[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [patch 5/5] xen: net features

  • To: "Jody Belka" <lists-xen@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
  • From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
  • Date: Tue, 1 Feb 2005 00:00:17 -0000
  • Delivery-date: Tue, 01 Feb 2005 00:02:40 +0000
  • List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
  • Thread-index: AcUH7tfRGyZPK8zcTpuJX9YPfT13aQAAKYdQ
  • Thread-topic: [Xen-devel] [patch 5/5] xen: net features

> > I can't see why making the frontend MAC readonly can really be done
> > securely within the domain.
> Well, if you have module support enabled in the kernel, or some way
> that lets root write to random (domain) memory, then it's not really
> secure, although i think it's still a nice to have. Otherwise i would
> think it should be reasonably secure?

You need root access to change the mac normally, and its trivial for
root to change it under your scheme -- running sed on /dev/mem would do

Enforcing the frontend's MAC address really needs to be done in the
backend, or using ebtables rules in the bridge. Anything else just gives
a false sense of security.
> > > (2) the addition of some xen-specific sysfs attributes
> > > on front/back vifs, 
> > 
> > What attributes?
> Backend:
> - xen/fe.domain: frontend domain name
> - xen/fe.initial_address: initial frontend interface mac address
> - xen/fe.mac_mode: mac mode of the frontend interface (r/w)
> - xen/be.mac_mode: mac mode of the backend interface (r/w)
> Frontend:
> - xen/mac_mode: mac mode of the interface

What's the naming convention for multiple fe/bs's.
I can see some point having the be enforce the MAC, and possibly in
having the enforcement address being configurable via sysfs. I'm not a
big fan of this section of the patch, though.

> > > (3) an option to set several vif defaults in a domain
> > > config file, for ease of use when creating multiple vifs.
> > Please give an example.
>  vif_defaults = 'be_ext_sysfs=yes,ext_sysfs=yes,backend=eos'
>  vif = [
>    'mac=aa:00:00:01:00:00,backend=0',
>    'mac=aa:00:00:01:01:00,be_mac=fe:ff:ff:01:01:ff',
>    'mac=aa:00:00:01:02:00,be_mac=fe:ff:ff:01:02:ff'
>  ]

Without the sysfs stuff this hunk looks less useful :-)

What do other people think?


This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.