Xen users - Sep 2008 - Giving a domU direct access to a NIC

Hello,

I am experimenting with Snort and other IDS and I would like to use Xen for
these tests. This would require me to use port mirroring to sent a bunch of
packets to a NIC located on my Xen machine.

I don''t really know how Xen networking works, but is it possible to
give a
domU direct access to a NIC ? Or at least give it enough access so that it
can see packets that are not for the domU originally.

Thank you in advance,

Antoine

-- 
Antoine Benkemoun
Tel : 03.51.53.57.00
Port : 06.32.88.59.35


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

2008. 09. 19, péntek keltezéssel 10.38-kor Antoine Benkemoun ezt írta:
> I don''t really know how Xen networking works,
http://wiki.xensource.com/xenwiki/XenNetworking
http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html


> but is it possible to give a domU direct access to a NIC ?
It''s possible to give PCI devices (including ethernet cards ;) to
domUs.
I haven''t ever tried this, but you may read:
http://www.novell.com/communities/node/2880/assign-dedicated-network-card-or-pci-device-xen-virtual-machine


> Or at least give it enough access so that it can see packets that are
> not for the domU originally.
I''m afraid not.



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Thanks very much ! I''ll have a look at that


On Fri, Sep 19, 2008 at 11:09 AM, Nemeth, Tamas
<nice@titanic.nyme.hu>wrote:
> 2008. 09. 19, péntek keltezéssel 10.38-kor Antoine Benkemoun ezt írta:
>
> > I don''t really know how Xen networking works,
> http://wiki.xensource.com/xenwiki/XenNetworking
> http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html
>
>
>
> > but is it possible to give a domU direct access to a NIC ?
>
> It''s possible to give PCI devices (including ethernet cards ;) to
domUs.
> I haven''t ever tried this, but you may read:
>
>
http://www.novell.com/communities/node/2880/assign-dedicated-network-card-or-pci-device-xen-virtual-machine
>
>
>
> > Or at least give it enough access so that it can see packets that are
> > not for the domU originally.
>
> I''m afraid not.
>
>
>

-- 
Antoine Benkemoun
Tel : 03.51.53.57.00
Port : 06.32.88.59.35


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Just another question, wouldn''t it be possible to do this with ebtables
?
For example, if I bridge the snort interface to the regular NIC and then I
forward all the packets to this NIC, would i be able to use ebtables or
something along these lines to send the packets to the snort interface ?

Thanks for your help,

Antoine

On Fri, Sep 19, 2008 at 3:16 PM, Antoine Benkemoun
<antoine@benkemoun.com>wrote:
> Thanks very much ! I''ll have a look at that
>
>
>
> On Fri, Sep 19, 2008 at 11:09 AM, Nemeth, Tamas
<nice@titanic.nyme.hu>wrote:
>
>> 2008. 09. 19, péntek keltezéssel 10.38-kor Antoine Benkemoun ezt írta:
>>
>> > I don''t really know how Xen networking works,
>> http://wiki.xensource.com/xenwiki/XenNetworking
>> http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html
>>
>>
>>
>> > but is it possible to give a domU direct access to a NIC ?
>>
>> It''s possible to give PCI devices (including ethernet cards ;)
to domUs.
>> I haven''t ever tried this, but you may read:
>>
>>
http://www.novell.com/communities/node/2880/assign-dedicated-network-card-or-pci-device-xen-virtual-machine
>>
>>
>>
>> > Or at least give it enough access so that it can see packets that
are
>> > not for the domU originally.
>>
>> I''m afraid not.
>>
>>
>>
>
>
> --
> Antoine Benkemoun
> Tel : 03.51.53.57.00
> Port : 06.32.88.59.35
>


-- 
Antoine Benkemoun
Tel : 03.51.53.57.00
Port : 06.32.88.59.35


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users