__ (___()'`; Rusty's Remarkably Unreliable Guide to Lguest /, /` - or, A Young Coder's Illustrated Hypervisor \\"--\\ http://lguest.ozlabs.org Lguest is designed to be a minimal 32-bit x86 hypervisor for the Linux kernel, for Linux developers and users to experiment with virtualization with the minimum of complexity. Nonetheless, it should have sufficient features to make it useful for specific tasks, and, of course, you are encouraged to fork and enhance it (see drivers/lguest/README). Features: - Kernel module which runs in a normal kernel. - Simple I/O model for communication. - Simple program to create new guests. - Logo contains cute puppies: http://lguest.ozlabs.org Developer features: - Fun to hack on. - No ABI: being tied to a specific kernel anyway, you can change anything. - Many opportunities for improvement or feature implementation. Running Lguest: - The easiest way to run lguest is to use same kernel as guest and host. You can configure them differently, but usually it's easiest not to. You will need to configure your kernel with the following options: "Processor type and features": "Paravirtualized guest support" = Y "Lguest guest support" = Y "High Memory Support" = off/4GB "Alignment value to which kernel should be aligned" = 0x100000 (CONFIG_PARAVIRT=y, CONFIG_LGUEST_GUEST=y, CONFIG_HIGHMEM64G=n and CONFIG_PHYSICAL_ALIGN=0x100000) "Device Drivers": "Block devices" "Virtio block driver" = M/Y "Network device support" "Universal TUN/TAP device driver support" = M/Y "Virtio network driver" = M/Y (CONFIG_VIRTIO_BLK=m, CONFIG_VIRTIO_NET=m and CONFIG_TUN=m) "Virtualization" "Linux hypervisor example code" = M/Y (CONFIG_LGUEST=m) - A tool called "lguest" is available in this directory: type "make" to build it. If you didn't build your kernel in-tree, use "make O=". - Create or find a root disk image. There are several useful ones around, such as the xm-test tiny root image at http://xm-test.xensource.com/ramdisks/initrd-1.1-i386.img For more serious work, I usually use a distribution ISO image and install it under qemu, then make multiple copies: dd if=/dev/zero of=rootfile bs=1M count=2048 qemu -cdrom image.iso -hda rootfile -net user -net nic -boot d Make sure that you install a getty on /dev/hvc0 if you want to log in on the console! - "modprobe lg" if you built it as a module. - Run an lguest as root: tools/lguest/lguest 64 vmlinux --tunnet=192.168.19.1 \ --block=rootfile root=/dev/vda Explanation: 64: the amount of memory to use, in MB. vmlinux: the kernel image found in the top of your build directory. You can also use a standard bzImage. --tunnet=192.168.19.1: configures a "tap" device for networking with this IP address. --block=rootfile: a file or block device which becomes /dev/vda inside the guest. root=/dev/vda: this (and anything else on the command line) are kernel boot parameters. - Configuring networking. I usually have the host masquerade, using "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" and "echo 1 > /proc/sys/net/ipv4/ip_forward". In this example, I would configure eth0 inside the guest at 192.168.19.2. Another method is to bridge the tap device to an external interface using --tunnet=bridge:, and perhaps run dhcp on the guest to obtain an IP address. The bridge needs to be configured first: this option simply adds the tap interface to it. A simple example on my system: ifconfig eth0 0.0.0.0 brctl addbr lg0 ifconfig lg0 up brctl addif lg0 eth0 dhclient lg0 Then use --tunnet=bridge:lg0 when launching the guest. See: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge for general information on how to get bridging to work. - Random number generation. Using the --rng option will provide a /dev/hwrng in the guest that will read from the host's /dev/random. Use this option in conjunction with rng-tools (see ../hw_random.txt) to provide entropy to the guest kernel's /dev/random. There is a helpful mailing list at http://ozlabs.org/mailman/listinfo/lguest Good luck! Rusty Russell rusty@rustcorp.com.au. vemloft.net>2017-01-30 15:00:58 -0500 commit63a6fff353d01da5a22b72670c434bf12fa0e3b8 (patch) tree5707ae376777271ab2d77411fed89afb515f0257 /tools parenta3a4de056ed5cfb22085173d8f0f13b0ca6b6d60 (diff)

net: Avoid receiving packets with an l3mdev on unbound UDP sockets

Packets arriving in a VRF currently are delivered to UDP sockets that aren't bound to any interface. TCP defaults to not delivering packets arriving in a VRF to unbound sockets. IP route lookup and socket transmit both assume that unbound means using the default table and UDP applications that haven't been changed to be aware of VRFs may not function correctly in this case since they may not be able to handle overlapping IP address ranges, or be able to send packets back to the original sender if required. So add a sysctl, udp_l3mdev_accept, to control this behaviour with it being analgous to the existing tcp_l3mdev_accept, namely to allow a process to have a VRF-global listen socket. Have this default to off as this is the behaviour that users will expect, given that there is no explicit mechanism to set unmodified VRF-unaware application into a default VRF. Signed-off-by: Robert Shearman <rshearma@brocade.com> Acked-by: David Ahern <dsa@cumulusnetworks.com> Tested-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'tools')