[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Libvir] libvirt & vde_switch

From: Mark McLoughlin <markmc redhat com>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: libvir-list redhat com, Loic Dachary <loic dachary org>
Subject: Re: [Libvir] libvirt & vde_switch
Date: Tue, 05 Feb 2008 08:21:13 +0000

On Tue, 2008-02-05 at 00:25 +0000, Daniel P. Berrange wrote:

> The main problem I know of is not VDE itself, but the means of connecting
> a VDE network to the outside world - namely the SLIRP code. Last time it
> was examined it was found to be non-64-bit clean & have significant question
> around security. We wondered about whether it would be possible to have a
> privileged helper for creating tap devices which could be used to connect
> the VDE network to the outside world. Its possible, but the devil's in the
> details & how you constrain access to not conflict with host networking.

	Nice summary ... that's exactly it.

	The sound part of VDE is it's ability to behave as a userspace ethernet
bridge. The nasty part is its TCP/IP stack - which is equivalent to
"qemu -net user".

	The ideal situation would be to allow unprivileged processes use the
kernel network stack rather than implementing a whole new stack. We
knocked around some ideas on that front but didn't come to any concrete
conclusions.

Cheers,
Mark.

References:
- [Libvir] libvirt & vde_switch
  - From: Loic Dachary
- Re: [Libvir] libvirt & vde_switch
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]