WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] firewalls and Xen

from [Ernst Bachmann] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] firewalls and Xen
From: Ernst Bachmann <e.bachmann@xxxxxxxx>
Date: Tue, 14 Feb 2006 17:09:01 +0100
Delivery-date: Tue, 14 Feb 2006 16:19:20 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <3988B614-F9C1-4DEB-A97C-65AF8E2F8E06@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <796A7B7A-174F-4A38-865B-09D316F8CAE8@xxxxxxxxx> <43F1F6EC.4010207@xxxxxxxx> <3988B614-F9C1-4DEB-A97C-65AF8E2F8E06@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.1 
On Tuesday 14 February 2006 16:38, Luke wrote:
...
> I'd really rather not introduce that complication, since all I need
> to figure out is which virtual interfaces these types of packets go
> from/to.  Plus, I'd really like to understand the packet flow through
> Xen's dom0 and domUs

The flow is something like:

packet arrives at hardware, is handled by dom0 eth driver and appears on 
peth0.
peth0 is bound to to the bridge, so its passed to the bridge from there.
This step is run on ethernet level, no IP addresses are set on peth0 or 
bridge.

Now the bridge distributes the packet, just like a switch would. Filtering at 
this stage would be possible with eb_tables.

now there's a number of vifX.Y connected to the bridge, it decides where to 
put the packet based on the receivers MAC.

the vif iface puts the packet into xen, which then puts the packet back to the 
domain the vif leads to (its also done that way for dom0, hence the 
vif0.0->(v)eth0 pair).

The target device in the dom0/domU finally has an ip address, you can apply 
ip-tables filtering here. 

/Ernst

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] might XenSpecificGlibc help me?, Chris Fanning
Next by Date:  Re: [Xen-users] Dell Poweredge 2650 - heavy IO hangs domU machine s; xen 2.0.7, xen kernel 2.6.11.12, Max E Baro
Previous by Thread:  Re: [Xen-users] firewalls and Xen, Luke
Next by Thread:  Re: [Xen-users] firewalls and Xen, Daniel Goertzen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy