[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: Qestion about the Xen network?


  • To: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Bei Guan <gbtju85@xxxxxxxxx>
  • Date: Fri, 22 Oct 2010 23:50:54 +0800
  • Cc:
  • Delivery-date: Fri, 22 Oct 2010 08:52:02 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YOQw7zSYnkUdzM/ZR4B58Dkt+ZphvkiZ4MhFHnB7rPvtockAqJUxA/01rWVXZQrPc8 Tr9VC980gD4G2LRR+QhehgvJU/vnfAaEL2NoPFLKDY3pjDdqGQKAo/yQZIcZB3uRBmzQ +/y32/FlE/ddbH0Fmpt+sDVKetLv7zi2iFv5I=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

When I run the client from Dom0 (Fedora 8) to connect to server running in the PV Ubuntu (use the virbr0 as bridge). The command and data caught by tcpdump are:

[root@localhost test1]# ./server 8081

root@ubuntu:~/test1# ./client 192.168.1.192 8081
agrv[1] = 192.168.1.192
Connect Error:No route to host

[root@localhost ~]# tcpdump -i virbr0 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 96 bytes
23:49:18.581878 IP 192.168.122.187.37635 > 192.168.1.192.8081: S 2526621589:2526621589(0) win 5840 <mss 1460,sackOK,timestamp 4294946904 0,nop,wscale 4>
23:49:21.577743 IP 192.168.122.187.37635 > 192.168.1.192.8081: S 2526621589:2526621589(0) win 5840 <mss 1460,sackOK,timestamp 4294947204 0,nop,wscale 4>
23:49:21.607282 IP 192.168.122.1 > 192.168.122.187: ICMP host 192.168.1.192 unreachable, length 68
23:49:21.607296 IP 192.168.122.1 > 192.168.122.187: ICMP host 192.168.1.192 unreachable, length 68
23:49:23.577759 arp who-has 192.168.122.1 tell 192.168.122.187
23:49:23.577770 arp reply 192.168.122.1 is-at fe:ff:ff:ff:ff:ff


My Dom0's Iptables configuration, server and client program list blew. But I can not find the Ubuntu PV's iptables configuration file. Maybe it doesn't have one.




My Dom0 (fedora 8) iptables /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


                                             


The server and client program is as following.

/*******   (server.c) ************/
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
 
int main(int argc, char *argv[])
{
   int sockfd,new_fd;
   struct sockaddr_in server_addr;
   struct sockaddr_in client_addr;
   int sin_size,portnumber;
   char hello[]="Hello! Are You Fine?\n";
   
    if(argc!=2)
    {
        fprintf(stderr,"Usage:%s portnumber\a\n",argv[0]);
        return 1;
    }
    
    if( (portnumber = atoi(argv[1])) < 0 )
    {
        fprintf(stderr,"Usage:%s portnumber\a\n",argv[0]);
        return 1;
    }
    
    /* create socket descripter */
    if( (sockfd = socket(AF_INET,SOCK_STREAM, 0)) == -1 )
    {
        fprintf(stderr,"Socket error:%s\n\a",strerror(errno));
        return 1;
    }
    
    /* set sockaddr */
    //bzero(&server_addr, sizeof(struct sockaddr_in));
    memset(&server_addr, 0, sizeof(struct sockaddr_in));
    server_addr.sin_family = AF_INET;
    server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
    server_addr.sin_port = htons(portnumber);
    
    /* bind to a port */
    if( bind(sockfd,(struct sockaddr *)(&server_addr),sizeof(struct sockaddr))==-1 )
    {
        fprintf(stderr,"Bind error:%s\n\a",strerror(errno));
        return 1;
    }
    
    /* listen to the port */
    if( -1 == listen(sockfd,5) )
    {
        fprintf(stderr,"Listen error:%s\n\a",strerror(errno));
        return 1;
    }
    
    while(1)
    {
        /* accept */
        sin_size=sizeof(struct sockaddr_in);
        //if( (new_fd = accept(sockfd, (struct sockaddr *)(&client_addr), &sin_size)) == -1)
        new_fd = accept(sockfd, (struct sockaddr *)(&client_addr), &sin_size);
        if( -1 == new_fd )
        {
            fprintf(stderr,"Accept error:%s\n\a",strerror(errno));
            return 1;
        }
        
        fprintf(stderr,"Server get connection from %s\n", inet_ntoa(client_addr.sin_addr));
        if(write(new_fd,hello,strlen(hello))==-1)
        {
            fprintf(stderr,"Write Error:%s\n",strerror(errno));
            return 1;
        }
        /* over */
        close(new_fd);
        /* next */
    }
    close(sockfd);
    return 0;
}

/*******  client.c ************/
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <netinet/in.h>
#include <arpa/inet.h>
 
#include <unistd.h>
#include <errno.h>
 
int main(int argc, char *argv[])
{
    int sockfd;
    char buffer[1024];
    struct sockaddr_in server_addr;
    //struct hostent *host;
    char *ip;
    int portnumber,nbytes;
    
    if(argc!=3)
    {
        fprintf(stderr,"Usage:%s ip portnumber\a\n",argv[0]);
        return 1;
    }
    
    //if((host=gethostbyname(argv[1]))==NULL)
    printf("agrv[1] = %s\n",argv[1]);
    if( strlen(ip=argv[1])< 7 )
    {
        fprintf(stderr,"Get Ip address error\n");
        return 1;
    }
    
    if((portnumber=atoi(argv[2]))<0)
    {
        fprintf(stderr,"Usage:%s hostname portnumber\a\n",argv[0]);
        return 1;
    }
    
    /* create socket descripter */
    if((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1)
    {
        fprintf(stderr,"Socket Error:%s\a\n",strerror(errno));
        return 1;
    }
    
    /* set the struct */
    bzero(&server_addr, sizeof(server_addr));
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(portnumber);
    //server_addr.sin_addr = *( (struct in_addr *)host->h_addr );
    //server_addr.sin_addr.s_addr = inet_addr(host->h_addr);
    server_addr.sin_addr.s_addr = inet_addr(ip);
    //server_addr.sin_addr.s_addr = ((struct in_addr*)(host->h_addr))->s_addr;
    
    /* request to server */
    if(connect(sockfd,(struct sockaddr *)(&server_addr),sizeof(struct sockaddr))==-1)
    {
        fprintf(stderr,"Connect Error:%s\a\n",strerror(errno));
        return 1;
    }
    
    /* connected successfully */
    if((nbytes=read(sockfd,buffer,1024))==-1)
    {
        fprintf(stderr,"Read Error:%s\n",strerror(errno));
        return 1;
    }
    buffer[nbytes]='\0';
    printf("I have received:%s\n",buffer);
    /* over */
    close(sockfd);
    return 0;





2010/10/22 Bei Guan <gbtju85@xxxxxxxxx>


2010/10/22 Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>

Bei Guan, le Fri 22 Oct 2010 22:56:29 +0800, a écrit :
> root@ubuntu:~/test1# ./server 13
> Server get connection from 192.168.122.1
>
> [root@localhost test1]# ./client 192.168.122.187 13
> agrv[1] = 192.168.122.187
> I have received:Hello! Are You Fine?
>
> I can not understand why the server just print the virbr0' IP address (it is
> xen net bridge) other than Dom0's real IP, 192.168.1.129.

Because that's the IP of the Dom0 interface from which the connection is
made.  It's just the same as in a usual intranet/internet router box.

> What the relationship
> between the two IPs(192.168.1.129 and 192.168.122.1)?

None, except your dom0 has these two addresses.

> If I put server in Dom0 and the client in Ubuntu. The client can not connect to
> the server. However, I can ping Dom0's IP (192.168.1.129) successfully from
> Ubuntu. What's reason?

We can't divine, show your code / iptables configuration / tcpdump
output.  The usual network stuff, actually.

Sorry, you mean the client and server code? The iptables configurations of all the Ubuntu PV and Dom0?


 

Samuel


Attachment: server.c
Description: Text Data

Attachment: client.c
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.