Re: [Qemu-devel] [PATCH] mark nic as trusted

[Anthony Liguori <anthony@codemonkey.ws>]

Gleb Natapov wrote:
> On Wed, Jan 07, 2009 at 01:26:05PM -0600, Anthony Liguori wrote:
>   
>> Gleb Natapov wrote:
>>     
>>> On Wed, Jan 07, 2009 at 11:54:29AM -0600, Anthony Liguori wrote:
>>>   
>>>       
>>>> Anthony Liguori wrote:
>>>>     
>>>>         
>>>>>> That is for secure guest<->host communication over network. Guest has to
>>>>>> know somehow which link host uses for communication. If guest has no way
>>>>>> to know this, another computer on untrusted network can pretend 
>>>>>> it is real
>>>>>> host and "own" a guest.           
>>>>>>             
>>>>> So this is for vmchannel?  How do you differentiate a real device 
>>>>> with  that bit set compared to the vmchannel device?
>>>>>       
>>>>>           
>>>> Like if you were doing PCI passthrough of an e1000...
>>>>
>>>>     
>>>>         
>>> It's not just one bit. It is 14 byte string. We can put something unique there.
>>>   
>>>       
>> This is for vmchannel?  Why not add a feature to virtio-net?
>>
>>     
> Yes. This is for vmchannel. Or any other management solution that work
> over network. It has to know what network it can trust. The alternative
> is much more complex (security certificates, etc).  Why do it virtio-net
> specific? What's wrong with more general solution?
>   

Does Windows provide an API for determining "trustedness"?  How is this 
exposed to userspace in Linux?

The thinking behind virtio-net is that you may want to expose a 
different userspace interface in Windows than networking (maybe 
something more direct) since it may be impossible to get around the 
Windows firewalling nonsense.  With virtio-net, you could have the 
Windows driver check the special "vmchannel" flag and present a 
different userspace interface than the traditional network driver.

Although that's just a thought.

Regards,

Anthony Liguori

> --
> 			Gleb.
>
>
>