[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [XCP] promiscuous mode for vif

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: George Shuklin <george.shuklin@xxxxxxxxx>
  • Date: Mon, 29 Nov 2010 08:24:42 +0300
  • Delivery-date: Sun, 28 Nov 2010 21:25:18 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; b=N+EfM07Kj6VLSz0Ogz/lDNU+WLLcP3dViUNotyvo1I180q3/Xjk0T38arbfd/2IR5X uX2To1WqzSsghCe5SHnS/b1phJ2gdoQuC49xdKEKYletCdVHWg5D0ZexeXvOl4s3tfv5 sPT7uNKNcwtUjYZJgnH1t7UCQR45bTn5FsA2I=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Good day.

Found strange behavior in PV-domains. Application like tcpdump or iftop
require promiscuous mode for interface. And this feature is disabled by
default, as I understand.

message from iftop:
pcap_open_live(eth0): eth0: You don't have permission to capture on that
device (socket: Address family not supported by protocol)

As I understand promiscuous:on in other-config for vif will allow do

But here other question: will this somehow compromise security of XCP?
Will domain with promiscuous mode on vif allowed to see traffic of other
domains? Can it perform cache poisoning for open vswitch?

wBR, George.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.