[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-he
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper |
Date: |
Mon, 3 Dec 2012 14:10:18 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Fri, Nov 30, 2012 at 03:35:46PM +0100, Paolo Bonzini wrote:
> Il 30/11/2012 08:10, Mike Lovell ha scritto:
> > On 10/12/2012 12:49 AM, Mike Lovell wrote:
> >> This makes a few changes to allow ifname to be specified when using
> >> qemu-bridge-helper with both the bridge and tap network interfaces. It
> >> adds
> >> the --ifname option to qemu-bridge-helper, removes the restriction
> >> that ifname
> >> cannot be specified with helper for the tap interface, and adds logic to
> >> specify the --ifname option when exec'ing the helper.
> >
> > ping ... or syn. any other thoughts about this?
>
> I share Michael's perplexity. This feature could be exploitable.
>
> If we want to add this, the ifname should be subject to ACL rules just
> like bridge names. For example you could have a special allow/deny
> directive "allow foo@" which allows ifnames starting with "foo".
This is a good idea. The default should be that you are not allowed to
choose arbitrary interface names.
Stefan
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper,
Stefan Hajnoczi <=