On Wed, 2010-01-27 at 22:39 +0100, Arnd Bergmann wrote: > On Wednesday 27 January 2010, Anthony Liguori wrote: > > >> I think -net socket,fd should just be (trivially) extended to work with raw > > >> sockets out of the box, with no support for opening it. Then you can have > > >> libvirt or some wrapper open a raw socket and a private namespace and just pass it > > >> down. > > >> > > > That'd work. Anthony? > > > > The fundamental problem that I have with all of this is that we should > > not be introducing new network backends that are based around something > > only a developer is going to understand. If I'm a user and I want to > > use an external switch in VEPA mode, how in the world am I going to know > > that I'm supposed to use the -net raw backend or the -net socket > > backend? It might as well be the -net butterflies backend as far as a > > user is concerned. > > My point is that we already have -net socket,fd and any user that passes > an fd into that already knows what he wants to do with it. Making it > work with raw sockets is just a natural extension to this, which works > on all kernels and (with separate namespaces) is reasonably secure. Didn't realize that -net socket is already there and supports TCP and UDP sockets. I will look into extending -net socket to support AF_PACKET SOCK_RAW type sockets. Thanks Sridhar -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
