Re: [Libvir] libvirt & vde_switch

On Tue, Feb 05, 2008 at 12:53:57AM +0100, Loic Dachary wrote: When Mark originally investigated & designed the virtual networking APIs in libvirt he looked at VDE as one of the possible impls http://www.gnome.org/~markmc/virtual-networking.html VDE could certainly serve as an impl of the virtual networking APIs for non-root users whom do not have ability to create bridge devices. In the end we only implemented the bridge/iptables based driver for networking, but the libvirt driver design means it is possible to drop in an alternate impl of the networking APIs as required. So if someone's interested in writing a driver using VDE patches are welcomed.... The main problem I know of is not VDE itself, but the means of connecting a VDE network to the outside world - namely the SLIRP code. Last time it was examined it was found to be non-64-bit clean & have significant question around security. We wondered about whether it would be possible to have a privileged helper for creating tap devices which could be used to connect the VDE network to the outside world. Its possible, but the devil's in the details & how you constrain access to not conflict with host networking. Dan, -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|