WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] XEN and ipq_read

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] XEN and ipq_read
From: "plamen .." <paco078@xxxxxx>
Date: Tue, 27 Apr 2010 11:31:33 +0300 (EEST)
Delivery-date: Tue, 27 Apr 2010 01:32:33 -0700
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=abv.bg; s=smtp-out; t=1272356939; bh=nCRUOVHh/Ofs2mWvKQ4z9Cv+sm3Uwms7MMn4afX34QQ=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding:DKIM; b=BppTi6YU4tX0FCAVVz/Ah0rA5ajPKNLT GBmq1k7dK1NSsXXAUH5g8phaKkQxrTBiDW1d+W98eouAflreOoLyWvdZKbr7EPWxmoK G4uwTmKGzyVZyWJ1dx1diydbd8arJjQAuGPxPYq9BsgGUPNlK7Umu7voVigwsaqB4zJ 8NciY=
Domainkey-signature: a=rsa-sha1; s=smtp-out; d=abv.bg; c=simple; q=dns; b=HI4YN2h6Af+30wDBEQqXjgMMCb3FJjXDECH5mkxA9WTjy+WYf90bKRQBOGIy1d7CG 2jwsXeeHT8wFqz+TOAmXZZTMy1w10hkv57Djrwrj0BSB68gU/of9sR3633GfmjKdMye haTd6tqWjvMrIdyuc+1UPuQnpJGuddCp/EVZkAI=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
 Hi all,

I'm using Ubuntu Hardy, Xen version 3.2.1-rc1-pre, Dom0 kernel 2.6.24-27-xen, 
PV DomU kernel 2.6.24-27-xen. 

I'm setting DomU as a router having iptables 1.3.8. I put an IDS system Snort 
in inline mode (IPS) on the router, which is configured to retrieve specific 
packets from kernel (iptables ... -j QUEUE and ip_queue module). At first snort 
started to report errors on each received packet. After a little bit of 
debugging and doing a sample application to test ipq_read() I found that raw 
data sent from kernel contains about 24 bytes more than expected. The 
additional bytes are in the meta data structure before the real packet content. 
This breaks raw data parsing. After a little bit of additional debugging I 
noticed that this happens only on Xen DomU VMs. On Dom0 it work fine, on other 
servers not running Xen it works also fine. 

Currently I'm about to install rtr DomU as HVM and I think it will work fine, 
but I don't want to leave it like this in production. 

Is there any reason in xen kernel to break sending packets from kernel to user 
space through the ip_queue module ? If so is there any way to work around this 
issue ?

Thanks in advance,
Plamen


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>