[ovs-discuss] Using unix sockets for controller communication
Ben Pfaff
blp at nicira.com
Thu Oct 13 17:36:37 UTC 2011
On Thu, Oct 13, 2011 at 05:50:37PM +0900, Jari Sundell wrote:
> In the thread?"ARP Behavior in XenServer Host"
> <http://openvswitch.org/pipermail/discuss/2011-September/005624.html>,
> an issue similar to what I'm dealing with was discussed. While I get
> my setup working using 'disable-in-band' option, that isn't the
> optimal solution.
>
> What I was really hoping to do was to use a unix socket for
> communication with the controller, yet this has been disabled due to
> the fear of remote exploits.
Every OVS bridge already listens automatically to
punix:/var/run/openvswitch/<bridge>.mgmt. What if we also whitelisted
the exact path unix:/var/run/openvswitch/<bridge>.controller? Would
that solve your problem?
(Hmm, seems that we should probably prohibit "/" in bridge names.)
More information about the discuss
mailing list