From: "Michael S. Tsirkin" <mst@redhat.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: anthony@codemonkey.ws, virtualization@lists.linux-foundation.org,
kvm@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>
Subject: Re: vhost-net todo list
Date: Thu, 17 Sep 2009 14:47:40 +0300 [thread overview]
Message-ID: <20090917114739.GD18916@redhat.com> (raw)
In-Reply-To: <200909171330.01414.arnd@arndb.de>
On Thu, Sep 17, 2009 at 01:30:00PM +0200, Arnd Bergmann wrote:
> On Wednesday 16 September 2009, Michael S. Tsirkin wrote:
> > > Also, I might not want to allow the user to open a
> > > random random raw socket, but only one on a specific downstream
> > > port of a macvlan interface, so I can filter out the data from
> > > that respective MAC address in an external switch.
> >
> > I agree. Maybe we can fix that for raw sockets, want me to
> > add it to the list? :)
>
> So far, I could not find any theoretical solution how to fix this,
What if socket had a LOCKBIND ioctl after which you can not bind it to
any other device? Then someone with RAW capability can open the socket,
bind to device and hand it to you. You can send packets but not
switch to another device.
> but if you think it can be done, it would be good to have it on the
> list somewhere.
>
> Arnd <><
next prev parent reply other threads:[~2009-09-17 11:49 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-16 10:04 vhost-net todo list Michael S. Tsirkin
2009-09-16 14:52 ` Arnd Bergmann
2009-09-16 14:58 ` Michael S. Tsirkin
2009-09-16 15:08 ` Arnd Bergmann
2009-09-16 15:19 ` Michael S. Tsirkin
2009-09-16 15:27 ` Arnd Bergmann
2009-09-16 15:46 ` GDB + KVM Debug Saksena, Abhishek
2009-09-16 16:02 ` Jan Kiszka
2009-09-16 16:24 ` Saksena, Abhishek
2009-09-16 16:37 ` Jan Kiszka
2009-09-16 17:15 ` Avi Kivity
2009-09-16 17:56 ` Jan Kiszka
2009-09-16 18:26 ` Avi Kivity
2009-09-16 18:49 ` Saksena, Abhishek
2009-09-17 8:35 ` Jan Kiszka
2009-10-20 18:48 ` Saksena, Abhishek
2009-10-23 17:01 ` Jan Kiszka
2009-10-23 16:19 ` GDB Debugging Saksena, Abhishek
2009-10-24 16:44 ` Yolkfull Chow
2009-09-16 16:45 ` vhost-net todo list Michael S. Tsirkin
2009-09-17 11:30 ` Arnd Bergmann
2009-09-17 11:47 ` Michael S. Tsirkin [this message]
2009-09-17 12:14 ` Arnd Bergmann
2009-09-17 12:25 ` Michael S. Tsirkin
2009-09-17 15:08 ` Arnd Bergmann
2009-09-16 17:13 ` Avi Kivity
2009-09-16 15:01 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090917114739.GD18916@redhat.com \
--to=mst@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=arnd@arndb.de \
--cc=kvm@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).