WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] [XCP] promiscuous mode for vif

from [George Shuklin] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] [XCP] promiscuous mode for vif
From: George Shuklin <george.shuklin@xxxxxxxxx>
Date: Mon, 29 Nov 2010 08:24:42 +0300
Delivery-date: Sun, 28 Nov 2010 21:25:18 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; bh=3SR3T1hBuzL12vzcp8uVNQq+LmmGxEVq+huccTRfa+w=; b=vXNkFnDLy7Cs6oRy6X8uYJfMzED1Q5eH7IBvamYHc17reNgGmC7a4mPSFzotrTkcBA e60FRITuKFqYorLPNg8dxHp/TA2BU5H9cqByW7QrJrZtvA3c0MH/Ijksn2ghQUGtzaZs sXtPj5V9EiPugF9kGh7Rw3KHzZrgjm8ybIM5Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; b=N+EfM07Kj6VLSz0Ogz/lDNU+WLLcP3dViUNotyvo1I180q3/Xjk0T38arbfd/2IR5X uX2To1WqzSsghCe5SHnS/b1phJ2gdoQuC49xdKEKYletCdVHWg5D0ZexeXvOl4s3tfv5 sPT7uNKNcwtUjYZJgnH1t7UCQR45bTn5FsA2I=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Good day.

Found strange behavior in PV-domains. Application like tcpdump or iftop
require promiscuous mode for interface. And this feature is disabled by
default, as I understand.

message from iftop:
pcap_open_live(eth0): eth0: You don't have permission to capture on that
device (socket: Address family not supported by protocol)

As I understand promiscuous:on in other-config for vif will allow do
this. 

But here other question: will this somehow compromise security of XCP?
Will domain with promiscuous mode on vif allowed to see traffic of other
domains? Can it perform cache poisoning for open vswitch?

---
wBR, George.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] [XCP] promiscuous mode for vif, George Shuklin <=
Previous by Date:  [Xen-users] Set up Solaris 11 Express PV Guest at Xen 4.0.1 (2.6.32.26 pvops) Dom0 on top of F14, Boris Derzhavets
Next by Date:  [Xen-users] let domainU use tty, me,apporc
Previous by Thread:  [Xen-users] XCP: Weird interface bonding problem, Adam Walters
Next by Thread:  [Xen-users] let domainU use tty, me,apporc
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy