Jim Klimov wrote: > 2012-06-11 18:19, Dan McDonald wrote: >> The fundamental question is always: What problem are you really >> trying to solve? > > Okay, I found another rationale beside performance and simplified > intra-zone routing (though not as apparent as exclusive routing). > It seems that the shared IP stack offer better protection against > sniffing on colocated environments (i.e. zone-based hosting): it > is not allowed to use promiscuous mode on NIC aliases used in the > shared stack, while sniffing does work on exclusive VNICs. > > That might be a serious difference in some cases...
Yanking away PRIV_NET_RAWACCESS and PRIV_NET_OBSERVABILITY ought to prevent sniffing. (I haven't tested, though, to see what else breaks, as that seems to be a cruel thing to do to zone administrators.) For what it's worth (and having worked on the code in the now-distant past), I certainly agree with you at a high level. What you're describing is an "obvious" generalization of the exclusive stack concept. It was "obvious" enough that we actually discussed it internally when the feature was being added. Testing complexity and lack of a clear use-case were the main factors in deciding not to generalize. A related factor was feedback from the field. The addition of exclusive stacks was done because customers told Sun that they did not or could not use shared stacks at all, and they adamantly didn't want to share. Well, with no desire to share, that makes the implementation simpler; it becomes just an on/off flag rather than a multi-valued and reference-counted beast. Depending on what you're trying to accomplish, there may be other ways to go about providing higher-performance data paths between zones. One is by communicating between zones via shared (loopback-mounted) file systems. -- James Carlson 42.703N 71.076W <[email protected]> _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
