On Fri, Feb 21, 2014 at 8:01 AM, Luis R. Rodriguez <mcgrof@xxxxxxxxxxxxxxxx> wrote: > On Fri, Feb 21, 2014 at 5:02 AM, Zoltan Kiss <zoltan.kiss@xxxxxxxxxx> wrote: >>> Agreed that's the best strategy and I'll work on sending patches to >>> brctl to enable the root_block preference. This approach however also >> >> I don't think brctl should deal with any Xen specific stuff. I assume there >> is a misunderstanding in this thread: when I (and possibly other Xen folks) >> talk about "userspace" or "toolstack" here, I mean Xen specific tools which >> use e.g. brctl to set up bridges. Not brctl itself. > > I did mean brctl, but as I looked at the code it doesn't used > rtnl_open() and not sure if Stephen would want that. Actually that'd be the incorrect tool to extend, iproute2 would be the new way with: ip link add dev xenbr0 type bridge ip link set dev eth0 master xenbr0 ip link set dev vif1.0 master xenbr0 <root_block> where root_block would be the new desired argument. This would use the rtnetlink RTM_SETLINK + IFLA_MASTER, which will in turn kick off the bridge ndo_add_slave(). Still though it seems this requires the eth0 device to actually exist and as such from what I can tell we can't set the root_block preference until *after* the addition onto the bridge, which should mean the bridge could still take the vif1.0 MAC address momentarily. This is of course only an issue if the link was up during the additions. This makes me think perhaps nothing is needed then and scripts could just use the: bridge link set dev vif1.0 root_block on I also just noticed that if an entry that was the bridge root port got a root_block toggle we don't kick off the newly blocked port, I just verified this. Note that removing the interface from the bridge does however reset the bridge with a proper new root port: ip link set dev vif1.0 nomaster For old userspace with brctl and no iproute2 we're shit out of luck, this means we can't use root block (xen-netblock was added on v2.6.39). Stephen all this can we add the priv_flags flag to help out as proposed, but I'd make it just toggle the new root_block flag, that'd enable drivers to use this from initialization. Let me know if you have other suggestions or things I may have missed. Luis