On Tue, 2008-02-05 at 00:25 +0000, Daniel P. Berrange wrote:
The main problem I know of is not VDE itself, but the means of connecting a VDE network to the outside world - namely the SLIRP code. Last time it was examined it was found to be non-64-bit clean & have significant question around security. We wondered about whether it would be possible to have a privileged helper for creating tap devices which could be used to connect the VDE network to the outside world. Its possible, but the devil's in the details & how you constrain access to not conflict with host networking.
Nice summary ... that's exactly it. The sound part of VDE is it's ability to behave as a userspace ethernet bridge. The nasty part is its TCP/IP stack - which is equivalent to "qemu -net user". The ideal situation would be to allow unprivileged processes use the kernel network stack rather than implementing a whole new stack. We knocked around some ideas on that front but didn't come to any concrete conclusions. Cheers, Mark.