Hello,
On Thu, Oct 13, 2005 at 08:03:38PM +0800, Jianjun Shen wrote:
I think my solution can not help you - I has not investigated omega0, but just suspected oskit dose not correctly request service from omega0. In fact, I am far from a certain answer, and still can not make my program always play properly. The scis drivers still do not work, so I just removed scsi support.
Too bad.
Some questions:
- I know there is a ore stub in l4lx26, then, is
there a one for flips in lx26?
Yes, there is a device driver stub for ore in L4Linux-2.6. For flips, there's no such module as Linux does not support more than 1 TCP/IP instance below its socket layer - remember flips is a fully functional network stack implementation providing a BSD socket API. (You're right if think one could implement a virtual device in L4Linux-2.6 and FLIPS that communicate.)
If you're looking for an ore device driver stub for flips, I must put you off until a volunteer appears who wants to implement it / port it from L4Linux-2.6 to Linux2.4-based flips. Maybe you're prepared to do the job? ;)
- How you have considered a NIC can be shared by
multiple l4lx instance? One IP per instance, or NAT?
Please, do not mistake the network interface layers for the "network layer" (that is IP in TCP/IP). If your L4Linux instances are to share one physical device on device layer, ore is what you want. It switches the NIC into promiscuous mode effectively listening to all traffic on the wire. (Yes, there are performance concerns.) Then ore serves network packets on the basis of MAC addresses to clients.
If you want network address translation (NAT), you need router software as NAT works on the "network layer". With some effort you may use FLIPS with virtual device(s) or a special L4Linux instance for that purpose. But in this case, you may also need a virtual (wire) switch.
- I found a "l4vfs" in your CVS. What is it?
Hence the name, l4vfs implements a kind of virtual file system switch, but I'm far from the right person to give voluminous information. Maybe somebody else could step in here?
- I am also interested in IPSec, and I noticed there
is a paper: "IPSec-Infrastruktur für Mikro-SINA" (in German) - is it about an IPSec implementation?
Yes, it is, actually about the IKE part of IPSec. You may also have a look at:
http://os.inf.tu-dresden.de/papers_ps/dach2005.pdf
Actually, I am trying to develop a secure system based on l4, in which all "subject"s share some basic servers, but can only communicate with separate untrusted servers (e.g. linux) based on their security classes.
Sounds interesting. Is it a term paper or thesis or something else?
Currently, my project is just at initial stage. So I may often bother all of you in some days. Thanks first.
Best regards! Jianjun Shen
Regards
[...]
- I found a "l4vfs" in your CVS. What is it?
Hence the name, l4vfs implements a kind of virtual file system switch, but I'm far from the right person to give voluminous information. Maybe somebody else could step in here?
I'm the main author and quote from my README in l4vfs/:
"L4VFS is a collection of interfaces, servers, and client and server libraries. The name L4VFS is an abbreviation of "L4 virtual file system". It is built around a name_server, which helps when dealing with multiple objects in a hierarchical namespace.
L4VFS can be used to more easily port posix applications to L4, as the client libs provide posix-like functions, that is, the client libs act as an libc backend.
Please also look into the documentation in 'l4/pkg/l4vfs/doc' and in 'l4/pkg/dietlibc/'."
If there is anything more detailed you would like to know, just ask, but look into the docs before that.
Regards, Martin
Hello,
If you're looking for an ore device driver stub for flips, I must put you off until a volunteer appears who wants to implement it / port it from L4Linux-2.6 to Linux2.4-based flips. Maybe you're prepared to do the job?
I presumed a "pseudo" socket or transfer layer - I already know it dose not exit.
If your L4Linux instances are to share one physical device on device layer, ore is what you want. It switches the NIC into promiscuous mode effectively listening to all traffic on the wire.
I think it is not like a perfect solution. However, I have not thought over the networking yet.
Sounds interesting. Is it a term paper or thesis or something else?
It is just a personal plan now. I hope it will become a formal project later.
Best regards! Jianjun Shen
___________________________________________________________ 雅虎免费G邮箱-No.1的防毒防垃圾超大邮箱 http://cn.mail.yahoo.com
l4-hackers@os.inf.tu-dresden.de
-
Christian Helmuth -
Jianjun Shen -
Martin Pohlack