From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PATCH qemu-kvm] Add raw(af_packet) network backend to qemu
Date: Wed, 27 Jan 2010 18:59:09 +0200
Message-ID: <20100127165909.GA13260@redhat.com>
References: <1264538423.24933.144.camel@w-sridhar.beaverton.ibm.com> <4B5F54E8.3080507@codemonkey.ws> <4B5F5594.6080006@codemonkey.ws> <20100127092451.GC3476@redhat.com> <4B60488F.5020506@codemonkey.ws>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Sridhar Samudrala <sri@us.ibm.com>, avi@redhat.com,
	markmc@redhat.com, ogerlitz@voltaire.com, kvm@vger.kernel.org,
	qemu-devel@vger.kernel.org
To: Anthony Liguori <anthony@codemonkey.ws>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:25463 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755620Ab0A0RCY (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 27 Jan 2010 12:02:24 -0500
Content-Disposition: inline
In-Reply-To: <4B60488F.5020506@codemonkey.ws>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Wed, Jan 27, 2010 at 08:07:11AM -0600, Anthony Liguori wrote:
> On 01/27/2010 03:24 AM, Michael S. Tsirkin wrote:
>> I am not sure I agree with this sentiment.  The main issue being that
>> macvtap doesn't exist on all kernels :).
>
> Neither does vhost ;-)  If it were just that as the difference, I'd be  
> inclined to agree, but macvtap is much better from a security PoV.
>
>>> Not to mention that from a user perspective, raw makes almost no sense
>>> as it's an obscure socket protocol family.
>>>
>>> A user wants to do useful things like bridged networking or direct VF
>>> assignment.  We should have -net backends that reflect things that make
>>> sense to a user.
>>>
>>> Regards,
>>>
>>> Anthony Liguori
>>>      
>>
>> I agree to that. People don't even seem to agree whether it's a raw
>> socket or a packet socket :) We need a better name for this option: what
>> it really does is rely on an external device to loopback a packet to us,
>> so how about -net loopback or -net extbridge?
>>    
>
> Specifically for VEPA, something like:
>
> -net extbridge,if=eth0
>
> or even
>
> -net vepa,if=eth0
>
> Would be fantastic.

extbridge is IMO better.

> I think the best way to achieve this is to  
> introduce a small helper that gets called and can create a macvtap  
> device and hand the file descriptor back to qemu :-)  A builtin backend  
> would also be fine since we don't have the helper infrastructure.

Excellent.
Sridhar, this is actually not a lot of work on top of what you
already posted.

> Regards,
>
> Anthony Liguori