WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [patch 5/5] xen: net features

On Mon, Jan 31, 2005 at 11:15:31PM -0000, Ian Pratt wrote:
> Please can you explain this patch and its motivation a bit more. 
> 
> > Allow (1) the making of both frontend and backend vif MACs read-only
> > (independently), 
> 
> I can't see why making the frontend MAC readonly can really be done
> securely within the domain.

Well, if you have module support enabled in the kernel, or some way
that lets root write to random (domain) memory, then it's not really
secure, although i think it's still a nice to have. Otherwise i would
think it should be reasonably secure?

> > (2) the addition of some xen-specific sysfs attributes
> > on front/back vifs, 
> 
> What attributes?

Backend:
- xen/fe.domain: frontend domain name
- xen/fe.initial_address: initial frontend interface mac address
- xen/fe.mac_mode: mac mode of the frontend interface (r/w)
- xen/be.mac_mode: mac mode of the backend interface (r/w)

Frontend:
- xen/mac_mode: mac mode of the interface

> > (3) an option to set several vif defaults in a domain
> > config file, for ease of use when creating multiple vifs.
> Please give an example.

 vif_defaults = 'be_ext_sysfs=yes,ext_sysfs=yes,backend=eos'
 
 vif = [
   'mac=aa:00:00:01:00:00,backend=0',
   'mac=aa:00:00:01:01:00,be_mac=fe:ff:ff:01:01:ff',
   'mac=aa:00:00:01:02:00,be_mac=fe:ff:ff:01:02:ff'
 ]

which then evaluates through to this sxp

 (device
     (vif
         (mac aa:00:00:01:00:00)
         (ext_sysfs yes)
         (be_ext_sysfs yes)
         (backend 0)
     )
 )
 (device
     (vif
         (mac aa:00:00:01:01:00)
         (be_mac fe:ff:ff:01:01:ff)
         (ext_sysfs yes)
         (be_ext_sysfs yes)
         (backend eos)
     )
 )
 (device
     (vif
         (mac aa:00:00:01:02:00)
         (be_mac fe:ff:ff:01:02:ff)
         (ext_sysfs yes)
         (be_ext_sysfs yes)
         (backend eos)
     )
 )

> Thanks for all the patches!

No probs. This is the first time i've ever done any kernel-level programming.
Started out just intending to do something to allow setting the be mac address,
but then i started tracing flows through the system, and figuring out how the
code worked, and it all went from there. Been a great experience.


J

-- 
Jody Belka
knew (at) pimb (dot) org


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

<Prev in Thread] Current Thread [Next in Thread>