On Wednesday 27 January 2010, Anthony Liguori wrote:
> >> I think -net socket,fd should just be (trivially) extended to work with raw
> >> sockets out of the box, with no support for opening it. Then you can have
> >> libvirt or some wrapper open a raw socket and a private namespace and just
> >> pass it
> >> down.
> >>
> > That'd work. Anthony?
>
> The fundamental problem that I have with all of this is that we should
> not be introducing new network backends that are based around something
> only a developer is going to understand. If I'm a user and I want to
> use an external switch in VEPA mode, how in the world am I going to know
> that I'm supposed to use the -net raw backend or the -net socket
> backend? It might as well be the -net butterflies backend as far as a
> user is concerned.
My point is that we already have -net socket,fd and any user that passes
an fd into that already knows what he wants to do with it. Making it
work with raw sockets is just a natural extension to this, which works
on all kernels and (with separate namespaces) is reasonably secure.
I fully agree that we should not introduce further network backends
that would confuse users, but making the existing backends more
flexible is something entirely different.
Arnd
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
