Sridhar Samudrala wrote:
Can't we bind the raw socket to the tap interface instead of the
physical interface and allow the bridge config to work.
But why use the raw interface instead of tap directly.
Let me summarize the discussion so far:
Raw sockets
Pros:
o User specifies a network interface to bind to
o External traffic Just Works, guest-to-guest traffic Just Works
Cons:
o Requires root (cannot chmod)
o Guest<->host traffic does not work
o No support for GSO/checksum offload
Some things that I'm not sure will work or not:
o guest with a bridge (sending traffic with multiple mac addresses)
o guest trying to enter promiscuous mode
Tap
Pros:
o All types of networking works when configured
o Supports non-root users via tunctl
o Supports GSO/checksum offload
Cons:
o Requires configuring a bridge which can be difficult for some users
Since I don't see any clear features in raw sockets that aren't present
in tap, the argument really boils down to two things. First, we should
take any feature in qemu and let the user decide whether or not they
want to use it. I strongly feel this is a bad philosophy that will lead
to increased user confusion and a poor user experience.
Second, even though raw looses performance and requires root, since it
requires no external configuration it is easier to use and therefore
should be an option for users. I dislike this argument because it
tricks a user into thinking that raw is a viable replacement for tap.
It certainly isn't performance wise but most importantly, it isn't from
a functional perspective. I would be much more inclined to consider
taking raw and improving the performance long term if guest<->host
networking worked. This appears to be a fundamental limitation though
and I think it's something that will forever plague users if we include
this feature.
So at this point, I think it's a mistake to include raw socket support.
If the goal is to improve networking usability such that it just works
as a root user, let's incorporate a default network script that creates
a bridge or something like that. There are better ways to achieve that
goal.
Regards,
Anthony Liguori
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
