[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [ANNOUNCE] xen ocaml tools
Vincent Hanquez wrote: Patrick Colp wrote:I think you're thinking of my initial release last year. The version I released a few months ago also has an in-memory store and greatly improved transactions. It was motivated by the need to survive things like DoS attacks.Is that possible to find your version of xenstored in a tarball somewhere ?attack.tar.gz seems to contains lots of things related to xenstored, but yet seems to missing watches and permissions. The attack code utilises some of the code from the version of XenStore I wrote. I released a patch for it to the list as well as a link to my website where the code available as a gzip and bzip2: website: http://cs.ubc.ca/~pjcolp/ bzip2 direct link: http://cs.ubc.ca/~pjcolp/xenstore-ocaml.tar.bz2 gzip direct link: http://cs.ubc.ca/~pjcolp/xenstore-ocaml.tar.gzI'm attaching the gzip version to this e-mail as well. The code is designed to be compiled against Xen as a replacement to the C version. I put it in the tools/xenstore directory in the xen-unstable tree to compile it. I wrote a little attack program (in OCaml) which runs from any DomU and brought the original xenstored to its knees. With the attack going, it's impossible to bring a new domain up -- it just hangs forever attempting to bring it up. Basically, the attack just hammers xenstored with micro-transactions. With the original transaction system, which allows the first committing transaction in a generation to win, long transactions could never complete. I implemented transactions that would enable all concurrent but non-conflicting transactions to commit. This made my version of xenstored resilient to the attack.i haven't really had time to look yet (i've been swamped with others things), but will try to run your program. but what is dying in the scenario you described ? ocaml xenstored or the attack program ?I played around with this with your version too, but found that, while it would not hang forever while attempting to load a domain, it would instead die after a few seconds with the following error:Error: (2, 'No such file or directory') When the attack is run, neither the attack nor xenstored die, but while the attack is running it is impossible to start a domain. In the C version, it would hang forever attempting to start a domain. When I ran it against your OCaml version, it wouldn't hang but instead after a few seconds the domain start would quit with the error: Error: (2, 'No such file or directory')If you're interested, I think it would be great to trying to merge the two XenStores together to get the best of both worlds. Are you going to be at Xen Summit? If so, would you be interested in chatting about this in person? Patrick Attachment:
xenstore-ocaml.tar.gz _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |