[ovs-dev] [PATCH 2/2] xenserver: Support network names with spaces

Justin Pettit jpettit at nicira.com
Tue Mar 2 11:13:01 UTC 2010


On Mar 2, 2010, at 2:09 AM, Ian Campbell wrote:

> On Tue, 2010-03-02 at 02:02 +0000, Justin Pettit wrote:
>> 
>> Note that this fix is really just a temporary workaround, since the
>> changes to the "vif" script potentially have security issues.  Ben has
>> a patch in flight which reworks a lot of this code. 
> 
> It's a bit terrifying -- can we not just wait for Ben's fix?

The reason for the rush is that we are on a tight deadline to deliver something testable by Wednesday and in it's current incarnation, it breaks something pretty fundamental (having a network name with spaces is the default when creating an internal network in XenCenter).  Even so, I wouldn't normally suggest something like this, but the only users that I could think of that can create networks (whether through XenCenter or xe) already have root access on the XenServer.  You're clearly the domain expert here, so I may be missing another avenue, of course.

I haven't had a chance to look at Ben's fix yet, but he wasn't certain that it wasn't going to have its own problems with having to taint user input.  Until we have something that we're certain actually fixes the problem and has the security implications thought through, it seemed reasonable to at least allow the default case to work in a feature branch.  All that said, if this still gives you the heebie-jeebies*, I'm happy to hold off if you don't think it's the bee's knees.


* I'm never quite sure whether some of these terms we use are politically correct, so I looked this up and apparently I'm safe.  According to Wikipedia, you might prefer the term "the screaming habdabs".  I've not heard this expression before, but I must say that it brings up a fantastic mental image..much better than our nonsense rhyming phrases.

> What purpose does the network name serve within the vswitch side of the
> vswitch+controller pairing? Isn't the UUID sufficient -- the controller
> has a XenAPI connection it can use to lookup any additional info it
> needs. The network name can only be cosmetic anyhow, right?


We have a project that uses the network name, and we're trying to write it in such a way that it doesn't require a XAPI connection to each pool.

--Justin






More information about the dev mailing list