[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH (V9) 0/2] Add V4V to Xen

On 30/05/13 13:07, Ian Campbell wrote:
> No patch to docs/... at all? The hypercall interface docs have improved
> (although they still aren't great IMHO) but what's really needed is an
> overview of the design and a "how do I actually use this" type thing.

I agree.  I'm looking at inter-domain communication mechanisms for use
in XenServer and it's not obvious how to use v4v securely.

e.g., when a previously trusted domain (A) is compromised it may spam a
domain (B) with messages in a DoS attack.  The per source domain/port
receive rings help here as the domain A will not be able to block B from
receiving traffic from other domains.

But how are these per-connection rings created?  This seems to require
out-of-band signaling for connection setup.  I suppose this could be via
v4v and a connection manager service running in a known and trusted
domain. But how does a domain find the connection manager service and
how does it handle the connection management domain being restarted?

The other big question I have is why v4v?  v4v doesn't seem to offer any
advantages over using shared rings like libvchan.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.