AF_IPN: Inter Process Networking, try these...

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: renzo@cs.unibo.it (Renzo Davoli)
To: Andi Kleen <andi@firstfloor.org>
Cc: David Miller <davem@davemloft.net>,
	cfriesen@nortel.com, linux-kernel@vger.kernel.org
Subject: AF_IPN: Inter Process Networking, try these...
Date: Fri, 7 Dec 2007 22:18:05 +0100	[thread overview]
Message-ID: <20071207211804.GA8293@cs.unibo.it> (raw)
In-Reply-To: <20071207100322.GM20595@one.firstfloor.org>

Andi, David,

I disagree. If you suspect we would be better using IP multicast, I think
your suspects are not supported.
Try the following exercises, please.... Can you provide better solutions
without IPN?

	renzo

Exercise #1.
I am a user (NOT ROOT), I like kvm, qemu etc. I want an efficient network
between my VM.

My solution:
I Create a IPN socket, with protocol IPN_VDESWITCH and all the VM can
communicate.

Your solution:
- I am condamned by two kernel developers to run the switch in the userland 
- I beg the sysadm to give me some pre-allocated taps connected together
by a kernel bridge.
- I create a multicast socket limited to this host (TTL=0) and I use it
like a hub. It cannot switch the packets.                               

Exercise #2.
I am a sysadm (maybe a lab administrator). I want my users (not root)
of the group "vmenabled" to run their VM connected to a network. 
I have hundreds of users in vmenabled(say students).

My Solution:
I create a IPN socket, with protocol IPN_VDESWITCH, connected to a virtual
interface say ipn0. I give to the socket permission 760 owner
root:vmenabled.

Your solution:
- I am condamned by two kernel developers to run the switch in the userland
- I create a multicast socket connected to a tap and then I define iptables
filters to avoid unauthorized users to join the net.
- I create hundreds of preallocated tap interfaces, at least one per user.

Exercise #3.
I am a user (NOT ROOT) and I have a heavy stream of *very private data* 
generated by some processes that must be received by several processes.
I am looking for an efficient solution.
Data can be ASCII strings, or a binary stream.
It is not a "networking" issue, it is just IPC.

My solution.
I Create a IPN socket with permission 700, IPN_BROADCAST protocol. All 
the processes connect to the socket either for writing or for reading (or both).

Your solution:
- I am condamned by two kernel developers to use userland inefficient
solutions like named pipes, tee, or a user daemon among AF_UNIX sockets.
- If I use multicast, others can read the stream.
(security by obscurity? the attacker do not know the address?)
- I use a multicast socket with SSL (it sounds funny to use encryption
  to talk with myself, exposing the stream to crypto attack).

next prev parent reply	other threads:[~2007-12-07 21:18 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-12-05 16:40 New Address Family: Inter Process Networking (IPN) Renzo Davoli
2007-12-05 21:55 ` Stephen Hemminger
2007-12-06  5:38   ` Renzo Davoli
2007-12-06  5:43     ` Renzo Davoli
2007-12-06  6:04     ` Stephen Hemminger
2007-12-05 23:39 ` Andi Kleen
2007-12-06  5:30   ` Renzo Davoli
2007-12-06  6:19     ` Kyle Moffett
2007-12-06  6:59       ` David Newall
2007-12-06 16:34         ` Andi Kleen
2007-12-06 22:21           ` David Newall
2007-12-06 22:42             ` Andi Kleen
2007-12-06 16:35     ` Andi Kleen
2007-12-06 20:36       ` Chris Friesen
2007-12-06 21:26         ` Andi Kleen
2007-12-06 21:49           ` Chris Friesen
2007-12-06 22:07             ` Andi Kleen
2007-12-06 22:18               ` Renzo Davoli
2007-12-06 22:38                 ` Andi Kleen
2007-12-07  0:18                   ` Renzo Davoli
2007-12-06 23:02               ` Chris Friesen
2007-12-06 23:06                 ` Andi Kleen
2007-12-06 23:42                   ` Chris Friesen
2007-12-07  3:41         ` David Miller
2007-12-07  4:21           ` Chris Friesen
2007-12-07  4:54             ` Ben Pfaff
2007-12-07  6:40             ` David Miller
2007-12-07 10:03               ` Andi Kleen
2007-12-07 21:18                 ` Renzo Davoli [this message]
2007-12-08  2:07                   ` AF_IPN: Inter Process Networking, try these David Miller
2007-12-10 16:05               ` New Address Family: Inter Process Networking (IPN) Chris Friesen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071207211804.GA8293@cs.unibo.it \
    --to=renzo@cs.unibo.it \
    --cc=andi@firstfloor.org \
    --cc=cfriesen@nortel.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox