[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [BUNDLE] Testing a simpler inter-domain transport


  • To: "Rusty Russell" <rusty@xxxxxxxxxxxxxxx>
  • From: "King, Steven R" <steven.r.king@xxxxxxxxx>
  • Date: Sun, 12 Feb 2006 19:24:30 -0800
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 13 Feb 2006 03:36:25 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcYwRicHBU5d0YSSQwyVHxJUZL38LAAAwXxg
  • Thread-topic: [Xen-devel] [BUNDLE] Testing a simpler inter-domain transport

Sorry, quixotic as charged.  :^)  Your patch is one thing, multi-domain
shared page LAN's are another.

If multi-domain shared page LAN's become more than a proof-of-concept
for your patch, we can worry about it then.  You mention the DOS attack,
but there are other problems that have no wired-LAN analog.  From Mr.
Minnich, it sounds such a thread already ran its course.  I looked
briefly but could not find it in the xen-devel archives.

-steve

-----Original Message-----
From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Rusty
Russell
Sent: Sunday, February 12, 2006 6:33 PM
To: King, Steven R
Cc: xen-devel
Subject: RE: [Xen-devel] [BUNDLE] Testing a simpler inter-domain
transport

On Sun, 2006-02-12 at 15:39 -0800, King, Steven R wrote:
> > Note that like a real LAN, one badly behaved partition can block 
> > communication for the others they share the lan with...
> 
> Shared page LAN is much less secure than a real LAN.  Any domain 
> attached to the shared page, i.e. in the LAN, can modify any frame "in

> flight" on the page.  Recipients have no confidence that the received 
> frame is actually what the sender sent.

Hi Steve,

        I don't quite know how to respond to this!  Your statement is
true given some assumptions, but not relevent to my implementation,
hence the presence of your assertion in this thread is quixotic.

        In my implementation, you can't tell which domain on the LAN a
packet came from, nor do I try to prevent malicious domains on the LAN
from effectively stopping all useful traffic.  I believe that
multi-domain access is useful in some scenarious, nonetheless.

Hope that clarifies?
Rusty.
--
 ccontrol: http://ozlabs.org/~rusty/ccontrol


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.