On Tue, Feb 05, 2008 at 12:53:57AM +0100, Loic Dachary wrote: > In reply to > > http://www.redhat.com/archives/libvir-list/2007-April/msg00177.html > > an area where vde_switch support is usefull is an unprivileged user > running tests. A test suite involving the creation of qemu instances > thru libvirt should not be forced to create a bridge or alter the > iptables configuration. With vde_switch and slirpvde multiple qemu > instances can be run without altering the network configuration of the host. When Mark originally investigated & designed the virtual networking APIs in libvirt he looked at VDE as one of the possible impls http://www.gnome.org/~markmc/virtual-networking.html VDE could certainly serve as an impl of the virtual networking APIs for non-root users whom do not have ability to create bridge devices. In the end we only implemented the bridge/iptables based driver for networking, but the libvirt driver design means it is possible to drop in an alternate impl of the networking APIs as required. So if someone's interested in writing a driver using VDE patches are welcomed.... The main problem I know of is not VDE itself, but the means of connecting a VDE network to the outside world - namely the SLIRP code. Last time it was examined it was found to be non-64-bit clean & have significant question around security. We wondered about whether it would be possible to have a privileged helper for creating tap devices which could be used to connect the VDE network to the outside world. Its possible, but the devil's in the details & how you constrain access to not conflict with host networking. Dan, -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list