From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:49453)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TeRhA-0002ke-SR
	for qemu-devel@nongnu.org; Fri, 30 Nov 2012 09:36:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TeRh4-0004nY-N8
	for qemu-devel@nongnu.org; Fri, 30 Nov 2012 09:36:00 -0500
Received: from mail-pa0-f45.google.com ([209.85.220.45]:36503)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TeRh4-0004nS-Gv
	for qemu-devel@nongnu.org; Fri, 30 Nov 2012 09:35:54 -0500
Received: by mail-pa0-f45.google.com with SMTP id bg2so367249pad.4
	for <qemu-devel@nongnu.org>; Fri, 30 Nov 2012 06:35:53 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <50B8C442.70007@redhat.com>
Date: Fri, 30 Nov 2012 15:35:46 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <5076E640.4090003@linux.vnet.ibm.com>
	<1350024543-26211-1-git-send-email-mike@dev-zero.net>
	<50B85BEA.6000107@dev-zero.net>
In-Reply-To: <50B85BEA.6000107@dev-zero.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for
	qemu-bridge-helper
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Mike Lovell <mike@dev-zero.net>
Cc: stefanha@gmail.com, qemu-devel@nongnu.org

Il 30/11/2012 08:10, Mike Lovell ha scritto:
> On 10/12/2012 12:49 AM, Mike Lovell wrote:
>> This makes a few changes to allow ifname to be specified when using
>> qemu-bridge-helper with both the bridge and tap network interfaces. It
>> adds
>> the --ifname option to qemu-bridge-helper, removes the restriction
>> that ifname
>> cannot be specified with helper for the tap interface, and adds logic to
>> specify the --ifname option when exec'ing the helper.
>
> ping ... or syn. any other thoughts about this?

I share Michael's perplexity.  This feature could be exploitable.

If we want to add this, the ifname should be subject to ACL rules just
like bridge names.  For example you could have a special allow/deny
directive "allow foo@" which allows ifnames starting with "foo".

Paolo