From owner-freebsd-emulation Sun Aug 6 18:15:55 2000 Delivered-To: freebsd-emulation@freebsd.org Received: from quack.kfu.com (quack.kfu.com [205.178.90.194]) by hub.freebsd.org (Postfix) with ESMTP id 41BA237BCBF; Sun, 6 Aug 2000 18:15:53 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from morpheus.kfu.com (morpheus.kfu.com [205.178.90.230]) by quack.kfu.com (8.9.3/8.9.3) with ESMTP id SAA88144; Sun, 6 Aug 2000 18:15:52 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from quack.kfu.com by morpheus.kfu.com with ESMTP (8.9.3//ident-1.0) id SAA34465; Sun, 6 Aug 2000 18:15:52 -0700 (PDT) Message-ID: <398E0DC8.745E02F9@quack.kfu.com> Date: Sun, 06 Aug 2000 18:15:52 -0700 From: Nick Sayer X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en-GB, en-US, en MIME-Version: 1.0 To: Robert Watson Cc: freebsd-emulation@FreeBSD.ORG Subject: Re: vmware changes result in nasty bridging mess References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote: > > The following default-installed startup script is really, really scary: > > sysctl net.link.ether.bridge_refresh && bridge="_bridge" > kldload if_tap.ko > echo -n >/compat/linux/dev/vmnet1 > ifconfig vmnet1 $host_ip netmask $netmask > if [ _$bridge != _ ]; then > sysctl -w net.link.ether.bridge_refresh=1 > sysctl -w net.link.ether.bridge=1 > fi > > Un-announced, the vmware port enabled bridging between the ethernet > interfaces on my notebook, generated voluminous output for wi0, and broke > networking for ep0. This is a security risk, in that it automatically > enables bridging between previously un-connected LAN segments that may > have different security properties. This is against POLA in that it > breaks functionality (networking), bridges packets unto unexpected > segments (potentially breaking many other things, especially DHCP), etc. > Previously, use of networking support would create a virtual network > between the host and the guest OS, but not affect other networking > functionality. I think you're overreacting slightly. 1. You are probably the only person on the planet who has a machine with both bridging and vmware who (aparently) doesn't intend to bridge the guest onto the connected LAN. This means that you have an opportunity to customize the startup script rather than insist that everyone have it the way you like it. 2. In fact, you may be the only person on the planet who has a machine with bridging, vmware and more than one Ethernet interface active at the same time. 3. POLA in this case is the opposite of what you think it is. People who configure their kernels for bridging when they install vmware expect it to work when they fire up the guest. They would be astonished if it didn't. People bringing up vmware without bridging turned on would not see the behaviour you castigate. I believe that everyone running vmware is in one set or the other. Except you. Perhaps in a universe where subnetting was actually possible for Internet-connected networks the bridged configuration wouldn't be necessary. Perhaps when IPv6 is deployed, bridges can go away. No one would be happier than I. But until then, I don't see a problem with catering to the (vast) majority of users by default. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message