RE: [Xen-devel] [patch 5/5] xen: net features

To:	"Jody Belka" <lists-xen@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xen-devel] [patch 5/5] xen: net features
From:	"Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date:	Tue, 1 Feb 2005 00:00:17 -0000
Delivery-date:	Tue, 01 Feb 2005 00:02:40 +0000
Envelope-to:	xen+James.Bulpin@xxxxxxxxxxxx
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
Thread-index:	AcUH7tfRGyZPK8zcTpuJX9YPfT13aQAAKYdQ
Thread-topic:	[Xen-devel] [patch 5/5] xen: net features

> > I can't see why making the frontend MAC readonly can really be done
> > securely within the domain.
> 
> Well, if you have module support enabled in the kernel, or some way
> that lets root write to random (domain) memory, then it's not really
> secure, although i think it's still a nice to have. Otherwise i would
> think it should be reasonably secure?

You need root access to change the mac normally, and its trivial for
root to change it under your scheme -- running sed on /dev/mem would do
it...

Enforcing the frontend's MAC address really needs to be done in the
backend, or using ebtables rules in the bridge. Anything else just gives
a false sense of security.
 
> > > (2) the addition of some xen-specific sysfs attributes
> > > on front/back vifs, 
> > 
> > What attributes?
> 
> Backend:
> - xen/fe.domain: frontend domain name
> - xen/fe.initial_address: initial frontend interface mac address
> - xen/fe.mac_mode: mac mode of the frontend interface (r/w)
> - xen/be.mac_mode: mac mode of the backend interface (r/w)
> 
> Frontend:
> - xen/mac_mode: mac mode of the interface

What's the naming convention for multiple fe/bs's.
I can see some point having the be enforce the MAC, and possibly in
having the enforcement address being configurable via sysfs. I'm not a
big fan of this section of the patch, though.

> > > (3) an option to set several vif defaults in a domain
> > > config file, for ease of use when creating multiple vifs.
> > Please give an example.
> 
>  vif_defaults = 'be_ext_sysfs=yes,ext_sysfs=yes,backend=eos'
>  
>  vif = [
>    'mac=aa:00:00:01:00:00,backend=0',
>    'mac=aa:00:00:01:01:00,be_mac=fe:ff:ff:01:01:ff',
>    'mac=aa:00:00:01:02:00,be_mac=fe:ff:ff:01:02:ff'
>  ]

Without the sysfs stuff this hunk looks less useful :-)

What do other people think?

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

WARNING - OLD ARCHIVES

xen-devel

RE: [Xen-devel] [patch 5/5] xen: net features