From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Vrabel Subject: Re: [PATCH (V9) 0/2] Add V4V to Xen Date: Thu, 30 May 2013 17:08:04 +0100 Message-ID: <51A77964.6000500@citrix.com> References: <1369770211-4509-1-git-send-email-ross.philipson@citrix.com> <1369915658.13087.91.camel@zakaz.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1369915658.13087.91.camel@zakaz.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Ian Campbell Cc: Ross Philipson , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 30/05/13 13:07, Ian Campbell wrote: > > No patch to docs/... at all? The hypercall interface docs have improved > (although they still aren't great IMHO) but what's really needed is an > overview of the design and a "how do I actually use this" type thing. I agree. I'm looking at inter-domain communication mechanisms for use in XenServer and it's not obvious how to use v4v securely. e.g., when a previously trusted domain (A) is compromised it may spam a domain (B) with messages in a DoS attack. The per source domain/port receive rings help here as the domain A will not be able to block B from receiving traffic from other domains. But how are these per-connection rings created? This seems to require out-of-band signaling for connection setup. I suppose this could be via v4v and a connection manager service running in a known and trusted domain. But how does a domain find the connection manager service and how does it handle the connection management domain being restarted? The other big question I have is why v4v? v4v doesn't seem to offer any advantages over using shared rings like libvchan. David