" for usage hints.

sqlite> select * from vm_vm;
7|UbuntuServer1804||2|4096|0|LOCAL||UEFI
12|SecurityOnion|Security Onion 16.04|8|16384|0|LOCAL||UEFI

sqlite> select * from vm_device where vm_id = 12;
26|NIC|{"type": "VIRTIO", "mac": "00:a0:98:6b:8a:4d", "nic_attach": "em0"}|12|1003
27|DISK|{"path": "/dev/zvol/storage/VirtualMachines/SecurityOnion-bybl1", "type": "VIRTIO", "sectorsize": 0}|12|
29|VNC|{"vnc_port": 6262, "wait": false, "vnc_resolution": "1024x768", "vnc_bind": "192.168.1.3", "vnc_password": "", "vnc_web": true}|12|1002

And I know that my CPU supports IOMMU:

Code:

root@freenas ~ # sysctl -a | egrep -i 'hw.machine|hw.ncpu|hw.model'
hw.machine: amd64
hw.model: Intel(R) Xeon(R) CPU E5-2630 0 @ 2.30GHz
hw.ncpu: 24
hw.machine_arch: amd64

I also found log files in /var/log/vm that shows exactly how the VM is started:

Code:

root@freenas ~ # grep bhyve /var/log/vm/SecurityOnion_12
[2020-02-02 19:05:11,371] (DEBUG) VMService.vm_12.run():291 - Starting bhyve: bhyve -A -H -w -c 8 -m 16384 -s 0:0,hostbridge -s 31,lpc -l com1,/dev/nmdm12A -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -s 29,fbuf,vncserver,tcp=192.168.1.3:6262,w=1024,h=768,, -s 30,xhci,tablet -s 4,virtio-net,tap0,mac=00:a0:98:6b:8a:4d -s 3:0,virtio-blk,/dev/zvol/storage/VirtualMachines/SecurityOnion-bybl1 12_SecurityOnion

Using that I tried to boot the VM by adding the passthru PCI device from earlier. However, it didn't work:

Code:

root@freenas ~ # cat startSO.sh
#!/bin/sh
bhyve -H -w -S -c 8 -m 16G \
  -s 0:0,hostbridge \
  -s 31,lpc \
  -l com1,/dev/nmdm12A \
  -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
  -s 29,fbuf,vncserver,tcp=192.168.1.3:6262,w=1024,h=768,, \
  -s 30,xhci,tablet \
  -s 4,virtio-net,tap0,mac=00:a0:98:6b:8a:4d \
  -s 6,passthru,7/0/0 \
  -s 3:0,virtio-blk,/dev/zvol/storage/VirtualMachines/SecurityOnion-bybl1 \
  13_SecurityOnion

root@freenas ~ # ./startSO.sh
bhyve: PCI device at 7/0/0 is not using the ppt(4) driver
device emulation initialization error: Device busy

 

[amlamarra]

I found this wiki article for bhyve: https://wiki.freebsd.org/bhyve/pci_passthru

According to that, I should be able to determine if my CPU supports VT-d (IOMMU) with acpidump -t | grep DMAR. However, running that on my system reveals no output.

I know my CPU supports it. Maybe I just need to initialize it:

Code:

root@freenas ~ # sysctl -a | grep hw.vmm.iommu
hw.vmm.iommu.enable: 1
hw.vmm.iommu.initialized: 0

 

[amlamarra]

Well now I feel dumb. I finally got around to checking the BIOS settings and found that "Intel VT for Directed I/O" was not enabled. I haven't had time to test anything yet, but I'm sure I'll have more success now. Will update soon.

 

[amlamarra]

Ok, so that worked! Mostly...

I decided to use a different NIC to pass through.

Code:

root@freenas ~ # tail -n3 /boot/loader.conf
# Allow em2 to be passed through to a VM
vmm_load="YES"
pptdevs="0/25/0"

root@freenas ~ # pciconf -lv | grep ppt
ppt0@pci0:0:25:0:       class=0x020000 card=0x04961028 chip=0x15028086 rev=0x05 hdr=0x00

Running the test again for VT-d support:

Code:

root@freenas ~ # acpidump -t | grep DMAR
  DMAR: Length=216, Revision=1, Checksum=78,
        OEMID=A M I, OEM Table ID=OEMDMAR, OEM Revision=0x1,

Again, I found the command used to start the VM by the GUI in /var/log/vm/SecurityOnion_12.

Code:

root@freenas ~ # grep bhyve /var/log/vm/SecurityOnion_12 | tail -n1
[2020-02-05 13:03:13,376] (DEBUG) VMService.vm_12.run():291 - Starting bhyve: bhyve -A -H -w -c 8 -m 16384 -s 0:0,hostbridge -s 31,lpc -l com1,/dev/nmdm12A -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -s 29,fbuf,vncserver,tcp=192.168.1.3:6262,w=1024,h=768,, -s 30,xhci,tablet -s 4,virtio-net,tap2,mac=00:a0:98:6b:8a:4d -s 3:0,virtio-blk,/dev/zvol/storage/VirtualMachines/SecurityOnion-bybl1 12_SecurityOnion

Then, I added one argument: -s 6,passthru,0/25/0

Code:

root@freenas ~ # cat startSO.sh
bhyve -A -H -w -c 8 -m 16384 -S \
  -s 0:0,hostbridge \
  -s 31,lpc \
  -l com1,/dev/nmdm12A \
  -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
  -s 29,fbuf,vncserver,tcp=192.168.1.3:6262,w=1024,h=768,, \
  -s 30,xhci,tablet \
  -s 4,virtio-net,tap1,mac=00:a0:98:6b:8a:4d \
  -s 6,passthru,0/25/0 \
  -s 3:0,virtio-blk,/dev/zvol/storage/VirtualMachines/SecurityOnion-bybl1 \
  12_SecurityOnion

root@freenas ~ # ./startSO.sh
fbuf frame buffer base: 0xc42e00000 [sz 16777216]
05/02/2020 14:51:26 Listening for VNC connections on TCP port 6262
05/02/2020 14:51:26 Listening for VNC connections on TCP6 port 6262

Now I can VNC to the machine. Running tcpdump on the newly added interface shows all the network traffic I would expect! HOWEVER, now my VM no longer has regular network access. Not to the LAN or Internet. So, I guess the pass through part of this is solved. Though I would love to know how to add this "passthru" option so the GUI boots the VM with it.

 

[amlamarra]

Ok, I figured out how to get my VM network access with the help of the FreeBSD Handbook: https://www.freebsd.org/doc/handbook/virtualization-host-bhyve.html

I had to set net.link.tap.up_on_open, create the tap1 interface, and add it to the bridge.

Code:

root@freenas ~ # sysctl net.link.tap.up_on_open=1
net.link.tap.up_on_open: 0 -> 1

root@freenas ~ # ifconfig tap1 create

root@freenas ~ # ifconfig bridge0 addm tap1

After that, I started the VM and it had network access! Presumably, the GUI creates the tap interface and adds it to a bridge when the VM is started.

One more problem exists. How to get the GUI to add this passthru device to the VM...

 

[Patrick M. Hausen]

Why would you need NIC passthrough?

• Configure the additional physical interface by simply putting "up" into the Options field
• Configure two bridge interfaces, one of the with one of the physical interface, respectively
• Configure VM with two virtio interfaces, one bound to one of the bridge interfaces

HTH,
Patrick

 

[KevDog]

Why are you doing this all at command line? I only ask this because -- although its not wrong what you're doing -- you do realize that your changes will not be there after a reboot.

 

[amlamarra]

Configure the additional physical interface by simply putting "up" into the Options field

What does that do? The 2 physical interfaces that I'm using for this, em0 & em2, are already always "up".

Configure two bridge interfaces, one of the with one of the physical interface, respectively

So, em0 be a member of bridge0? (which it already is)
And em2 be a member of bridge2? (I've already got a bridge1 for my DMZ jails)

Configure VM with two virtio interfaces, one bound to one of the bridge interfaces

Will that allow the VM to see ALL traffic that goes to that interface? Not just broadcast & traffic destined for its IP address?

I'll try this out.

 

[Patrick M. Hausen]

What does that do? The 2 physical interfaces that I'm using for this, em0 & em2, are already always "up".

If the interface em2 has no IP address (or DHCP, or IPv6, or ...) assigned, FreeNAS will leave it in the "down" state. I have a couple of setups where I use physical interfaces just as that: physical interfaces. Everything "layer 3" happens higher in the stack on VLAN oder bridge interfaces. In this case you have to configure the physical interface "up".

So, em0 be a member of bridge0? (which it already is)
And em2 be a member of bridge2? (I've already got a bridge1 for my DMZ jails)

Precisely.

Will that allow the VM to see ALL traffic that goes to that interface? Not just broadcast & traffic destined for its IP address?

Of course. With the possible exception of some packets relevant to bridging itself, spanning-tree, BPDUs, ... I would have to grab some of my old well worn books by Perlman or Stevens to check ... short: don't expect bridging (again) inside your VM to work, but maybe it even does. But from your posts I get you want to route through your VM, right? That will work. Promise ;)

Kind regards
Patrick

 

[amlamarra]

Well, I did that. I did have to add the "up" option to em2. However, having the VM run tcpdump on the new interface (that's bound to bridge2) still only sees broadcast traffic.

On the FreeNAS host, I get the same results (only seeing broadcast traffic) when running tcpdump on the bridge2 interface. However, I do see ALL the traffic when I look at the em2 interface.

Code:

root@freenas ~ # ifconfig bridge2
bridge2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: For Security Onion tap
        ether 02:84:c9:1d:f4:02
        nd6 options=9<PERFORMNUD,IFDISABLED>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 16 priority 128 path cost 2000000
        member: em2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 20000

 

[amlamarra]

Why are you doing this all at command line? I only ask this because -- although its not wrong what you're doing -- you do realize that your changes will not be there after a reboot.

Because there's a lot I cannot do in the GUI. And if you know how to add a PCI passthru device to a VM from the GUI, I'd LOVE to hear it. That's the only problem left that I need to solve.

 

[Patrick M. Hausen]

I thought you would want to direct the traffic towards your VM via routing? Are you expecting the traffic to pass through it transparently? How would that be accomplished? Just let us picture real hardware here ... any device only ever sees traffic destined for its own MAC address. Plus broadcast/multicast of course.
If you put a device connected to a switch into promiscuous mode, you will see more, but the switch will still learn MAC addresses and forward the frames to the matching port only.
In order to capture traffic you would need a switch with a monitor/SPAN port capability ...

I guess I have still bot quite understood what you are trying to do, sorry for the confusion. But keep in mind that this "own MAC address only" is in hardware, down at the Ethernet layer. It's simply how the network works. I doubt a PCI device passthrough would change any of that.

Kind regards,
Patrick