Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC addre

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC addre

From:	Avi Kivity
Subject:	Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config
Date:	Sun, 18 Jan 2009 11:42:24 +0200
User-agent:	Thunderbird 2.0.0.19 (X11/20090105)

Dor Laor wrote:

Jamie Lokier wrote:
Dor Laor wrote:
What I meant is that if we allow the guest to change his macaddress, it can deliberatelychange it to other hosts/guests mac and thus create networkingproblems.Although guest can always mangle packets, maybe it worth enforcingthese macs for the guest.
Although it can create network problems, sometimes it is also wanted.

I think if you want to restrict the guests's ability to break the
network by changing its MAC, it would be appropriate to have an option
to completely lock down the MAC so the guest can't change its MAC atall.
That's what I was shooting to.
One example this can be helpful is when kvm is used to run virtualservers in a computing
farm like Amazon. You wouldn't like a VM owner to mess your network.

Restricting the MAC address won't help. The guest can still forge thelink layer address and/or the IP layer addresses.


This needs to be addressed by netfilter.

--
error compiling committee.c: too many arguments to function

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, (continued)
- [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Dor Laor, 2009/01/14
  - [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Alex Williamson, 2009/01/14
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Jamie Lokier, 2009/01/14
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Dor Laor, 2009/01/14
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Dor Laor, 2009/01/14
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Paul Brook, 2009/01/14
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Jamie Lokier, 2009/01/15
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Jamie Lokier, 2009/01/15
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Avi Kivity, 2009/01/15
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Dor Laor, 2009/01/18
    - Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config, Avi Kivity <=

Prev by Date: Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config
Next by Date: [Qemu-devel] [PATCH v3] Stop VM on ENOSPC error.
Previous by thread: Re: [Qemu-devel] Re: [PATCH 1/5] virtio-net: Allow setting the MAC address via set_config
Next by thread: [Qemu-devel] [PATCH 4/5] virtio-net: Enable filtering based on MAC, promisc, broadcast and allmulti
Index(es):
- Date
- Thread