On Thu, 5 Aug 2010 15:04:14 -0700 "Ronciak, John" <[email protected]> wrote:
> Sorry, typo in the message. Should be: > So the long story short is that we will _not_ be considering adding support > for this due to the security risks that this would enable. I hope you > can see the issues involved for us. I don't like vendors making security choices for users. It seems to me like health and safety regulations on cars. In a virtual environment, promiscuous mode should be under control of the hypervisor. If the HV wants to create a VF interface that allows promiscuous and give that to a VM, then it should be able to (on a VF by VF basis). It shouldn't be up the Guest VM what the settings of the VF are. It matters to Vyatta, because we have users that deploy with doing firewall, bridging, etc in a guest VM. In these cases, it makes sense to allow one VF for the virtual router and another VF for other uses without promiscuous support. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ E1000-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
