From: David Vrabel <david.vrabel@citrix.com>
To: Vincent Hanquez <vincent.hanquez@citrix.com>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
Ross Philipson <ross.philipson@citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH (V9) 0/2] Add V4V to Xen
Date: Fri, 31 May 2013 11:21:53 +0100 [thread overview]
Message-ID: <51A879C1.3090708@citrix.com> (raw)
In-Reply-To: <51A8505A.8030706@citrix.com>
On 31/05/13 08:25, Vincent Hanquez wrote:
> On 05/30/2013 05:08 PM, David Vrabel wrote:
>> On 30/05/13 13:07, Ian Campbell wrote:
>>> No patch to docs/... at all? The hypercall interface docs have improved
>>> (although they still aren't great IMHO) but what's really needed is an
>>> overview of the design and a "how do I actually use this" type thing.
>> I agree. I'm looking at inter-domain communication mechanisms for use
>> in XenServer and it's not obvious how to use v4v securely.
>>
>> e.g., when a previously trusted domain (A) is compromised it may spam a
>> domain (B) with messages in a DoS attack. The per source domain/port
>> receive rings help here as the domain A will not be able to block B from
>> receiving traffic from other domains.
> It's really up to the guest to take active measure to prevent this to
> happens.
> B have multiple ways to handle this scenario:
>
> * unregister his ring: A can't communicate with B anymore
> * throttle his ring processing: if B doens't process his ring,
> eventually the ring is full
> and A can't send any more spam.
These require the use of per-sender rings.
> * use stream message type, which has the same semantic to tcp
> (LISTENING/CONNECTING/CONNECTED/..), where a stream need to be connected
> before data is processed.
You would still need to handle connection request spam.
> There's also the v4v firewall where connection can be blocked.
> I'm not sure at the moment that a guest can set anything in it itself,
> but if not
> i think it would be a good idea for a guest to proactively set blocking
> rules for
> ring it owns.
At the moment it looks like only privileged guest can add/modify
v4vtable rules.
>> But how are these per-connection rings created? This seems to require
>> out-of-band signaling for connection setup. I suppose this could be via
>> v4v and a connection manager service running in a known and trusted
>> domain. But how does a domain find the connection manager service and
>> how does it handle the connection management domain being restarted?
> Rings are created by a guest listening to v4v.
A listener doesn't know in advance which domains might attempt to
connect so it must necessarily create a ring that any domain can put
messages on.
One solution would be to have the per-ring v4vtable rule chains that the
ring owner can modify. Or some mechanism by which a ring owner can pause
a sender and prevent it temporarily (or permenantly) from placing any
messages on the ring.
David
prev parent reply other threads:[~2013-05-31 10:21 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-28 19:43 [PATCH (V9) 0/2] Add V4V to Xen Ross Philipson
2013-05-28 19:43 ` [PATCH (V9) 1/2] xen: events, exposes evtchn_alloc_unbound_domain Ross Philipson
2013-05-28 19:43 ` [PATCH (V9) 2/2] xen: Add V4V implementation Ross Philipson
2013-05-29 0:43 ` Matt Wilson
2013-05-29 19:28 ` Ross Philipson
2013-05-29 8:34 ` Jan Beulich
2013-05-29 19:26 ` Ross Philipson
2013-05-30 5:16 ` Jan Beulich
2013-05-29 9:56 ` Vincent Hanquez
2013-05-30 16:20 ` Tim Deegan
2013-06-04 18:01 ` Ross Philipson
2013-06-10 15:06 ` David Vrabel
2013-05-30 11:57 ` [PATCH (V9) 0/2] Add V4V to Xen Ian Campbell
2013-05-31 7:36 ` Vincent Hanquez
2013-05-31 7:50 ` Ian Campbell
2013-05-31 8:56 ` Vincent Hanquez
2013-05-31 9:01 ` Ian Campbell
2013-05-31 9:26 ` Vincent Hanquez
2013-05-31 16:29 ` Ross Philipson
2013-05-31 16:38 ` Ian Campbell
2013-05-30 12:07 ` Ian Campbell
2013-05-30 16:08 ` David Vrabel
2013-05-31 7:25 ` Vincent Hanquez
2013-05-31 10:21 ` David Vrabel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51A879C1.3090708@citrix.com \
--to=david.vrabel@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=ross.philipson@citrix.com \
--cc=vincent.hanquez@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.