AF_IPN: Inter Process Networking, try these...

All of lore.kernel.org
 help / color / mirror / Atom feed

From: renzo@cs.unibo.it (Renzo Davoli)
To: Andi Kleen <andi@firstfloor.org>
Cc: David Miller <davem@davemloft.net>,
	cfriesen@nortel.com, linux-kernel@vger.kernel.org
Subject: AF_IPN: Inter Process Networking, try these...
Date: Fri, 7 Dec 2007 22:18:05 +0100	[thread overview]
Message-ID: <20071207211804.GA8293@cs.unibo.it> (raw)
In-Reply-To: <20071207100322.GM20595@one.firstfloor.org>

Andi, David,

I disagree. If you suspect we would be better using IP multicast, I think
your suspects are not supported.
Try the following exercises, please.... Can you provide better solutions
without IPN?

	renzo

Exercise #1.
I am a user (NOT ROOT), I like kvm, qemu etc. I want an efficient network
between my VM.

My solution:
I Create a IPN socket, with protocol IPN_VDESWITCH and all the VM can
communicate.

Your solution:
- I am condamned by two kernel developers to run the switch in the userland 
- I beg the sysadm to give me some pre-allocated taps connected together
by a kernel bridge.
- I create a multicast socket limited to this host (TTL=0) and I use it
like a hub. It cannot switch the packets.                               

Exercise #2.
I am a sysadm (maybe a lab administrator). I want my users (not root)
of the group "vmenabled" to run their VM connected to a network. 
I have hundreds of users in vmenabled(say students).

My Solution:
I create a IPN socket, with protocol IPN_VDESWITCH, connected to a virtual
interface say ipn0. I give to the socket permission 760 owner
root:vmenabled.

Your solution:
- I am condamned by two kernel developers to run the switch in the userland
- I create a multicast socket connected to a tap and then I define iptables
filters to avoid unauthorized users to join the net.
- I create hundreds of preallocated tap interfaces, at least one per user.

Exercise #3.
I am a user (NOT ROOT) and I have a heavy stream of *very private data* 
generated by some processes that must be received by several processes.
I am looking for an efficient solution.
Data can be ASCII strings, or a binary stream.
It is not a "networking" issue, it is just IPC.

My solution.
I Create a IPN socket with permission 700, IPN_BROADCAST protocol. All 
the processes connect to the socket either for writing or for reading (or both).

Your solution:
- I am condamned by two kernel developers to use userland inefficient
solutions like named pipes, tee, or a user daemon among AF_UNIX sockets.
- If I use multicast, others can read the stream.
(security by obscurity? the attacker do not know the address?)
- I use a multicast socket with SSL (it sounds funny to use encryption
  to talk with myself, exposing the stream to crypto attack).

next prev parent reply	other threads:[~2007-12-07 21:18 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-12-05 16:40 New Address Family: Inter Process Networking (IPN) Renzo Davoli
2007-12-05 21:55 ` Stephen Hemminger
2007-12-06  5:38   ` Renzo Davoli
2007-12-06  5:43     ` Renzo Davoli
2007-12-06  6:04     ` Stephen Hemminger
2007-12-05 23:39 ` Andi Kleen
2007-12-06  5:30   ` Renzo Davoli
2007-12-06  6:19     ` Kyle Moffett
2007-12-06  6:59       ` David Newall
2007-12-06 16:34         ` Andi Kleen
2007-12-06 22:21           ` David Newall
2007-12-06 22:42             ` Andi Kleen
2007-12-06 16:35     ` Andi Kleen
2007-12-06 20:36       ` Chris Friesen
2007-12-06 21:26         ` Andi Kleen
2007-12-06 21:49           ` Chris Friesen
2007-12-06 22:07             ` Andi Kleen
2007-12-06 22:18               ` Renzo Davoli
2007-12-06 22:38                 ` Andi Kleen
2007-12-07  0:18                   ` Renzo Davoli
2007-12-06 23:02               ` Chris Friesen
2007-12-06 23:06                 ` Andi Kleen
2007-12-06 23:42                   ` Chris Friesen
2007-12-07  3:41         ` David Miller
2007-12-07  4:21           ` Chris Friesen
2007-12-07  4:54             ` Ben Pfaff
2007-12-07  6:40             ` David Miller
2007-12-07 10:03               ` Andi Kleen
2007-12-07 21:18                 ` Renzo Davoli [this message]
2007-12-08  2:07                   ` AF_IPN: Inter Process Networking, try these David Miller
2007-12-10 16:05               ` New Address Family: Inter Process Networking (IPN) Chris Friesen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071207211804.GA8293@cs.unibo.it \
    --to=renzo@cs.unibo.it \
    --cc=andi@firstfloor.org \
    --cc=cfriesen@nortel.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.