* [EMAIL PROTECTED] [2008-01-14 07:55:57] > So if there was a desire to try and do firewall/NAT in dom0 > on packets that come from domU, how would you recommend > that be approached? Would that require the dom0 telling the > domU that it needs to make packets on writeable pages? > Or something else? > Or even just put ideas like that in the "too hard" basket?
Currently the approach is that a Solaris domU declares "I'll provide writable mappings to pages that I loan." A Solaris dom0 notices this and can take advantage of it. If the domU doesn't so declare then backend network driver copies data from the loaned page into a dom0 local mblk. It's worth noting that copying the data produces better throughput with some network cards, due to the delay in free-ing loaned buffers (there is a limit on the number of active buffers in the frontend<->backend channel and holding on to the buffers for a long time in dom0 can result in exhaustion). dme. -- David Edmondson, Sun Microsystems, http://www.dme.org _______________________________________________ networking-discuss mailing list [email protected]
