From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:46621) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RBsd1-0001Px-N2 for qemu-devel@nongnu.org; Thu, 06 Oct 2011 14:25:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RBsd0-0003X9-59 for qemu-devel@nongnu.org; Thu, 06 Oct 2011 14:25:07 -0400 Received: from e9.ny.us.ibm.com ([32.97.182.139]:50108) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RBsd0-0003TI-10 for qemu-devel@nongnu.org; Thu, 06 Oct 2011 14:25:06 -0400 Received: from d01relay07.pok.ibm.com (d01relay07.pok.ibm.com [9.56.227.147]) by e9.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p96HnCGL018238 for ; Thu, 6 Oct 2011 13:49:12 -0400 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay07.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p96IP01U540812 for ; Thu, 6 Oct 2011 14:25:00 -0400 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p96IOtCu019751 for ; Thu, 6 Oct 2011 15:24:59 -0300 Message-ID: <4E8DF274.9000502@linux.vnet.ibm.com> Date: Thu, 06 Oct 2011 14:24:52 -0400 From: Corey Bryant MIME-Version: 1.0 References: <1317915508-15491-1-git-send-email-rmarwah@linux.vnet.ibm.com> <1317915508-15491-5-git-send-email-rmarwah@linux.vnet.ibm.com> <4E8DEA34.1050005@us.ibm.com> <4E8DF02E.1060202@linux.vnet.ibm.com> <4E8DF141.4060007@codemonkey.ws> In-Reply-To: <4E8DF141.4060007@codemonkey.ws> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 4/4] Add support for bridge List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: Anthony Liguori , Richa Marwaha , qemu-devel@nongnu.org On 10/06/2011 02:19 PM, Anthony Liguori wrote: > On 10/06/2011 01:15 PM, Corey Bryant wrote: >> >> >> On 10/06/2011 01:49 PM, Anthony Liguori wrote: >>> On 10/06/2011 10:38 AM, Richa Marwaha wrote: >>>> The most common use of -net tap is to connect a tap device to a >>>> bridge. This >>>> requires the use of a script and running qemu as root in order to >>>> allocate a >>>> tap device to pass to the script. >>>> >>>> This model is great for portability and flexibility but it's incredibly >>>> difficult to eliminate the need to run qemu as root. The only really >>>> viable >>>> mechanism is to use tunctl to create a tap device, attach it to a >>>> bridge as >>>> root, and then hand that tap device to qemu. The problem with this >>>> mechanism >>>> is that it requires administrator intervention whenever a user wants >>>> to create >>>> a guest. >>>> >>>> By essentially writing a helper that implements the most common >>>> qemu-ifup >>>> script that can be safely given cap_net_admin, we can dramatically >>>> simplify >>>> things for non-privileged users. We still support existing -net tap >>>> options >>>> as a mechanism for advanced users and backwards compatibility. >>>> >>>> Currently, this is very Linux centric but there's really no reason >>>> why it >>>> couldn't be extended for other Unixes. >>>> >>>> The default bridge that we attach to is qemubr0. The thinking is that >>>> a distro >>>> could preconfigure such an interface to allow out-of-the-box bridged >>>> networking. >>>> >>>> Alternatively, if a user wants to use a different bridge, they can say: >>>> >>>> qemu-hda linux.img -net >>>> tap,br=br0,helper=/usr/local/libexec/qemu-bridge-helper >>>> -net nic,model=virtio >>> >>> >>> Wouldn't it be better to make the syntax: >>> >>> -net bridge[,br=BRIDGE][,helper=HELPER] >>> >>> And default BRIDGE to br0 and HELPER to >>> ${prefix}/libexec/qemu-bridge-helper ? >>> >>> That gives distros a proper way to configure a default bridge making >>> -net bridge Just Work for most people. >>> >>> Regards, >>> >>> Anthony Liguori >>> >> >> Yes I think it would be much more usable under -net bridge. I really >> wanted this >> to work under -net tap (where fd and init are) but now we know there's >> no good >> way to default to the helper without spelling out the path. > > I'm certainly in favor of leaving helper as part of -net tap, but I > think there should be a -net bridge in addition. > > Regards, > > Anthony Liguori Ok, yes. The best of both worlds. -- Regards, Corey