| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] [ANNOUNCE] xen ocaml tools
Vincent Hanquez wrote:
Patrick Colp wrote:
I think you're thinking of my initial release last year. The version I
released a few months ago also has an in-memory store and greatly
improved transactions. It was motivated by the need to survive things
like DoS attacks.
Is that possible to find your version of xenstored in a tarball somewhere ?
attack.tar.gz seems to contains lots of things related to xenstored, but
yet seems to missing watches and permissions.
The attack code utilises some of the code from the version of XenStore I
wrote. I released a patch for it to the list as well as a link to my
website where the code available as a gzip and bzip2:
website: http://cs.ubc.ca/~pjcolp/
bzip2 direct link: http://cs.ubc.ca/~pjcolp/xenstore-ocaml.tar.bz2
gzip direct link: http://cs.ubc.ca/~pjcolp/xenstore-ocaml.tar.gz
I'm attaching the gzip version to this e-mail as well. The code is
designed to be compiled against Xen as a replacement to the C version. I
put it in the tools/xenstore directory in the xen-unstable tree to
compile it.
I wrote a little attack program (in OCaml) which runs from any DomU
and brought the original xenstored to its knees. With the attack
going, it's impossible to bring a new domain up -- it just hangs
forever attempting to bring it up. Basically, the attack just hammers
xenstored with micro-transactions. With the original transaction
system, which allows the first committing transaction in a generation
to win, long transactions could never complete. I implemented
transactions that would enable all concurrent but non-conflicting
transactions to commit. This made my version of xenstored resilient to
the attack.
I played around with this with your version too, but found that, while
it would not hang forever while attempting to load a domain, it would
instead die after a few seconds with the following error:
Error: (2, 'No such file or directory')
i haven't really had time to look yet (i've been swamped with others
things), but will try to run your program.
but what is dying in the scenario you described ? ocaml xenstored or the
attack program ?
When the attack is run, neither the attack nor xenstored die, but while
the attack is running it is impossible to start a domain. In the C
version, it would hang forever attempting to start a domain. When I ran
it against your OCaml version, it wouldn't hang but instead after a few
seconds the domain start would quit with the error:
Error: (2, 'No such file or directory')
If you're interested, I think it would be great to trying to merge the
two XenStores together to get the best of both worlds. Are you going to
be at Xen Summit? If so, would you be interested in chatting about this
in person?
Patrick
xenstore-ocaml.tar.gz
Description: GNU Zip compressed data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home