[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [patch 5/5] xen: net features

On Mon, Jan 31, 2005 at 11:15:31PM -0000, Ian Pratt wrote:
> Please can you explain this patch and its motivation a bit more. 
> 
> > Allow (1) the making of both frontend and backend vif MACs read-only
> > (independently), 
> 
> I can't see why making the frontend MAC readonly can really be done
> securely within the domain.

Well, if you have module support enabled in the kernel, or some way
that lets root write to random (domain) memory, then it's not really
secure, although i think it's still a nice to have. Otherwise i would
think it should be reasonably secure?

> > (2) the addition of some xen-specific sysfs attributes
> > on front/back vifs, 
> 
> What attributes?

Backend:
- xen/fe.domain: frontend domain name
- xen/fe.initial_address: initial frontend interface mac address
- xen/fe.mac_mode: mac mode of the frontend interface (r/w)
- xen/be.mac_mode: mac mode of the backend interface (r/w)

Frontend:
- xen/mac_mode: mac mode of the interface

> > (3) an option to set several vif defaults in a domain
> > config file, for ease of use when creating multiple vifs.
> Please give an example.

 vif_defaults = 'be_ext_sysfs=yes,ext_sysfs=yes,backend=eos'
 
 vif = [
   'mac=aa:00:00:01:00:00,backend=0',
   'mac=aa:00:00:01:01:00,be_mac=fe:ff:ff:01:01:ff',
   'mac=aa:00:00:01:02:00,be_mac=fe:ff:ff:01:02:ff'
 ]

which then evaluates through to this sxp

 (device
     (vif
         (mac aa:00:00:01:00:00)
         (ext_sysfs yes)
         (be_ext_sysfs yes)
         (backend 0)
     )
 )
 (device
     (vif
         (mac aa:00:00:01:01:00)
         (be_mac fe:ff:ff:01:01:ff)
         (ext_sysfs yes)
         (be_ext_sysfs yes)
         (backend eos)
     )
 )
 (device
     (vif
         (mac aa:00:00:01:02:00)
         (be_mac fe:ff:ff:01:02:ff)
         (ext_sysfs yes)
         (be_ext_sysfs yes)
         (backend eos)
     )
 )

> Thanks for all the patches!

No probs. This is the first time i've ever done any kernel-level programming.
Started out just intending to do something to allow setting the be mac address,
but then i started tracing flows through the system, and figuring out how the
code worked, and it all went from there. Been a great experience.


J

-- 
Jody Belka
knew (at) pimb (dot) org


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.