Hello,
On Thu, Oct 13, 2005 at 08:03:38PM +0800, Jianjun Shen wrote:
I think my solution can not help you - I has not investigated omega0, but just suspected oskit dose not correctly request service from omega0. In fact, I am far from a certain answer, and still can not make my program always play properly. The scis drivers still do not work, so I just removed scsi support.
Too bad.
Some questions:
- I know there is a ore stub in l4lx26, then, is
there a one for flips in lx26?
Yes, there is a device driver stub for ore in L4Linux-2.6. For flips, there's no such module as Linux does not support more than 1 TCP/IP instance below its socket layer - remember flips is a fully functional network stack implementation providing a BSD socket API. (You're right if think one could implement a virtual device in L4Linux-2.6 and FLIPS that communicate.)
If you're looking for an ore device driver stub for flips, I must put you off until a volunteer appears who wants to implement it / port it from L4Linux-2.6 to Linux2.4-based flips. Maybe you're prepared to do the job? ;)
- How you have considered a NIC can be shared by
multiple l4lx instance? One IP per instance, or NAT?
Please, do not mistake the network interface layers for the "network layer" (that is IP in TCP/IP). If your L4Linux instances are to share one physical device on device layer, ore is what you want. It switches the NIC into promiscuous mode effectively listening to all traffic on the wire. (Yes, there are performance concerns.) Then ore serves network packets on the basis of MAC addresses to clients.
If you want network address translation (NAT), you need router software as NAT works on the "network layer". With some effort you may use FLIPS with virtual device(s) or a special L4Linux instance for that purpose. But in this case, you may also need a virtual (wire) switch.
- I found a "l4vfs" in your CVS. What is it?
Hence the name, l4vfs implements a kind of virtual file system switch, but I'm far from the right person to give voluminous information. Maybe somebody else could step in here?
- I am also interested in IPSec, and I noticed there
is a paper: "IPSec-Infrastruktur für Mikro-SINA" (in German) - is it about an IPSec implementation?
Yes, it is, actually about the IKE part of IPSec. You may also have a look at:
http://os.inf.tu-dresden.de/papers_ps/dach2005.pdf
Actually, I am trying to develop a secure system based on l4, in which all "subject"s share some basic servers, but can only communicate with separate untrusted servers (e.g. linux) based on their security classes.
Sounds interesting. Is it a term paper or thesis or something else?
Currently, my project is just at initial stage. So I may often bother all of you in some days. Thanks first.
Best regards! Jianjun Shen
Regards