From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sun, 12 Sep 2010 21:30:47 +0200 From: Lucio De Re To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20100912193047.GC3919@fangle.proxima.alt.za> References: <20100912161716.GB3919@fangle.proxima.alt.za> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: [9fans] 9vx/vx32 - Out of ignorance Topicbox-Message-UUID: 566220d4-ead6-11e9-9d60-3106f5b1d025 On Sun, Sep 12, 2010 at 07:30:05PM +0200, yy wrote: > > 2010/9/12 Lucio De Re : > > My thinking is that 9vx could start up as root > > [ ... ] > > The advantage of the tap device is precisely that it does not need > root permissions. You need those permissions to manage the devices, > but that will be normally done by tunctl or openvpn. Those are the > programs that have to worry about being run as root, not 9vx. In other > words: you need to be root to create the tap device, but not to use > it. > I eventually got that far :-) I do appreciate confirmation of my understanding and I now understand the underlying processes considerably better. > > And if anybody can arrange a short lesson on using networking under 9vx, > > that would also be greatly appreciated. > > Inside 9vx, networking with tap devices is not different to using > physical devices. At the host system level, it works as it does in > qemu (there could be more bugs though). There are many qemu tutorials > with sample scripts and better explanations than what I could give. I'll check on qemu, I haven't tried it with any success (or real effort, for that matter) in the past, but then I also had even less understanding than I have now. > The particular configuration I'm using is documented at: > > http://wiki.archlinux.org/index.php/QEMU#Tap_Networking_with_QEMU > > Based on the qemu-ifup/down scripts described there I wrote a 9vx-tap > script you can find at: > > http://bitbucket.org/yiyus/vx32/src/tip/src/9vx/9vx-tap > > Probably disecting that script is the best way to understand how the > bridge, the tap devices and 9vx play together. > It's very, very helpful. I would, and almost certainly will, have split the "tunnel" and "openvpn" portions into two scripts (a selector of some type might be good enough, but isn't easily justified), because I'm sure that they don't overlap quite the way the present shape of the script suggests. I found it after posting my request, I still haven't got everything working to my satisfaction, but I think the reference to qemu will help. There are still questions unanswered: (1) would switching userid be useful and practical, irrespective of the actual need for it? and (2) would it make sense to migrate the virtual network devices to vx32? I'm quite happy to entertain opinions, that's all I have to work with right now, it takes me a long time to read and understand source code :-( I know that Ron has already replied to the first of these questions, I'm hoping that those who made the original decisions will contribute their rationales as well. ++L PS: and thanks to all those who have contributed to such a superb toolkit.