From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LKbbC-0008Qq-Cb
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 11:49:42 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LKbbA-0008Q5-Iw
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 11:49:41 -0500
Received: from [199.232.76.173] (port=48928 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LKbbA-0008Q0-AH
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 11:49:40 -0500
Received: from mx2.redhat.com ([66.187.237.31]:53161)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <gleb@redhat.com>) id 1LKbb9-000761-NK
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 11:49:40 -0500
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n07GnckO030414
	for <qemu-devel@nongnu.org>; Wed, 7 Jan 2009 11:49:38 -0500
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n07Gnd6b011894
	for <qemu-devel@nongnu.org>; Wed, 7 Jan 2009 11:49:39 -0500
Received: from dhcp-1-237.tlv.redhat.com (dhcp-1-237.tlv.redhat.com
	[10.35.1.237])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n07GncFx008764
	for <qemu-devel@nongnu.org>; Wed, 7 Jan 2009 11:49:38 -0500
Date: Wed, 7 Jan 2009 18:50:50 +0200
From: Gleb Natapov <gleb@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
Message-ID: <20090107165050.GI3267@redhat.com>
References: <20090107142626.GE3267@redhat.com> <4964D98B.6030404@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4964D98B.6030404@codemonkey.ws>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

On Wed, Jan 07, 2009 at 10:34:19AM -0600, Anthony Liguori wrote:
> Gleb Natapov wrote:
>> This patch allows to mark specific nic as trusted by adding special
>> PCI capability. "Trusted" means that it is used for communication
>> between host and guest and no malicious entity can inject traffic
>> to the nic.
>>
>> Signed-off-by: Gleb Natapov <gleb@redhat.com>
>>   
>
> What utility does this have?  Does this make Windows happy in some  
> special way?
>
That is for secure guest<->host communication over network. Guest has to
know somehow which link host uses for communication. If guest has no way
to know this, another computer on untrusted network can pretend it is real
host and "own" a guest. 

--
			Gleb.