From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jim Fehlig Subject: Re: Prevent vif-bridge from adding user-created tap interfaces to a bridge Date: Thu, 03 Nov 2011 12:29:19 -0600 Message-ID: <4EB2DD7F.1040001@suse.com> References: <4EA7396D.30103@suse.com> <20137.29945.290531.658615@mariner.uk.xensource.com> <1319729714.9436.146.camel@zakaz.uk.xensource.com> <4EAB1BE6.9030501@suse.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4EAB1BE6.9030501@suse.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Ian Jackson Cc: xen-devel , Ian Campbell List-Id: xen-devel@lists.xenproject.org Jim Fehlig wrote: > Ian Campbell wrote: > >> On Thu, 2011-10-27 at 16:12 +0100, Ian Jackson wrote: >> >> >>> Jim Fehlig writes ("[Xen-devel] Prevent vif-bridge from adding user-created tap interfaces to a bridge"): >>> >>> > > Ok, my original post comes through now on a new thread... > > >>>> I received a report that vif-bridge adds any tap interface to a bridge, >>>> regardless if xen is running and who created the tap interface. E.g. >>>> >>>> # tunctl -p -t tap42 >>>> >>>> will cause vif-bridge to be executed as per the following rule in >>>> xen-backend.rules >>>> >>>> SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add", >>>> RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap" >>>> >>>> >>> Urgh. What a mess. >>> >>> >>> >>>> I'm not sure how to improve the rule to prevent execution of vif-setup >>>> in this case. But it seems better to handle it in vif-bridge anyhow, by >>>> not connecting the interface to a bridge if there is no corresponding >>>> info in xenstore. Something along the lines of the attached quick >>>> patch. Comments? >>>> >>>> >>> Aren't tap devices like this created by Xen's qemu ? And as such we >>> should be letting qemu run the script, and not have any hotplug >>> script called by udev. >>> >>> >> We explicitly changed away from that scheme not so long ago. The issue >> is that each tap has a vif counterpart which is somewhat logically the >> same device and should be setup the same way, hence via the same >> mechanisms. >> >> > > And qemu isn't involved when using netback. > > So how to proceed? Ian C. seemed to hesitantly ACK the patch in the > other thread [1] :). The suggestion to write the info to another path > in xenstore can also be implemented, although IMO, that the path is not > accessible to the frontend would be the only benefit. > Ping. I'd like to add this patch to our downstream package but would like upstream blessing first. Thanks, Jim > Thanks, > Jim > > [1] http://lists.xensource.com/archives/html/xen-devel/2011-10/msg02016.html > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >