Building device drivers with oskit10_support_l4env

Christian Helmuth ch12 at
Fri Oct 14 13:29:11 CEST 2005


On Thu, Oct 13, 2005 at 08:03:38PM +0800, Jianjun Shen wrote:
> I think my solution can not help you - I has not
> investigated omega0, but just suspected oskit dose not
> correctly request service from omega0. In fact, I am
> far from a certain answer, and still can not make my
> program always play properly. The scis drivers still
> do not work, so I just removed scsi support.

Too bad.

> Some questions:
> 1) I know there is a ore stub in l4lx26, then, is
> there a one for flips in lx26?

Yes, there is a device driver stub for ore in L4Linux-2.6. For flips,
there's no such module as Linux does not support more than 1 TCP/IP
instance below its socket layer - remember flips is a fully functional
network stack implementation providing a BSD socket API. (You're right if
think one could implement a virtual device in L4Linux-2.6 and FLIPS that

If you're looking for an ore device driver stub for flips, I must put you
off until a volunteer appears who wants to implement it / port it from
L4Linux-2.6 to Linux2.4-based flips. Maybe you're prepared to do the job?

> 2) How you have considered a NIC can be shared by
> multiple l4lx instance? One IP per instance, or NAT?

Please, do not mistake the network interface layers for the "network
layer" (that is IP in TCP/IP). If your L4Linux instances are to share one
physical device on device layer, ore is what you want. It switches the NIC
into promiscuous mode effectively listening to all traffic on the wire.
(Yes, there are performance concerns.) Then ore serves network packets on
the basis of MAC addresses to clients.

If you want network address translation (NAT), you need router software as
NAT works on the "network layer". With some effort you may use FLIPS with
virtual device(s) or a special L4Linux instance for that purpose. But in
this case, you may also need a virtual (wire) switch.

> 3) I found a "l4vfs" in your CVS. What is it?

Hence the name, l4vfs implements a kind of virtual file system switch, but
I'm far from the right person to give voluminous information. Maybe
somebody else could step in here?

> 4) I am also interested in IPSec, and I noticed there
> is a paper: "IPSec-Infrastruktur für Mikro-SINA" (in
> German) - is it about an IPSec implementation?

Yes, it is, actually about the IKE part of IPSec. You may also have a look

> Actually, I am trying to develop a secure system based
> on l4, in which all "subject"s share some basic
> servers, but can only communicate with separate
> untrusted servers (e.g. linux) based on their security
> classes.

Sounds interesting. Is it a term paper or thesis or something else?

> Currently, my project is just at initial stage. So I
> may often bother all of you in some days. Thanks
> first.
> Best regards!
> Jianjun Shen

Christian Helmuth

TU Dresden, Dept. of CS
Operating Systems Group

More information about the l4-hackers mailing list