WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop
From: Paul Schulze <avlex@xxxxxxx>
Date: Sun, 22 Jun 2008 18:53:14 +0200
Delivery-date: Sun, 22 Jun 2008 09:53:55 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:mime-version:in-reply-to :references:content-type:message-id:content-transfer-encoding:from :subject:date:to:x-pgp-agent:x-mailer:sender; bh=u9dKNX4hMT6UsDNyQlinZXvxfAphH/4I2gCez1xXnnM=; b=ZAw2AI8mYQ58W+McbL5kimN/Ye/Ixk3S+ownaRsYy6ghgJgI2UN4DdY+Va/F2KbQBd vcEU+bQqRr0J4bQbY1puxMaVdNmmwIL9S3HZ4m4AoCHTH9zORHc0+ct1dS113y403U6X TOZelBbPRd2Q9Y501Utdd0xWz1vBKUcF5EAlw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:content-type:message-id :content-transfer-encoding:from:subject:date:to:x-pgp-agent:x-mailer :sender; b=N28Mw9oWFxT/H32CZggYBdcJ4WphWStadzsWYjvrjwm6sXUUMqlGG6qBozm5X6YFVt 59t9xyeC4ojIyR8pV0Z54Sr5hrDhuUmZJUbp/H5mfriqnChYwJNoLJjGcPF8XxHllmH8 91vXFrpIw+LXHc/k8eSnib/SLI0gStR6R38fA=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200806221629.57398.mark.williamson@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <7BF5DAC4-D094-4899-B905-1A0CFBEB3594@xxxxxxxxx> <200806221629.57398.mark.williamson@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mark,

I am currently in the process of setting up a firewall/access point
DomU and I would like to know if there is any way to run a linux
kernel 2.4(.34) based system as a DomU. The primary reason for this
is that I want to run IPCop on such a kernel, but also that I
consider kernel 2.4 based systems to be more suitable for some
applications, especially for use as a firewall.
I've seen some patches for 2.4 PV-on-HVM drivers support - and I  
*think* I've
seen patches for 2.4 domU support floating around.  However, you  
need more
than this because you're looking at PCI passthrough.  Doing PCI  
passthrough
to a domU requires more than just Xen domU support in that kernel,  
since it
also needs to talk to real hardware.  I'm not aware of patches  
allowing this
under Linux 2.4, although Linux 2.6 is well supported in this regard.

PCI passthrough to an HVM domain wouldn't have this limitation but would, as
you observe, require VT-d support currently :-(
If you could point me to the patches you mentioned, I would be  
grateful, since I myself couldn't turn up anything of the sort in the  
last few days. I am aware of the fact, that I would need patches that  
add most of the Xen support in kernel 2.6 to kernel 2.4, including  
the PCI frontend module. I will worry about that as soon as I have at  
least something to work with. I'm not worried about my NICs though,  
they should be well supported by kernel version 2.4.34 to 36 and  
those are the versions I am currently aiming for.

P.S.: I know, this setup sounds kind of paranoid, isolating Dom0 that
much and I might hit a wall somewhere because certain things are not
possible yet (thats actually one of the points of this experiment, to
see what Xen can do). I also realize it is pointless unless I use a
system with IOMMU in a PCI passthrough setup (ultimately enabling PCI
Passthrough to HVM), but for me it is more like a proof of concept,
than a security concern for the machine in question and I prefer to
run Linux on Xen paravirtualized anyway. If anyone has some thoughts
on this, he or she would like to share, I am always thankful for
advise or another point of view.
Are you aware that there have been patches posted (and possibly  
merged now, I
think, although not in a release) that support IOMMU protection for  
PCI
passthrough to PV domUs?  This would be useful for the kind of  
setup you
propose, should you wish to avoid the overheads of HVM.
I was not aware of that, but what I meant is, if I had hardware IOMMU  
support, I would not have to worry about running kernel 2.4. The  
overhead of running the system in a HVM isn't all that important at  
the moment, considering Xen seems to have problems with AMD's  
Cool&Quiet on my system anyways (so I do have quiet a bit of CPU time  
to spare).
Thanks,


Paul.

- --
Paul Schulze
avlex@xxxxxxx
Public Key: http://solaris-net.dyndns.org/keys/key_avlex.asc

"Making mistakes is human,
but to really fuck things up you need Computers"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFIXoN6YDWOGtiChoARAvCqAJ9v9GG5VITt8yKUJO7DFF4RB8WQlwCfR0sB
/QKdG0UHT9UKuAxVXrAKZ5M=
=JmAb
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>