[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] A security Question

To: Christian Fassina Costa <atros@xxxxxxxxx>
From: PREETI MISHRA <scholar.preeti@xxxxxxxxx>
Date: Sun, 24 Jul 2016 09:44:04 +0530
Cc: xen-users@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 26 Jul 2016 03:17:37 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Thanks for the reply.

I also read using ebtable table rule . The extact lines were like this:

One of the challenges was that since packets from VMs enter iptables filter after passing "virbr0", information about the original

sending interface is lost. We have used ebtables to encode the information in packet:mark. This is done by patching Xen script which launches VMs. When a VM is launched, a patched Xen adds an ebtables rule which adds the information to every packet from the launched VM.

I want to know what is the syntax of ebtable rule and where it is added ( script and path of script))? and what information is encoded?

2. The Fl_Val captures network packets from a kernel using iptables in connection with libipq module (ip queue kernel module) and validates the source address of the traffic.

What is the syntax of iptable rule to validate the IP and MAC.

(As we can read the IP and MAC from packet header; how to fetch actual IP and MAC of packet;

if xennstore is used for fetching actual IP and MAC, what would be its syntax?)

Fl_Val then decodes the information and is able to reliably determine a sending VM regardless of the packet content (it

may be spoofed).

I exactly do not know that what information is decoded?

On Sun, Jul 24, 2016 at 5:15 AM, Christian Fassina Costa <atros@xxxxxxxxx> wrote:

You can use ebtables and only allow traffic from the mac address and IP address on a interface. That's probably the easiest way to achieve what you are trying to do.

On Sat, Jul 23, 2016 at 4:57 AM, PREETI MISHRA <scholar.preeti@xxxxxxxxx> wrote:
Actually My exact problem is:

I want to perform a simple check at Dom0 whether a VM packet is IP spoofed or MAC spoofed? or everything is ok with it?
So could you please provide me the best possible way to do it using commands.

*I can read the packet header values such as read src IP and src MAC from it. I want to verify it from the information stored at Dom0. I don't know how i am going to fetch actual VM IP or VM MAC address of a packet (coming from a VM) at Dom0. Usually, I read the information is stored corresponding to domain ID at the time when the VM is launched.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
https://lists.xen.org/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
https://lists.xen.org/xen-users

References:
- [Xen-users] A security Question
  - From: PREETI MISHRA

Prev by Date: Re: [Xen-users] Xen and OS X.
Next by Date: Re: [Xen-users] A security Question
Previous by thread: Re: [Xen-users] A security Question
Index(es):
- Date
- Thread