From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LFVr4-0007VU-KM
	for qemu-devel@nongnu.org; Wed, 24 Dec 2008 10:41:02 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LFVr3-0007VF-6S
	for qemu-devel@nongnu.org; Wed, 24 Dec 2008 10:41:02 -0500
Received: from [199.232.76.173] (port=55714 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LFVr2-0007VA-W1
	for qemu-devel@nongnu.org; Wed, 24 Dec 2008 10:41:01 -0500
Received: from an-out-0708.google.com ([209.85.132.250]:47997)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1LFVr2-0000EU-Ll
	for qemu-devel@nongnu.org; Wed, 24 Dec 2008 10:41:00 -0500
Received: by an-out-0708.google.com with SMTP id c38so1478230ana.37
	for <qemu-devel@nongnu.org>; Wed, 24 Dec 2008 07:41:00 -0800 (PST)
Message-ID: <49525808.9080002@codemonkey.ws>
Date: Wed, 24 Dec 2008 09:40:56 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Merging improvements from VirtualBox OSE into qemu?
References: <49522F8D.4000203@turnkeylinux.org>	<200812241336.01702.paul@codesourcery.com>
	<4952484F.6010406@turnkeylinux.org>
In-Reply-To: <4952484F.6010406@turnkeylinux.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: turnkey-discuss@lists.turnkeylinux.org, Paul Brook <paul@codesourcery.com>

Liraz Siri wrote:
> Paul Brook wrote:
>
>   
>> You need root privileges to load the random kernel modules required to d this. 
>> Not going to happen for qemu.
>>     
>
> There's at least one counter-precedent. qemu takes advantage of kqemu
> which is also a "random kernel module". How would supporting a kernel
> module that simplified a bridged networking be any different?
>   

I would object strongly to any new code in QEMU that was relying on a 
kernel module that had no chance of making it upstream.

FWIW, we could simplify bridged networking in QEMU but it would require 
root privileges or a setuid helper.

All someone has to do is write an /etc/qemu-ifup and /etc/qemu-ifdown 
that create a bridged interface.  I'd be happy to take patches to pass 
additional parameters to the script.  For instance, you could do:

-net tap,mode=bridging,if=eth0

And it could Just Work.  /etc/qemu-ifup and /etc/qemu-ifdown would have 
to be setuid helpers of course and they should enforce some sort of 
group access control.

> Also, qemu seems to require root privileges to setup tap devices, so it
> wouldn't be a first.
>   

It does, but there's no reason we could extend tap just a little bit so 
that it got a file descriptor from the /etc/qemu-ifup script.

> BTW, we don't need this for our own use. We setup VDE + tap devices
> bridged to the network interface. Works great, at least for NICs that
> support bridging.

AFAIK, VDE doesn't actually get a tap file descriptor.  Instead it sends 
all traffic to a daemon for processing.  This implies that performance 
will never be as good as tap.

Regards,

Anthony Liguori