WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] XCP antispoof

from [Matthew Law] [Permanent Link][Original]
To: "C V" <rayvittal-lists@xxxxxxxxx>
Subject: Re: [Xen-users] XCP antispoof
From: "Matthew Law" <matt@xxxxxxxxxxxxxxxxxx>
Date: Tue, 11 May 2010 08:39:01 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 11 May 2010 00:40:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <512485.6789.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <F8EB7C7A3464794A91EABC6727C9529B328246@xxxxxxxxxxxxxxxxxxxxxxxxx> <670542.76698.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4BE85892.4000704@xxxxxxxxxxxxxxx> <512485.6789.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: matt@xxxxxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.19 
Before you did this did you test to see if the standard XCP setup with
openvswitch is in fact 'spoofable'?

You may be able to accomplish the same results by using flows in
openvswitch itself rather than going to the trouble of using iptables
rules. It might be worth asking the ovs mailing list.

Interested to know how you get on,

Matt.

On Mon, May 10, 2010 8:46 pm, C V wrote:
> Thanks
> I got the xt_physdev.ko from /lib/modules/ inside the DDK VM and copied it
> to dom0 /lib/modules/...
> I ran depmod inside dom0 and modprobe xt_physdev in dom0 results in the
> same problem.
>
> ----- Original Message ----
> From: Jorge Armando Medina <jmedina@xxxxxxxxxxxxxxx>
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Sent: Mon, May 10, 2010 12:03:46 PM
> Subject: Re: [Xen-users] XCP antispoof
>
> C V wrote:
>> I've been trying to emulate the Xen antispoof features in XCP. This
>> requires the xt_physdev iptables extension. Here's what I've done:
>> 1. Downloaded the XCP DDK VM and installed it
>> 2. Downloaded the Dom0 kernel sources from
>> http://www.xen.org/files/XenCloud/Software/latest/sources/source-1.iso
>> to a running DDK VM instance
>> 3. make menuconfig inside the kernel sources and enable physdev inside
>> Networking->Network Packet Filtering->Core Netfilter
>> Configuration->physdev match support
>> 4. make modules modules_install inside the kernel sources
>> 5. Copy resulting xt_physdev.ko to dom0
>>
> I think step 4 will copy the modulo in /lib/modules/kern-version/..
>> 6. insmod results in an error:
>> insmod ./xt_physdev.ko
>> insmod: error inserting './xt_physdev.ko': -1 Unknown symbol in module
>>
> Did you depmod after installing the modules?
>
>> dmesg shows the error to be:
>> xt_physdev: disagrees about version of symbol xt_register_matches
>> xt_physdev: Unknown symbol xt_register_matches
>> Modinfo reports the correct version:
>> # modinfo xt_physdev.ko
>> filename:       xt_physdev.ko
>> alias:          ip6t_physdev
>> alias:          ipt_physdev
>> description:    Xtables: Bridge physical device match
>> author:         Bart De Schuymer <bdschuym@xxxxxxxxxx>
>> license:        GPL
>> srcversion:     4D030E98D0F909D8DA92F33
>> depends:        x_tables
>> supported:      yes
>> vermagic:       2.6.27.42-0.1.1.xs0.1.1.737.1065xen SMP mod_unload
>> modversions Xen 686
>>
>>
>> It seems that it requires a complete kernel rebuild and re-install. Can
>> anybody confirm this or help me with an alternate way of building
>> required iptables extensions?
>>
>> Thanks
>> --
>> C V


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] 2.6.26-2-xen-amd64 vs 2.6.26-1-xen-amd64 on debian, Tapas Mishra
Next by Date:  Re: [Xen-users] Starting XEN control daemon: xend failed!, Tapas Mishra
Previous by Thread:  Re: [Xen-users] XCP antispoof, C V
Next by Thread:  Re: Re: [Xen-users] XCP antispoof, George Shuklin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy