Date: Sun, 06 Aug 2000 18:15:52 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: freebsd-emulation@FreeBSD.ORG Subject: Re: vmware changes result in nasty bridging mess Message-ID: <398E0DC8.745E02F9@quack.kfu.com> References: <Pine.NEB.3.96L.1000806190759.90634A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > The following default-installed startup script is really, really scary: > > sysctl net.link.ether.bridge_refresh && bridge="_bridge" > kldload if_tap.ko > echo -n >/compat/linux/dev/vmnet1 > ifconfig vmnet1 $host_ip netmask $netmask > if [ _$bridge != _ ]; then > sysctl -w net.link.ether.bridge_refresh=1 > sysctl -w net.link.ether.bridge=1 > fi > > Un-announced, the vmware port enabled bridging between the ethernet > interfaces on my notebook, generated voluminous output for wi0, and broke > networking for ep0. This is a security risk, in that it automatically > enables bridging between previously un-connected LAN segments that may > have different security properties. This is against POLA in that it > breaks functionality (networking), bridges packets unto unexpected > segments (potentially breaking many other things, especially DHCP), etc. > Previously, use of networking support would create a virtual network > between the host and the guest OS, but not affect other networking > functionality. I think you're overreacting slightly. 1. You are probably the only person on the planet who has a machine with both bridging and vmware who (aparently) doesn't intend to bridge the guest onto the connected LAN. This means that you have an opportunity to customize the startup script rather than insist that everyone have it the way you like it. 2. In fact, you may be the only person on the planet who has a machine with bridging, vmware and more than one Ethernet interface active at the same time. 3. POLA in this case is the opposite of what you think it is. People who configure their kernels for bridging when they install vmware expect it to work when they fire up the guest. They would be astonished if it didn't. People bringing up vmware without bridging turned on would not see the behaviour you castigate. I believe that everyone running vmware is in one set or the other. Except you. Perhaps in a universe where subnetting was actually possible for Internet-connected networks the bridged configuration wouldn't be necessary. Perhaps when IPv6 is deployed, bridges can go away. No one would be happier than I. But until then, I don't see a problem with catering to the (vast) majority of users by default. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?398E0DC8.745E02F9>