[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Fwd: [openxt-dev] Howt to add a domain id name field at each VM packet




Thanks for the reply.

Its difficult for me to understand right now.

Actually My exact problem is:

I want to perform a simple check at Dom0 whether a VM packet is IP spoofed or MAC spoofed? or everything is ok with it?
So could you please provide me the best possible way to do it using commands. 


*I can read the packet header values such as  read src IP and src MAC from it. I want to verify it from the information stored at Dom0. I don't know how i am going to fetch actual VM IP  or  VM MAC  address of a packet (coming from a VM) at Dom0. Usually, I read the information is stored corresponding to domain ID at the time when the VM is launched.

My setup has Ubuntu 15.10 as host OS, Xen 4.6 hypervisor and windows 7 guest VM.


Thanks for the support in advance.

regards,
Preeti

On Fri, Jul 22, 2016 at 9:43 PM, PREETI MISHRA <scholar.preeti@xxxxxxxxx> wrote:
Thanks for the reply.

Its difficult for me to understand right now.

Actually My exact problem is:

I want to perform a simple check a Dom0 whether a VM packet is IP spoofed or MAC spoofed? or everything is ok with it?
So could you please provide the best possible way to do it using commands. 


*I can read the packet header values and read src IP and src MAC from it. I want to verify it from the information stored at Dom0. I dont know how i am going to fetch actual IP or MAC of a packet from Dom0.

My setup has Ubuntu 15.10 as host OS, Xen 4.6 hypervisor and windows 7 guest VM.


Thanks for the support in advance.

regards,
Preeti




On Fri, Jul 22, 2016 at 8:22 PM, Jed Lejosne <jed.openxt@xxxxxxxxx> wrote:
Hi,

VM network packets don't go through the hypervisor.
In OpenXT, a VM called the NDVM is responsible for managing network activity.
The way packets are transmitted between the guest VM (or its
stubdomain for tools-less VMs) and the NDVM is through Xen PV
networking (netfront in the VM/stubdom, netback in the NDVM).

Supposedly, if you somehow mark packets in the guest, you should be
able to see the mark in the NDVM.

However, you shouldn't need to mark packets to know where they're
coming from, since netback already provides that information (example:
packets received on vif5.0 can only come from domain 5).

I hope that helps.

Jed

On Fri, Jul 22, 2016 at 8:37 AM, PREETI MISHRA <scholar.preeti@xxxxxxxxx> wrote:
> Hello,
>
> I am collecting VM network packets at hypervisor. I want to identify which
> packet is generated by which VM. A packet may be IP spoofed. Hence i do not
> want to differentiate them based on their VM IP.
>
> One solution could be to mark each VM packet by its domain ID field by
> applying ebtable rules at the VM start up script of Xen. This will apply
> packet: mark with domain id.
>
> My question is how to implement that? and how to decode the packet:mark
> information when it reaches to hypervisor.
>
> Any other way??
>
>
> Thanks
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "openxt" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to openxt+unsubscribe@xxxxxxxxxxxxxxxx.
> To post to this group, send email to openxt@xxxxxxxxxxxxxxxx.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/openxt/7e6ad9e5-b4a7-40e5-a0b4-3a845b7a98b3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
https://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.