WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Successful IPv6 Xen Deployment; Protection Against IPv4

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Successful IPv6 Xen Deployment; Protection Against IPv4 ARP Poisoning Attacks
From: "Teck Choon Giam" <giamteckchoon@xxxxxxxxx>
Date: Sat, 11 Oct 2008 02:19:32 +0800
Delivery-date: Fri, 10 Oct 2008 11:19:55 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Q24XN0I/0tLGKr5Z4/rMtJH6gnJrD5LPhtPsbjFAlhM=; b=R0d6uI6h3yim9t4LR+9JNKjL4PNVlVrzqjRbaP9Gcf5A+w/NZDH0mO2o0/H3BtaYg1 j7510CIl08kBbBDvMU/kYBEzXDeJasthLnhmeP7yrmzO1u3S3HrVhVhQH7l+R1/nvFRQ iuvuKky0Y21UnL0h1VGNH9+W7R+5C52OO/VvE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=vF2YgZUEmlzG3Z/cX3BVXpDkNc6tQTG94jeOMnpaAAms28c260D9FCBhZf2NChIXja AH27RVWQqtafxssoXHY2pyL6Ya9bwGiybX3/qNRFS8u/tceMXj7oNvMW1yM+ogOFPZuw x+btx2/glKpNNjThOKgFJuMCxs++Pj/vYItzo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <25857312.77741223582974579.JavaMail.root@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20899595.77691223582898304.JavaMail.root@xxxxxxxxxxxxxxxxxxxx> <25857312.77741223582974579.JavaMail.root@xxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Fri, Oct 10, 2008 at 4:09 AM, Cory Von Wallenstein
<cvonwallenstein@xxxxxxxxxxx> wrote:
> I apologize folks for not getting back to the list in a timely matter. Alas, 
> duty called.

No apology is needed.  Greatly appreciate your sharing/contribution :)

> I've put together a guide, as well as my patches, for:
>
> a) Getting IPv6 anti-spoofing to work.
> b) Preventing ARP poisoning attacks that can bring down IPv4 communication on 
> a subnet.
> c) Preventing IPv4 packet sniffing.
>
> The guide walking through the "method to my madness" is on my engineering 
> blog:
>
> http://www.standingonthebrink.com/index.php/ipv6-ipv4-and-arp-on-xen-for-vps/

Nice blog and many thanks for your effort to put up such informative
blog related to Xen.

>
> The modified networking scripts are vif-common.sh, vif-bridge, and 
> network-bridge. Diffs are attached. By no means do I consider these "THE 
> answer", but have worked well for what we have in the field, and I welcome 
> suggestions for improvements.

I have a suggestion since I just tried your patches in one of my test
server.  All my servers are with two NICs at least and running with
xen-3.3.0.  I encountered domU can't be started and when I check
/var/log/xen/xen-hotplug.log as below:

/etc/xen/scripts/vif-common.sh: line 261: [: : unary operator expected
Nothing to flush.
cat: /etc/xen/domU.cfg: No such file or directory
Nothing to flush.
/etc/xen/scripts/vif-common.sh: line 261: [: : unary operator expected
Nothing to flush.
Nothing to flush.
cat: /etc/xen/domU.cfg: No such file or directory
/etc/xen/scripts/vif-common.sh: line 261: [: : unary operator expected

So in vif-common.sh I modified from yours as below:

DOMU_CONFIG=`cat /etc/xen/${DOMU_NAME}.cfg`

to:

if [ -f "/etc/xen/${DOMU_NAME}" ] ; then
    DOMU_CONFIG=`cat /etc/xen/${DOMU_NAME}`
elsif [ -f "/etc/xen/${DOMU_NAME}.cfg" ] ; then
    DOMU_CONFIG=`cat /etc/xen/${DOMU_NAME}.cfg`
else
    DOMU_CONFIG=""
fi

After the above changes, I am able to start my domU as per normal.  I
am using /etc/xen/${DOMU_NAME} instead of with .cfg extension for my
domU config files.

Once again, thanks.

Kindest regards,
Giam Teck Choon

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>