From: Anthony Liguori <anthony@codemonkey.ws>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>, Sridhar Samudrala <sri@us.ibm.com>,
avi@redhat.com, markmc@redhat.com, ogerlitz@voltaire.com,
kvm@vger.kernel.org, qemu-devel@vger.kernel.org
Subject: Re: [PATCH qemu-kvm] Add raw(af_packet) network backend to qemu
Date: Wed, 27 Jan 2010 08:03:19 -0600 [thread overview]
Message-ID: <4B6047A7.2030408@codemonkey.ws> (raw)
In-Reply-To: <20100127094427.GE3476@redhat.com>
On 01/27/2010 03:44 AM, Michael S. Tsirkin wrote:
> On Wed, Jan 27, 2010 at 10:34:35AM +0100, Arnd Bergmann wrote:
>
>> On Wednesday 27 January 2010, Michael S. Tsirkin wrote:
>>
>>> I am not sure I agree with this sentiment. The main issue being that
>>> macvtap doesn't exist on all kernels :). macvlan also requires hardware
>>> support, packet socket can work with any network card in promisc mode.
>>>
>> To be clear, macvlan does not require hardware support, it will happily
>> put cards into promiscous mode if they don't support multiple mac addresses.
>>
>>
>>> I agree to that. People don't even seem to agree whether it's a raw
>>> socket or a packet socket :) We need a better name for this option: what
>>> it really does is rely on an external device to loopback a packet to us,
>>> so how about -net loopback or -net extbridge?
>>>
>> I think -net socket,fd should just be (trivially) extended to work with raw
>> sockets out of the box, with no support for opening it. Then you can have
>> libvirt or some wrapper open a raw socket and a private namespace and just pass it
>> down.
>>
> That'd work. Anthony?
>
What functionality are we trying to achieve? Let's be very specific
about use-cases here. If it's VEPA, like you mentioned earlier, why
isn't macvtap a better solution from a security perspective?
The fundamental problem that I have with all of this is that we should
not be introducing new network backends that are based around something
only a developer is going to understand. If I'm a user and I want to
use an external switch in VEPA mode, how in the world am I going to know
that I'm supposed to use the -net raw backend or the -net socket
backend? It might as well be the -net butterflies backend as far as a
user is concerned.
Networking in QEMU is already hard enough for users, we shouldn't make
it worse than it already is.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2010-01-27 14:03 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-26 20:40 [PATCH qemu-kvm] Add raw(af_packet) network backend to qemu Sridhar Samudrala
2010-01-26 20:47 ` Anthony Liguori
2010-01-26 20:50 ` Anthony Liguori
2010-01-26 23:19 ` Sridhar Samudrala
2010-01-27 9:24 ` Michael S. Tsirkin
2010-01-27 9:34 ` Arnd Bergmann
2010-01-27 9:44 ` Michael S. Tsirkin
2010-01-27 14:03 ` Anthony Liguori [this message]
2010-01-27 21:39 ` Arnd Bergmann
2010-01-27 22:56 ` Sridhar Samudrala
2010-01-28 6:06 ` Arnd Bergmann
2010-01-28 16:53 ` Jens Osterkamp
2010-01-28 11:22 ` Or Gerlitz
2010-01-29 20:52 ` Sridhar Samudrala
2010-01-29 20:52 ` [Qemu-devel] " Sridhar Samudrala
2010-01-27 14:07 ` Anthony Liguori
2010-01-27 16:59 ` Michael S. Tsirkin
2010-01-27 17:07 ` Anthony Liguori
2010-01-27 17:25 ` Michael S. Tsirkin
2010-01-27 17:36 ` Anthony Liguori
2010-01-27 17:54 ` Sridhar Samudrala
2010-01-27 18:02 ` Anthony Liguori
2010-01-27 18:03 ` Michael S. Tsirkin
2010-01-27 19:54 ` Anthony Liguori
2010-01-28 8:12 ` Arnd Bergmann
2010-01-28 13:56 ` Michael S. Tsirkin
2010-01-28 14:13 ` Anthony Liguori
2010-01-28 14:39 ` Anthony Liguori
2010-01-28 14:52 ` Michael S. Tsirkin
2010-01-28 15:05 ` Anthony Liguori
2010-01-28 16:37 ` Michael S. Tsirkin
2010-01-28 17:58 ` Anthony Liguori
2010-01-28 18:04 ` Michael S. Tsirkin
2010-01-28 19:57 ` Anthony Liguori
2010-01-29 11:26 ` Michael S. Tsirkin
2010-01-28 20:29 ` Arnd Bergmann
2010-02-01 15:47 ` Or Gerlitz
2010-01-27 18:12 ` Michael S. Tsirkin
2010-01-26 23:15 ` Sridhar Samudrala
2010-01-26 23:15 ` [Qemu-devel] " Sridhar Samudrala
2010-01-27 0:06 ` Anthony Liguori
2010-01-27 6:52 ` Arnd Bergmann
2010-01-27 6:52 ` Arnd Bergmann
2010-01-27 14:14 ` Anthony Liguori
2010-01-27 14:14 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6047A7.2030408@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=arnd@arndb.de \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=markmc@redhat.com \
--cc=mst@redhat.com \
--cc=ogerlitz@voltaire.com \
--cc=qemu-devel@vger.kernel.org \
--cc=sri@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.