[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [BUNDLE] Testing a simpler inter-domain transport

On Sun, 2006-02-12 at 15:39 -0800, King, Steven R wrote:
> > Note that like a real LAN, one badly behaved partition
> > can block communication for the others they share the lan with... 
> Shared page LAN is much less secure than a real LAN.  Any domain
> attached to the shared page, i.e. in the LAN, can modify any frame "in
> flight" on the page.  Recipients have no confidence that the received
> frame is actually what the sender sent.

Hi Steve,

        I don't quite know how to respond to this!  Your statement is true
given some assumptions, but not relevent to my implementation, hence the
presence of your assertion in this thread is quixotic.

        In my implementation, you can't tell which domain on the LAN a packet
came from, nor do I try to prevent malicious domains on the LAN from
effectively stopping all useful traffic.  I believe that multi-domain
access is useful in some scenarious, nonetheless.

Hope that clarifies?
 ccontrol: http://ozlabs.org/~rusty/ccontrol

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.