Re: [9fans] 9vx/vx32 - Out of ignorance

[Lucio De Re <lucio@proxima.alt.za>]

On Sun, Sep 12, 2010 at 07:30:05PM +0200, yy wrote:
>
> 2010/9/12 Lucio De Re <lucio@proxima.alt.za>:
> > My thinking is that 9vx could start up as root
> > [ ... ]
>
> The advantage of the tap device is precisely that it does not need
> root permissions. You need those permissions to manage the devices,
> but that will be normally done by tunctl or openvpn. Those are the
> programs that have to worry about being run as root, not 9vx. In other
> words: you need to be root to create the tap device, but not to use
> it.
>
I eventually got that far :-)
I do appreciate confirmation of my understanding and I now understand
the underlying processes considerably better.

> > And if anybody can arrange a short lesson on using networking under 9vx,
> > that would also be greatly appreciated.
>
> Inside 9vx, networking with tap devices is not different to using
> physical devices. At the host system level, it works as it does in
> qemu (there could be more bugs though). There are many qemu tutorials
> with sample scripts and better explanations than what I could give.

I'll check on qemu, I haven't tried it with any success (or real effort,
for that matter) in the past, but then I also had even less understanding
than I have now.

> The particular configuration I'm using is documented at:
>
> http://wiki.archlinux.org/index.php/QEMU#Tap_Networking_with_QEMU
>
> Based on the qemu-ifup/down scripts described there I wrote a 9vx-tap
> script you can find at:
>
> http://bitbucket.org/yiyus/vx32/src/tip/src/9vx/9vx-tap
>
> Probably disecting that script is the best way to understand how the
> bridge, the tap devices and 9vx play together.
>
It's very, very helpful.  I would, and almost certainly will, have
split the "tunnel" and "openvpn" portions into two scripts (a selector
of some type might be good enough, but isn't easily justified), because
I'm sure that they don't overlap quite the way the present shape of the
script suggests.  I found it after posting my request, I still haven't
got everything working to my satisfaction, but I think the reference to
qemu will help.

There are still questions unanswered: (1) would switching userid be
useful and practical, irrespective of the actual need for it? and (2)
would it make sense to migrate the virtual network devices to vx32?
I'm quite happy to entertain opinions, that's all I have to work with
right now, it takes me a long time to read and understand source code :-(

I know that Ron has already replied to the first of these questions,
I'm hoping that those who made the original decisions will contribute
their rationales as well.

++L

PS: and thanks to all those who have contributed to such a superb toolkit.