[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [BUNDLE] Testing a simpler inter-domain transport

  • To: "Rusty Russell" <rusty@xxxxxxxxxxxxxxx>
  • From: "King, Steven R" <steven.r.king@xxxxxxxxx>
  • Date: Sun, 12 Feb 2006 19:24:30 -0800
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 13 Feb 2006 03:36:25 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcYwRicHBU5d0YSSQwyVHxJUZL38LAAAwXxg
  • Thread-topic: [Xen-devel] [BUNDLE] Testing a simpler inter-domain transport

Sorry, quixotic as charged.  :^)  Your patch is one thing, multi-domain
shared page LAN's are another.

If multi-domain shared page LAN's become more than a proof-of-concept
for your patch, we can worry about it then.  You mention the DOS attack,
but there are other problems that have no wired-LAN analog.  From Mr.
Minnich, it sounds such a thread already ran its course.  I looked
briefly but could not find it in the xen-devel archives.


-----Original Message-----
From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Rusty
Sent: Sunday, February 12, 2006 6:33 PM
To: King, Steven R
Cc: xen-devel
Subject: RE: [Xen-devel] [BUNDLE] Testing a simpler inter-domain

On Sun, 2006-02-12 at 15:39 -0800, King, Steven R wrote:
> > Note that like a real LAN, one badly behaved partition can block 
> > communication for the others they share the lan with...
> Shared page LAN is much less secure than a real LAN.  Any domain 
> attached to the shared page, i.e. in the LAN, can modify any frame "in

> flight" on the page.  Recipients have no confidence that the received 
> frame is actually what the sender sent.

Hi Steve,

        I don't quite know how to respond to this!  Your statement is
true given some assumptions, but not relevent to my implementation,
hence the presence of your assertion in this thread is quixotic.

        In my implementation, you can't tell which domain on the LAN a
packet came from, nor do I try to prevent malicious domains on the LAN
from effectively stopping all useful traffic.  I believe that
multi-domain access is useful in some scenarious, nonetheless.

Hope that clarifies?
 ccontrol: http://ozlabs.org/~rusty/ccontrol

Xen-devel mailing list

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.