|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] firewalls and Xen
On Tuesday 14 February 2006 16:38, Luke wrote: ... > I'd really rather not introduce that complication, since all I need > to figure out is which virtual interfaces these types of packets go > from/to. Plus, I'd really like to understand the packet flow through > Xen's dom0 and domUs The flow is something like: packet arrives at hardware, is handled by dom0 eth driver and appears on peth0. peth0 is bound to to the bridge, so its passed to the bridge from there. This step is run on ethernet level, no IP addresses are set on peth0 or bridge. Now the bridge distributes the packet, just like a switch would. Filtering at this stage would be possible with eb_tables. now there's a number of vifX.Y connected to the bridge, it decides where to put the packet based on the receivers MAC. the vif iface puts the packet into xen, which then puts the packet back to the domain the vif leads to (its also done that way for dom0, hence the vif0.0->(v)eth0 pair). The target device in the dom0/domU finally has an ip address, you can apply ip-tables filtering here. /Ernst _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |