WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] [XCP] promiscuous mode for vif

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] [XCP] promiscuous mode for vif
From: George Shuklin <george.shuklin@xxxxxxxxx>
Date: Mon, 29 Nov 2010 08:24:42 +0300
Delivery-date: Sun, 28 Nov 2010 21:25:18 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; bh=3SR3T1hBuzL12vzcp8uVNQq+LmmGxEVq+huccTRfa+w=; b=vXNkFnDLy7Cs6oRy6X8uYJfMzED1Q5eH7IBvamYHc17reNgGmC7a4mPSFzotrTkcBA e60FRITuKFqYorLPNg8dxHp/TA2BU5H9cqByW7QrJrZtvA3c0MH/Ijksn2ghQUGtzaZs sXtPj5V9EiPugF9kGh7Rw3KHzZrgjm8ybIM5Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; b=N+EfM07Kj6VLSz0Ogz/lDNU+WLLcP3dViUNotyvo1I180q3/Xjk0T38arbfd/2IR5X uX2To1WqzSsghCe5SHnS/b1phJ2gdoQuC49xdKEKYletCdVHWg5D0ZexeXvOl4s3tfv5 sPT7uNKNcwtUjYZJgnH1t7UCQR45bTn5FsA2I=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Good day.

Found strange behavior in PV-domains. Application like tcpdump or iftop
require promiscuous mode for interface. And this feature is disabled by
default, as I understand.

message from iftop:
pcap_open_live(eth0): eth0: You don't have permission to capture on that
device (socket: Address family not supported by protocol)

As I understand promiscuous:on in other-config for vif will allow do
this. 

But here other question: will this somehow compromise security of XCP?
Will domain with promiscuous mode on vif allowed to see traffic of other
domains? Can it perform cache poisoning for open vswitch?

---
wBR, George.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] [XCP] promiscuous mode for vif, George Shuklin <=