Re: [libvirt] Libvirt and IPSec

Hi Paolo, thanks for the document. I read it briefly and the design itself seems good however in the document you mentioned moving the logic from user-space to kernel-space which I'm not sure how would you like to achieve this since libvirt itself is in the user-space stack and not kernel-space. For having some implementation of those things directly in the kernel-space you would require to modify the kernel on the host itself which would be very similar to Xen that requires modified kernel - Xen kernel. This introduces some issues there since if you're not able to make it be merged into the upstream kernel tree then you'll be having the same issues like Xen does. If you implement this as a kernel-module and also if you make the module upstream accepted then you'll be most likely fine however you need to upstream acceptance of the module or provide the source codes for the module somewhere to be recompiled for the kernel the user is having. What exactly would you like to move to the kernel-space ? Thanks, Michal