From: David Vrabel <david.vrabel@citrix.com>
To: Vincent Hanquez <vincent.hanquez@citrix.com>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
Ross Philipson <ross.philipson@citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH (V9) 0/2] Add V4V to Xen
Date: Fri, 31 May 2013 11:21:53 +0100 [thread overview]
Message-ID: <51A879C1.3090708@citrix.com> (raw)
In-Reply-To: <51A8505A.8030706@citrix.com>
On 31/05/13 08:25, Vincent Hanquez wrote:
> On 05/30/2013 05:08 PM, David Vrabel wrote:
>> On 30/05/13 13:07, Ian Campbell wrote:
>>> No patch to docs/... at all? The hypercall interface docs have improved
>>> (although they still aren't great IMHO) but what's really needed is an
>>> overview of the design and a "how do I actually use this" type thing.
>> I agree. I'm looking at inter-domain communication mechanisms for use
>> in XenServer and it's not obvious how to use v4v securely.
>>
>> e.g., when a previously trusted domain (A) is compromised it may spam a
>> domain (B) with messages in a DoS attack. The per source domain/port
>> receive rings help here as the domain A will not be able to block B from
>> receiving traffic from other domains.
> It's really up to the guest to take active measure to prevent this to
> happens.
> B have multiple ways to handle this scenario:
>
> * unregister his ring: A can't communicate with B anymore
> * throttle his ring processing: if B doens't process his ring,
> eventually the ring is full
> and A can't send any more spam.
These require the use of per-sender rings.
> * use stream message type, which has the same semantic to tcp
> (LISTENING/CONNECTING/CONNECTED/..), where a stream need to be connected
> before data is processed.
You would still need to handle connection request spam.
> There's also the v4v firewall where connection can be blocked.
> I'm not sure at the moment that a guest can set anything in it itself,
> but if not
> i think it would be a good idea for a guest to proactively set blocking
> rules for
> ring it owns.
At the moment it looks like only privileged guest can add/modify
v4vtable rules.
>> But how are these per-connection rings created? This seems to require
>> out-of-band signaling for connection setup. I suppose this could be via
>> v4v and a connection manager service running in a known and trusted
>> domain. But how does a domain find the connection manager service and
>> how does it handle the connection management domain being restarted?
> Rings are created by a guest listening to v4v.
A listener doesn't know in advance which domains might attempt to
connect so it must necessarily create a ring that any domain can put
messages on.
One solution would be to have the per-ring v4vtable rule chains that the
ring owner can modify. Or some mechanism by which a ring owner can pause
a sender and prevent it temporarily (or permenantly) from placing any
messages on the ring.
David
prev parent reply other threads:[~2013-05-31 10:21 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-28 19:43 [PATCH (V9) 0/2] Add V4V to Xen Ross Philipson
2013-05-28 19:43 ` [PATCH (V9) 1/2] xen: events, exposes evtchn_alloc_unbound_domain Ross Philipson
2013-05-28 19:43 ` [PATCH (V9) 2/2] xen: Add V4V implementation Ross Philipson
2013-05-29 0:43 ` Matt Wilson
2013-05-29 19:28 ` Ross Philipson
2013-05-29 8:34 ` Jan Beulich
2013-05-29 19:26 ` Ross Philipson
2013-05-30 5:16 ` Jan Beulich
2013-05-29 9:56 ` Vincent Hanquez
2013-05-30 16:20 ` Tim Deegan
2013-06-04 18:01 ` Ross Philipson
2013-06-10 15:06 ` David Vrabel
2013-05-30 11:57 ` [PATCH (V9) 0/2] Add V4V to Xen Ian Campbell
2013-05-31 7:36 ` Vincent Hanquez
2013-05-31 7:50 ` Ian Campbell
2013-05-31 8:56 ` Vincent Hanquez
2013-05-31 9:01 ` Ian Campbell
2013-05-31 9:26 ` Vincent Hanquez
2013-05-31 16:29 ` Ross Philipson
2013-05-31 16:38 ` Ian Campbell
2013-05-30 12:07 ` Ian Campbell
2013-05-30 16:08 ` David Vrabel
2013-05-31 7:25 ` Vincent Hanquez
2013-05-31 10:21 ` David Vrabel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51A879C1.3090708@citrix.com \
--to=david.vrabel@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=ross.philipson@citrix.com \
--cc=vincent.hanquez@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).