WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Network filtering setup

from [Jacob Gorm Hansen] [Permanent Link][Original]
To: xen-devel <Xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] Network filtering setup
From: Jacob Gorm Hansen <jacobg@xxxxxxx>
Date: Fri, 22 Dec 2006 15:25:59 +0100
Delivery-date: Fri, 22 Dec 2006 06:26:10 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:subject:from:to:content-type:date:message-id:mime-version:x-mailer:content-transfer-encoding:sender; b=VulpIzqipYTEvMN7m+r56IN769vIeOzQ7s+2V5usY8N5uaNX3zwLheGwhYIlZZEBihMA321k0+9oCp/BSeqKquLhCyLBsuGgGsBBt6GfRk0BRiYvwKe14Se29mfKaB1sOXUxVsFqnWL+2X4Q4GyF2ryomxx4NpgVNUOlMVHiW5Y=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
hi,

back in Xen 1.x days I had this wonderful setup where I did not have to
bother with vifs and bridges or fake MAC addresses, and the following
piece of C in dom0:

void setup_vfr_rules_for_vif(int dom,int vif,char* guest_ip)
{
    int f = open("/proc/xen/vfr",O_WRONLY);
    char s[256];
    sprintf(s,"ADD ACCEPT dstaddr=%s dstaddrmask=255.255.255.255 src=ANY
dstdom=%d dstidx=%d proto=any\n", guest_ip,dom,0 );
    write(f,s,strlen(s));
    sprintf(s,"ADD ACCEPT srcaddr=%s srcaddrmask=255.255.255.255 srcdom=
%d srcidx=%d dst=PHYS proto=any\n",guest_ip,dom,0 );
    write(f,s,strlen(s));
    close(f);
}

Would allow a domU to send and receive IP traffic through eth0,
including somehow magically getting ARP request answered our routed to
the right place.

I have been trying various things to get the same effect in Xen 3.x, but
to be honest my iptables knowledge is a bit rusty, so all I have been
able to come up with is a routed setup, but that only seems to work when
all the peers have the host hardcoded into their routing tables.

Does anyone have the perfect setup (list of iptables commands I suppose)
for this, preferable without bridging at the Ethernet layer?
NAT/Masquerading is not an option, as I prefer not to have any state
kept in dom0.

Thanks,
Jacob


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] qemu-dm monitor doesn't support the quit command, Kasai Takanori
Next by Date:  [Xen-devel] 13120:3e2d3d737624 breaks Solaris compile, John Levon
Previous by Thread:  [Xen-devel] [PATCH] qemu-dm monitor doesn't support the quit command, Kasai Takanori
Next by Thread:  Re: [Xen-devel] Network filtering setup, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy