Xen project Mailing List

Re: [Xen-devel] Prevent vif-bridge from adding user-created tap interfaces to a bridge

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

Date: Thu, 03 Nov 2011 12:29:19 -0600

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Delivery-date: Thu, 03 Nov 2011 11:25:27 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Jim Fehlig wrote: > Ian Campbell wrote: > >> On Thu, 2011-10-27 at 16:12 +0100, Ian Jackson wrote: >> >> >>> Jim Fehlig writes ("[Xen-devel] Prevent vif-bridge from adding user-created >>> tap interfaces to a bridge"): >>> >>> > > Ok, my original post comes through now on a new thread... > > >>>> I received a report that vif-bridge adds any tap interface to a bridge, >>>> regardless if xen is running and who created the tap interface. E.g. >>>> >>>> # tunctl -p -t tap42 >>>> >>>> will cause vif-bridge to be executed as per the following rule in >>>> xen-backend.rules >>>> >>>> SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add", >>>> RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap" >>>> >>>> >>> Urgh. What a mess. >>> >>> >>> >>>> I'm not sure how to improve the rule to prevent execution of vif-setup >>>> in this case. But it seems better to handle it in vif-bridge anyhow, by >>>> not connecting the interface to a bridge if there is no corresponding >>>> info in xenstore. Something along the lines of the attached quick >>>> patch. Comments? >>>> >>>> >>> Aren't tap devices like this created by Xen's qemu ? And as such we >>> should be letting qemu run the script, and not have any hotplug >>> script called by udev. >>> >>> >> We explicitly changed away from that scheme not so long ago. The issue >> is that each tap has a vif counterpart which is somewhat logically the >> same device and should be setup the same way, hence via the same >> mechanisms. >> >> > > And qemu isn't involved when using netback. > > So how to proceed? Ian C. seemed to hesitantly ACK the patch in the > other thread [1] :). The suggestion to write the info to another path > in xenstore can also be implemented, although IMO, that the path is not > accessible to the frontend would be the only benefit. > Ping. I'd like to add this patch to our downstream package but would like upstream blessing first. Thanks, Jim > Thanks, > Jim > > [1] http://lists.xensource.com/archives/html/xen-devel/2011-10/msg02016.html > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.