Howt to add a domain id name field at each VM packet
18 views
Skip to first unread message
PREETI MISHRA
Jul 22, 2016, 8:37:27 AM7/22/16
to openxt
Hello,
I am collecting VM network packets at hypervisor. I want to identify which packet is generated by which VM. A packet may be IP spoofed. Hence i do not want to differentiate them based on their VM IP.
One solution could be to mark each VM packet by its domain ID field by applying ebtable rules at the VM start up script of Xen. This will apply packet: mark with domain id.
My question is how to implement that? and how to decode the packet:mark information when it reaches to hypervisor.
Any other way??
Thanks
Jed Lejosne
Jul 22, 2016, 10:52:30 AM7/22/16
to PREETI MISHRA, openxt
Hi,
VM network packets don't go through the hypervisor.
In OpenXT, a VM called the NDVM is responsible for managing network activity.
The way packets are transmitted between the guest VM (or its
stubdomain for tools-less VMs) and the NDVM is through Xen PV
networking (netfront in the VM/stubdom, netback in the NDVM).
Supposedly, if you somehow mark packets in the guest, you should be
able to see the mark in the NDVM.
However, you shouldn't need to mark packets to know where they're
coming from, since netback already provides that information (example:
packets received on vif5.0 can only come from domain 5).
I hope that helps.
Jed
> --
> You received this message because you are subscribed to the Google Groups
> "openxt" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to openxt+un...@googlegroups.com.
> To post to this group, send email to ope...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/openxt/7e6ad9e5-b4a7-40e5-a0b4-3a845b7a98b3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
VM network packets don't go through the hypervisor.
In OpenXT, a VM called the NDVM is responsible for managing network activity.
The way packets are transmitted between the guest VM (or its
stubdomain for tools-less VMs) and the NDVM is through Xen PV
networking (netfront in the VM/stubdom, netback in the NDVM).
Supposedly, if you somehow mark packets in the guest, you should be
able to see the mark in the NDVM.
However, you shouldn't need to mark packets to know where they're
coming from, since netback already provides that information (example:
packets received on vif5.0 can only come from domain 5).
I hope that helps.
Jed
> You received this message because you are subscribed to the Google Groups
> "openxt" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to openxt+un...@googlegroups.com.
> To post to this group, send email to ope...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/openxt/7e6ad9e5-b4a7-40e5-a0b4-3a845b7a98b3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
PREETI MISHRA
Jul 22, 2016, 12:42:19 PM7/22/16
to openxt
Thanks for the reply.
Its difficult for me to understand right now.
Actually My exact problem is:
I want to perform a simple check at Dom0 whether a VM packet is IP spoofed or MAC spoofed? or everything is ok with it?
So could you please provide me the best possible way to do it using commands.
*I can read the packet header values such as read src IP and src MAC from it. I want to verify it from the information stored at Dom0. I don't know how i am going to fetch actual VM IP or VM MAC address of a packet (coming from a VM) at Dom0. Usually, I read the information is stored corresponding to domain ID at the time when the VM is launched.
Reply all
Reply to author
Forward
0 new messages