David Edmondson wrote: > * [EMAIL PROTECTED] [2008-01-14 07:34:17] > >>>> What type of change does IP do that causes Xen problems? >>>> >>> It byte-swaps fields in the headers. Given that the preference of the >>> guest domain is to provide a read-only mapping to pages it loans to >>> the IO domain, any attempt to modify packets is problematic. >>> >> And at a guess, we don't have a flag in the mblk/dblk that says the data >> is read-only (or something similar)? >> > > No, we don't have such a thing. > > >> (At least I can't see any evidence of this in stream.h) Would doing >> something like that help (if we aren't already) or do you think it >> is likely to just move the problem? >> > > In the simplest case it would just move the problem and probably make > things worse in the broader code (because we'd end up with needing to > check the flag in lots of places).
So if there was a desire to try and do firewall/NAT in dom0 on packets that come from domU, how would you recommend that be approached? Would that require the dom0 telling the domU that it needs to make packets on writeable pages? Or something else? Or even just put ideas like that in the "too hard" basket? Darren _______________________________________________ networking-discuss mailing list [email protected]
