[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Re: [PATCH qemu-kvm] Add raw(af_packet) network backend to
[Qemu-devel] Re: [PATCH qemu-kvm] Add raw(af_packet) network backend to qemu
Tue, 26 Jan 2010 15:15:35 -0800
On Tue, 2010-01-26 at 14:47 -0600, Anthony Liguori wrote:
> On 01/26/2010 02:40 PM, Sridhar Samudrala wrote:
> > This patch adds raw socket backend to qemu and is based on Or Gerlitz's
> > patch re-factored and ported to the latest qemu-kvm git tree.
> > It also includes support for vnet_hdr option that enables gso/checksum
> > offload with raw backend. You can find the linux kernel patch to support
> > this feature here.
> > http://thread.gmane.org/gmane.linux.network/150308
> > Signed-off-by: Sridhar Samudrala<address@hidden>
> See the previous discussion about the raw backend from Or's original
> patch. There's no obvious reason why we should have this in addition to
> a tun/tap backend.
> The only use-case I know of is macvlan but macvtap addresses this
> functionality while not introduce the rather nasty security problems
> associated with a raw backend.
The raw backend can be attached to a physical device, macvlan or SR-IOV VF.
I don't think AF_PACKET socket itself introduces any security problems. The
raw socket can be created only by a user with CAP_RAW capability. The only
issue is if we need to assume that qemu itself is an untrusted process and a
raw fd cannot be passed to it.
But, i think it is a useful backend to support in qemu that provides guest to
remote host connectivity without the need for a bridge/tap.
macvtap could be an alternative if it supports binding to SR-IOV VFs too.
- [Qemu-devel] Re: [PATCH qemu-kvm] Add raw(af_packet) network backend to qemu,
Sridhar Samudrala <=