Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-he

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-he

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper
Date:	Mon, 3 Dec 2012 14:10:18 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

On Fri, Nov 30, 2012 at 03:35:46PM +0100, Paolo Bonzini wrote:
> Il 30/11/2012 08:10, Mike Lovell ha scritto:
> > On 10/12/2012 12:49 AM, Mike Lovell wrote:
> >> This makes a few changes to allow ifname to be specified when using
> >> qemu-bridge-helper with both the bridge and tap network interfaces. It
> >> adds
> >> the --ifname option to qemu-bridge-helper, removes the restriction
> >> that ifname
> >> cannot be specified with helper for the tap interface, and adds logic to
> >> specify the --ifname option when exec'ing the helper.
> >
> > ping ... or syn. any other thoughts about this?
> 
> I share Michael's perplexity.  This feature could be exploitable.
> 
> If we want to add this, the ifname should be subject to ACL rules just
> like bridge names.  For example you could have a special allow/deny
> directive "allow foo@" which allows ifnames starting with "foo".

This is a good idea.  The default should be that you are not allowed to
choose arbitrary interface names.

Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper, Stefan Hajnoczi <=

Prev by Date: Re: [Qemu-devel] [PATCH 2/2] pc_sysfw: Plug memory leak on pc_fw_add_pflash_drv() error path
Next by Date: Re: [Qemu-devel] [Qemu-trivial] [PATCH 1/2] pc_sysfw: Check for qemu_find_file() failure
Previous by thread: Re: [Qemu-devel] [PATCH 2/2] pc_sysfw: Plug memory leak on pc_fw_add_pflash_drv() error path
Next by thread: Re: [Qemu-devel] slow HD performance in mingw
Index(es):
- Date
- Thread