[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [XCP] promiscuous mode for vif

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: George Shuklin <george.shuklin@xxxxxxxxx>
Date: Mon, 29 Nov 2010 08:24:42 +0300
Delivery-date: Sun, 28 Nov 2010 21:25:18 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; b=N+EfM07Kj6VLSz0Ogz/lDNU+WLLcP3dViUNotyvo1I180q3/Xjk0T38arbfd/2IR5X uX2To1WqzSsghCe5SHnS/b1phJ2gdoQuC49xdKEKYletCdVHWg5D0ZexeXvOl4s3tfv5 sPT7uNKNcwtUjYZJgnH1t7UCQR45bTn5FsA2I=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Good day.

Found strange behavior in PV-domains. Application like tcpdump or iftop
require promiscuous mode for interface. And this feature is disabled by
default, as I understand.

message from iftop:
pcap_open_live(eth0): eth0: You don't have permission to capture on that
device (socket: Address family not supported by protocol)

As I understand promiscuous:on in other-config for vif will allow do
this. 

But here other question: will this somehow compromise security of XCP?
Will domain with promiscuous mode on vif allowed to see traffic of other
domains? Can it perform cache poisoning for open vswitch?

---
wBR, George.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: [Xen-users] Set up Solaris 11 Express PV Guest at Xen 4.0.1 (2.6.32.26 pvops) Dom0 on top of F14
Next by Date: [Xen-users] let domainU use tty
Previous by thread: [Xen-users] XCP: Weird interface bonding problem
Next by thread: [Xen-users] let domainU use tty
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.