From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:47048) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RBsXw-0008QU-BA for qemu-devel@nongnu.org; Thu, 06 Oct 2011 14:19:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RBsXv-0002Vb-Ak for qemu-devel@nongnu.org; Thu, 06 Oct 2011 14:19:52 -0400 Received: from mail-iy0-f173.google.com ([209.85.210.173]:63846) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RBsXv-0002VV-7f for qemu-devel@nongnu.org; Thu, 06 Oct 2011 14:19:51 -0400 Received: by iakl21 with SMTP id l21so47727iak.4 for ; Thu, 06 Oct 2011 11:19:49 -0700 (PDT) Message-ID: <4E8DF141.4060007@codemonkey.ws> Date: Thu, 06 Oct 2011 13:19:45 -0500 From: Anthony Liguori MIME-Version: 1.0 References: <1317915508-15491-1-git-send-email-rmarwah@linux.vnet.ibm.com> <1317915508-15491-5-git-send-email-rmarwah@linux.vnet.ibm.com> <4E8DEA34.1050005@us.ibm.com> <4E8DF02E.1060202@linux.vnet.ibm.com> In-Reply-To: <4E8DF02E.1060202@linux.vnet.ibm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 4/4] Add support for bridge List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Corey Bryant Cc: Anthony Liguori , Richa Marwaha , qemu-devel@nongnu.org On 10/06/2011 01:15 PM, Corey Bryant wrote: > > > On 10/06/2011 01:49 PM, Anthony Liguori wrote: >> On 10/06/2011 10:38 AM, Richa Marwaha wrote: >>> The most common use of -net tap is to connect a tap device to a >>> bridge. This >>> requires the use of a script and running qemu as root in order to >>> allocate a >>> tap device to pass to the script. >>> >>> This model is great for portability and flexibility but it's incredibly >>> difficult to eliminate the need to run qemu as root. The only really >>> viable >>> mechanism is to use tunctl to create a tap device, attach it to a >>> bridge as >>> root, and then hand that tap device to qemu. The problem with this >>> mechanism >>> is that it requires administrator intervention whenever a user wants >>> to create >>> a guest. >>> >>> By essentially writing a helper that implements the most common qemu-ifup >>> script that can be safely given cap_net_admin, we can dramatically >>> simplify >>> things for non-privileged users. We still support existing -net tap >>> options >>> as a mechanism for advanced users and backwards compatibility. >>> >>> Currently, this is very Linux centric but there's really no reason why it >>> couldn't be extended for other Unixes. >>> >>> The default bridge that we attach to is qemubr0. The thinking is that >>> a distro >>> could preconfigure such an interface to allow out-of-the-box bridged >>> networking. >>> >>> Alternatively, if a user wants to use a different bridge, they can say: >>> >>> qemu-hda linux.img -net >>> tap,br=br0,helper=/usr/local/libexec/qemu-bridge-helper >>> -net nic,model=virtio >> >> >> Wouldn't it be better to make the syntax: >> >> -net bridge[,br=BRIDGE][,helper=HELPER] >> >> And default BRIDGE to br0 and HELPER to >> ${prefix}/libexec/qemu-bridge-helper ? >> >> That gives distros a proper way to configure a default bridge making >> -net bridge Just Work for most people. >> >> Regards, >> >> Anthony Liguori >> > > Yes I think it would be much more usable under -net bridge. I really wanted this > to work under -net tap (where fd and init are) but now we know there's no good > way to default to the helper without spelling out the path. I'm certainly in favor of leaving helper as part of -net tap, but I think there should be a -net bridge in addition. Regards, Anthony Liguori