From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LKe2j-0003Kp-Cc
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 14:26:17 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LKe2g-0003KE-MY
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 14:26:15 -0500
Received: from [199.232.76.173] (port=47707 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LKe2g-0003KB-JE
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 14:26:14 -0500
Received: from fg-out-1718.google.com ([72.14.220.159]:22945)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1LKe2g-0007AF-DE
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 14:26:14 -0500
Received: by fg-out-1718.google.com with SMTP id 19so866161fgg.8
	for <qemu-devel@nongnu.org>; Wed, 07 Jan 2009 11:26:12 -0800 (PST)
Message-ID: <496501CD.8060202@codemonkey.ws>
Date: Wed, 07 Jan 2009 13:26:05 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
References: <20090107142626.GE3267@redhat.com>
	<4964D98B.6030404@codemonkey.ws>	<20090107165050.GI3267@redhat.com>
	<4964EC2B.1080406@codemonkey.ws>	<4964EC55.4000507@codemonkey.ws>
	<20090107184103.GA19406@redhat.com>
In-Reply-To: <20090107184103.GA19406@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Gleb Natapov wrote:
> On Wed, Jan 07, 2009 at 11:54:29AM -0600, Anthony Liguori wrote:
>   
>> Anthony Liguori wrote:
>>     
>>>> That is for secure guest<->host communication over network. Guest has to
>>>> know somehow which link host uses for communication. If guest has no way
>>>> to know this, another computer on untrusted network can pretend it is 
>>>> real
>>>> host and "own" a guest.   
>>>>         
>>> So this is for vmchannel?  How do you differentiate a real device with  
>>> that bit set compared to the vmchannel device?
>>>       
>> Like if you were doing PCI passthrough of an e1000...
>>
>>     
> It's not just one bit. It is 14 byte string. We can put something unique there.
>   

This is for vmchannel?  Why not add a feature to virtio-net?

Regards,

Anthony Liguori