From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH qemu-kvm] Add raw(af_packet) network backend to qemu
Date: Wed, 27 Jan 2010 22:39:13 +0100
Message-ID: <201001272239.13383.arnd@arndb.de>
References: <1264538423.24933.144.camel@w-sridhar.beaverton.ibm.com> <20100127094427.GE3476@redhat.com> <4B6047A7.2030408@codemonkey.ws>
Mime-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
	Sridhar Samudrala <sri@us.ibm.com>, avi@redhat.com,
	markmc@redhat.com, ogerlitz@voltaire.com, kvm@vger.kernel.org,
	qemu-devel@vger.kernel.org
To: Anthony Liguori <anthony@codemonkey.ws>
Return-path: <kvm-owner@vger.kernel.org>
Received: from moutng.kundenserver.de ([212.227.17.8]:53732 "EHLO
	moutng.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756033Ab0A0VkE (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 27 Jan 2010 16:40:04 -0500
In-Reply-To: <4B6047A7.2030408@codemonkey.ws>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Wednesday 27 January 2010, Anthony Liguori wrote:
> >> I think -net socket,fd should just be (trivially) extended to work with raw
> >> sockets out of the box, with no support for opening it. Then you can have
> >> libvirt or some wrapper open a raw socket and a private namespace and just pass it
> >> down.
> >>      
> > That'd work. Anthony?
> 
> The fundamental problem that I have with all of this is that we should 
> not be introducing new network backends that are based around something 
> only a developer is going to understand.  If I'm a user and I want to 
> use an external switch in VEPA mode, how in the world am I going to know 
> that I'm supposed to use the -net raw backend or the -net socket 
> backend?  It might as well be the -net butterflies backend as far as a 
> user is concerned.

My point is that we already have -net socket,fd and any user that passes
an fd into that already knows what he wants to do with it. Making it
work with raw sockets is just a natural extension to this, which works
on all kernels and (with separate namespaces) is reasonably secure.

I fully agree that we should not introduce further network backends
that would confuse users, but making the existing backends more
flexible is something entirely different.

	Arnd