From: Jeroen v. D. <jd...@xs...> - 2004-02-29 01:10:15
|
Hi, I have a secure UML setup in which networking via ethX devices is not an option, so I'm looking into other means of simple byte-stream-oriented communication with the host. I'm now looking into the option of communicating via unix sockets. The idea is to have the host listening on a unix socket, the guest sharing the same dir with hostfs and connecting to that socket. Is this possible somehow? Other ideas welcomed too. Regards, Jeroen mailto:jd...@xs... |
From: Jeff D. <jd...@ad...> - 2004-02-29 02:14:49
|
On Sun, Feb 29, 2004 at 01:58:54AM +0100, Jeroen van Disseldorp wrote: > I'm now looking into the option of communicating via unix sockets. The > idea is to have the host listening on a unix socket, the guest sharing > the same dir with hostfs and connecting to that socket. No, because the socket will be used by the socket code inside UML, it won't communicate with the socket on the host. What's needed is a little driver which looks like a socket inside UML, and which talks to a socket on the host, bridging between them. This would be useful for other things, such as making a host X socket available inside a UML that has no network. Jeff |
From: Jeroen v. D. <jd...@xs...> - 2004-02-29 02:27:10
|
On Sunday 29 February 2004 03:33, you wrote: > What's needed is a little driver which looks like a socket inside > UML, and which talks to a socket on the host, bridging between them. > This would be useful for other things, such as making a host X socket > available inside a UML that has no network. AFAIS, this enables communication one-way (host-app=server, guest-app=client). This is great and solves half my problem already. Can the same construction be used for opening up a socket on the guest, which gets mirrored on the host running a client app? Using this construction would allow client/server communication between two UMLs over a unix socket on the host. Is such a driver available/in the works? Regards, Jeroen mailto:jd...@xs... |
From: Chris W. <cn...@hf...> - 2004-02-29 02:53:32
|
At 01:58 AM 29/02/2004 +0100, you wrote: >Hi, > >I have a secure UML setup in which networking via ethX devices is not an >option, so I'm looking into other means of simple byte-stream-oriented >communication with the host. Easiest way I can think of is to map a UML tty to a pty on the host. Personally I use a connection like this for logging. I'm not thrilled with UML's ability to acquire pty pairs itself (it closes the master every time a process closes the tty, and it may not get the same pty number when it re-opens), but it's simple enough to use a wrapper that creates a pty master/slave pair (or several) and starts UML up with ttys mapped to pty slaves (pts channel). |
From: Jeff D. <jd...@ad...> - 2004-02-29 04:28:22
|
On Sat, Feb 28, 2004 at 10:41:47PM -0400, Chris Watt wrote: > I'm not thrilled with UML's ability to acquire pty pairs itself > (it closes the master every time a process closes the tty, and it may not > get the same pty number when it re-opens), but it's simple enough to use a > wrapper that creates a pty master/slave pair (or several) and starts UML > up with ttys mapped to pty slaves (pts channel). This is why UML lets you pass in ttys as well. Open up the master end on the host, give the slave to UML, and you get exactly what you are looking for. Jeff |
From: Jeroen v. D. <jd...@xs...> - 2004-02-29 15:02:13
|
On Sunday 29 February 2004 05:47, Jeff Dike wrote: > This is why UML lets you pass in ttys as well. Open up the master > end on the host, give the slave to UML, and you get exactly what you > are looking for. Yes, but this scheme doesn't work for real client/server settings in which you might have 200 clients at the same time connecting to the server inside UML. Regards, Jeroen mailto:jd...@xs... -- There is nothing wrong with Windows 2000... ...that Linux can't fix. |
From: Jeff D. <jd...@ad...> - 2004-02-29 04:41:16
|
On Sun, Feb 29, 2004 at 03:15:48AM +0100, Jeroen van Disseldorp wrote: > Can the same construction be used for opening up a socket on the guest, > which gets mirrored on the host running a client app? Using this > construction would allow client/server communication between two UMLs > over a unix socket on the host. I'm uncertain what the basic implementation should be. If it's a device (i.e. made with mknod), I'm not sure that's usable as a socket because I don't think there are accept/connect methods in the character device ops. If so, that means it needs to be a real socket, and the only room in there that I know of for plugging in random things is to add a new address family. > Is such a driver available/in the works? No, it's been talked about, but no one has done anything. Jeff |
From: Patrick \Petschge\ K. <pet...@we...> - 2004-02-29 12:18:03
|
Hi all, Jeff Dike wrote: >>> What's needed is a little driver which looks like a socket inside UML, >>> and which talks to a socket on the host, bridging between them. This >>> would be useful for other things, such as making a host X socket >>> available inside a UML that has no network >> Is such a driver available/in the works? > No, it's been talked about, but no one has done anything. Well I tried to code something like that using a kernel thread that opens a socket on the inside od the uml guest and connects to a socket on the hostside. But I encountered some problems that I could noz solve and so I gave up. Problem 1.) How do I shutdown a kernel thread when the uml goes down? At the moment my patched kernle gets stuck with 100% CPU usage when I trie to shut down the uml kernel. Problem 2.) How can I make sure that my kernel thread I startet _after_ the networking stuff is inited? At the moment I start the kernel thread with a __initcall and just do a sleep(30) in the thread. Problem 3.) I can only create sockets in the "anonymous" namespace. The normal namespace gives me some error which I don't rememeber right now but I could find out what th errorcode was. So if somebody could help me with this problem I'd be willing to put some more work into this. Or I could post my tried on this list or by pm. HTH, Patrick "Petschge" Kilian -- The Board views the endemic use of PowerPoint briefing slides instead of technical papers as an illustration of the problematic methods of technical communication at NASA. |
From: Jeroen v. D. <jd...@xs...> - 2004-02-29 15:00:38
|
On Sunday 29 February 2004 13:05, Patrick "Petschge" Kilian wrote: > So if somebody could help me with this problem I'd be willing to put > some more work into this. Or I could post my tried on this list or by > pm. I'm interested in this feature, so please do. I've done very limited kernel developing before, so I'm not sure if I can be of any help. But maybe this would be a good opportunity to learn... Regards, Jeroen mailto:jd...@xs... |
From: BlaisorBlade <bla...@ya...> - 2004-02-29 16:55:15
|
Alle 13:05, domenica 29 febbraio 2004, Patrick \ ha scritto: > Hi all, > > Jeff Dike wrote: > >>> What's needed is a little driver which looks like a socket inside UML, > >>> and which talks to a socket on the host, bridging between them. This > >>> would be useful for other things, such as making a host X socket > >>> available inside a UML that has no network > >> > >> Is such a driver available/in the works? > > > > No, it's been talked about, but no one has done anything. > > Well I tried to code something like that using a kernel thread that opens a > socket on the inside od the uml guest and connects to a socket on the > hostside. But I encountered some problems that I could noz solve and so I > gave up. > > Problem 1.) How do I shutdown a kernel thread when the uml goes down? At > the moment my patched kernle gets stuck with 100% CPU usage when I trie to > shut down the uml kernel. Possibly can be done either through exitcall or uml_exitcall. Give a look at the arch/um/kernel/sigio_*.c, especially at sigio_cleanup, which is an UML exitcall. Note however that the thread it refers to exists only on the host; it could be your case or not. > Problem 2.) How can I make sure that my kernel thread I startet _after_ > the networking stuff is inited? At the moment I start the kernel thread > with a __initcall and just do a sleep(30) in the thread. The proper way would be to use late_initcall instead of __initcall (check in <linux/init.h>), supposing that network does not already use late_initcall. Or you can just hack the network initcall and make it call your function; or your initcall can call the network init. In this case, to avoid double initialization, add at the start of network_init (or how is it called) something like: if (network_already_inited) return (Ok?); network_already_inited = 1; and before, in the same file: static int network_already_inited = 0; However rename the flag or someone could think you are a Pascal programmer (actually, I was). Seems like the actual function is called sock_init. Also, in 2.6 (what I am checking) initcalls are called after sock_init (in init/main.c: do_basic_setup()). So if that is right you do not need anything to make sure that your initcall is after network initialized. > Problem 3.) I can only create sockets in the "anonymous" namespace. The > normal namespace gives me some error which I don't rememeber right now but > I could find out what th errorcode was. Sorry, but I cannot find any "anonymous" namespace. What is it? Maybe PF_UNSPEC? I guess the "normal" namespace is PF_LOCAL. > So if somebody could help me with this problem I'd be willing to put some > more work into this. Or I could post my tried on this list or by pm There has been a lot of request for a such feature, so I would like if you can post it here or rather on uml-devel (especially to avoid anyone trying it without specific knowledge), even if it is not complete. So we could better help you. Also, state whether it is onto 2.4 or 2.6. -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 |
From: Jeroen v. D. <jd...@xs...> - 2004-02-29 16:18:21
|
On Sunday 29 February 2004 06:00, Jeff Dike wrote: > I'm uncertain what the basic implementation should be. If it's a > device (i.e. made with mknod), I'm not sure that's usable as a socket > because I don't think there are accept/connect methods in the > character device ops. > > If so, that means it needs to be a real socket, and the only room in > there that I know of for plugging in random things is to add a new > address family. One thing I'm thinking of: Run a special daemon inside the UML that is able to talk to the host. This daemon could talk to the host socket directly, or, for obvious security reasons, it could talk to a peer daemon on the host. Comments welcomed. Regards, Jeroen mailto:jd...@xs... |
From: BlaisorBlade <bla...@ya...> - 2004-02-29 17:15:20
|
Alle 17:06, domenica 29 febbraio 2004, Jeroen van Disseldorp ha scritto: > On Sunday 29 February 2004 06:00, Jeff Dike wrote: > > I'm uncertain what the basic implementation should be. If it's a > > device (i.e. made with mknod), I'm not sure that's usable as a socket > > because I don't think there are accept/connect methods in the > > character device ops. > > > > If so, that means it needs to be a real socket, and the only room in > > there that I know of for plugging in random things is to add a new > > address family. > > One thing I'm thinking of: Run a special daemon inside the UML that is > able to talk to the host. This daemon could talk to the host socket > directly, or, for obvious security reasons, it could talk to a peer > daemon on the host. > > Comments welcomed. Yes, this is the first answer I thought about (and since it is not in kernel space, it is less intrusive). The only problem is communication between the two daemons - and without any kernel change, we resort only to UML tty's/ssl's. They can even be connected to host network port (there is telnet in the middle, but this is simple to solve), even possibly something else. What is good with tty's, is that to attach them to a host socket you do not need a kernel thread and everything is much simpler! You implement the file_ops->read to call the host read on the socket (or recv(), or whatever, I never studied sockets properly). -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 |