[Planetlab-devel] passing socket descriptors
Mark Huang
mlhuang at CS.Princeton.EDU
Wed Jul 12 15:20:37 EDT 2006
Fred Kuhns wrote:
> I have written a simple test which passes socket descriptors from the root
> context to user vservers (I explain why below). The passing of descriptors
> over UNIX domain sockets does work but I noticed that in the pl_netflow db the
> traffic to the socket is associated with the root context and not the client
> vserver which is actually using the socket. Likewise, the proc file
> /proc/scout/ports/summary reports the socket as belonging to the root context
> (i.e. the context creating the socket, not the context using the socket).
Slow down and explain everything a little more fully. From the second sentence
on, are you describing what you believe happens on the public PlanetLab, or the
results of your simple test?
Are you aware of Proper, the public PlanetLab service which allows slices to
bind reserved ports via fd passing, as well as other privileged operations?
> As a side note, I noticed that for UDP traffic the sender's port number is not
> reported for any UDP traffic. I am new to planetlab so perhaps this is the
> desired behavior but in my case if the sender's port # was included then the
> correct vserver could be identified. The Netflow stats report the senders port
> number so they are getting dropped during the parsing of the data.
This is expected behavior, to avoid creating endless numbers of flows when
someone decides to launch a UDP port scan. Other policies are summarized in the
sensor README (see http://localhost/flows/README or
http://cvs.planet-lab.org/cvs/~checkout~/netflow/flows.txt):
1. All times are in seconds since the epoch GMT.
2. UDP source ports are not tracked and are always recorded as 0.
3. UDP traceroute destination ports 33435-33524 (inclusive) are always
recorded as 33435.
4. ICMP type fields are stored in the src_port field.
5. ICMP code fields are stored in the dst_port field.
6. GRE version 2 keys are truncated to 16 bits and stored in the
src_port field.
7. PPTP Call IDs are stored in the src_port field.
8. Several fake slice names are used for traffic generated by the
stack that would otherwise be attributed to root:
a. connection_refused: TCP RST packets
b. icmp_reply: ping replies
c. icmp_unreachable: ICMP destination unreachable errors
9. Blank lines may be printed occasionally to keep the connection alive.
> 1) Am I doing something wrong? Is there some way to both transfer the socket
> _and_ transfer the "owning" context (vserver)?
Again, I'm not sure what you're asking. What exactly is the problem? There is an
interface that Proper uses to transfer ownership of sockets to slices. See the
VNET documentation:
https://www.planet-lab.org/doc/vnet.php#id268543
And the Proper code for how it uses it:
http://cvs.planet-lab.org/cvs/~checkout~/proper/propd_socket.c
>
> 2) Or is there a better way to effectively reserve ports using an existing
> api?
See the Proper "documentation":
https://wiki.planet-lab.org/twiki/bin/view/Planetlab/ProperApi
More information about the Devel
mailing list