[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Publicity] [Xen-devel] The Bitdefender virtual machine introspection library is now on GitHub


  • To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Lars Kurth <lars.kurth.xen@xxxxxxxxx>
  • From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
  • Date: Wed, 29 Jul 2015 17:54:26 +0300
  • Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, mdontu <mdontu@xxxxxxxxxxxxxxx>, "publicity@xxxxxxxxxxxxxxxxxxxx" <publicity@xxxxxxxxxxxxxxxxxxxx>
  • Comment: DomainKeys? See http://domainkeys.sourceforge.net/
  • Delivery-date: Wed, 29 Jul 2015 14:53:26 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=i5me4cYimWcHVX593Mi4hRBP7z8Ly9Hd8IHF3Yexw6KkPCXaLV86voS9w24YPoXZRpB33qFri7rQeUDM6HGl0r1MTZZ0J7dLJ4AHJFwkHdCSfFHpChpqw+qOJEK2xWoyV3hGxj70USPe6M/xdlEv1HahRMCzoAxIyKLv0uExb/UQwHviar04+abGwLPJ4IbnWG8tEzq37K55QNfrhbeLQjqCIt5GKB39Ugv6pncz9Ck3RlmqzrhIObMgAotAAXSYfkmLDBbm4tVzXXcesX4uo5nkFizpYjxO7j0leHMMpqYHvLG4Ekqx+3TTlUsEaYjhgTwQxoXJkubUe4BRb1f4MQ==; h=Received:Received:Received:Received:Received:From:Subject:To:References:Cc:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;
  • List-id: "List for Xen Publicity, PR and events" <publicity.lists.xenproject.org>

Hello Tamas, thank you for the email.

>     > While LibVMI is great, and has been considered for the task, it
>     has slightly different design
>     > goals: for best results, the user needs to use external Python
>     tools to extract guest information,
> 
>     I am assuming you refer to best results for LibVMI?
> 
> 
> So I think for clarification before publishing this - LibVMI does not
> have a Python dependency. It has a Python wrapper around the C API that
> you can optionally build, install and use from Python apps.

I've never said that LibVMI has a Python dependency. What I've said was
"for best results, the user needs to use external Python tools to
extract guest information". I'm referring to the "set of entries for
each virtual machine or memory image that LibVMI will access" that needs
to be present in $HOME/etc/libvmi.conf or /etc/libvmi.conf, as stated here:

http://libvmi.com/docs/gcode-install.html

Last time I've checked, there were some Python tools that helped with
that, given an OS image on disk. That's what I was referring to.

> The point you maybe referring to as extracting guest information is how
> the configuration for introspection is made. Indeed, that can be done
> with python tools such as pdbparse or Rekall - but it is not required.
> If you want to do introspection in a guest-OS agnostic way, you can (see
> http://libvmi.com/api/#macro_VMI_INIT_PARTIAL).

Indeed, hence my use of "for best results". I didn't think that for a
blog post it would be useful to go into all the technical details.

>     > usesGlib for caching (which adds to client applicationsâ
>     dependencies),
> 
> 
> While LibVMI does link with glib no client application needs to link
> with glib.

Right, but linking with LibVMI will indirectly add a libglib dependency
to the project, which means that for the application to work, it has to
be distributed with Glib.

This can be cleary seen by running ldd on a binary that links against
LibVMI.

>     and it doesnât allow mapping
>     > of guest pages from userspace (so that we could write to them
>     directly).
> 
> 
> I wasn't sure what you mean by this. LibVMI does allow you to read/write
> entire pages from userspace.

Not like XenDriver::mapPhysMemToHost() here, for example:

https://github.com/razvan-cojocaru/libbdvmi/blob/master/src/bdvmixendriver.cpp

LibVMI does have a function called xen_get_memory() in driver/xen/xen.c,
but that doesn't seem to be exposed via libvmi.h.

>     > Libbdvmi aims to provide a very efficient way of working with Xen
>     to access guest information in an
>     > OS-agnostic manner:
>     I would also mention Libbdvmi in the "Weâre very happy to announce
>     that th ..." paragraph, such that
>     the name can be referenced. And than maybe say: "In contrast,
>     Libbdvmi ..." or something like it
> 
>     On the bullet points you list: is it correct to say that Libbdvmi is
>     more tightly integrated with the recent VMI-Xen work (and Xen in
>     general) and smaller compared to LibVMI?
> 
> 
> I have a branch of LibVMI that's up-to-date with the recent work on the
> Xen side - I'm just waiting till an RC comes out to push it. This branch
> should add support to most everything that Xen exposes at this point.

That's great!

>     That may lead someone to raise the question why you are not trying
>     to upstream the functionality into LibVMI. You may want to tackle
>     this upfront, in particular because we moved from mem-access (Xen)
>     to LibVMI (generic) and now a more Xen specific variant.
> 
> 
> I agree ;) I hope we can get what you need into LibVMI. The main thing
> that I see missing in LibVMI that's present in libbdvmi is the domain
> watcher to catch when a target domain is started or stopped. This I
> think could be added for sure.

Well, the test I think would be to be able to implement the libbdvmi
interface entirely in terms of LibVMI. I don't think it can be done
today with the master branch of LibVMI, but I don't know about your
latest changes.

Also, please don't forget that feature-completeness is _not_ the only
point here - we need _efficiency_, so being able to implement the
libbdvmi interfaces in terms on LibVMI is only half the battle. We get
_a_lot_ of events, and a few miliseconds here and there add up and can
make or break a product.


I hope I've been able to clear things up, :)
Razvan

_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.