[Planetlab-devel] Best-effort port sharing
Justin Cappos
justincappos at gmail.com
Sat Mar 15 15:35:49 EST 2008
As I understand this policy, it would break authentication in Stork (as
would the monitor that was discussed). Although, if we also have a call
that tells us which slice is listening on a port (or preferably, connected
to a socket) then we can change our authentication to work in this case.
If this is not a viable option, then let me know and we'll figure out a
different solution...
Thanks,
Justin
On Sat, Mar 15, 2008 at 8:14 AM, Sapan Bhatia <sapanb at cs.princeton.edu>
wrote:
> Hi,
>
> Here's an alternative strategy for controlling the way slices bind to
> privileged ports.
> The way it differs from what we had previously discussed is that
> instead of having Monitor periodically dispossess slices of ports they
> don't own, we let the slice that owns a given port run this operation
> via vsys. The advantage of this strategy is that (i) The owning slice
> now dosn't have to wait for monitor to kill competing processes before
> it can start running (ii) If the owning slice doesn't need to use the
> port 24x7, then other slices can bind to it temporarily, leading to
> better utilization of the port.
>
> Specifically,
>
> - We introduce two new slice attributes: privileged_bind and
> vsys_bind_grab
> - A slice that has privileged_bind gets the capability to bind to any
> privileged port. It also gets a vsys hook (/vsys/port_open) that it
> can watch and be woken up the next time the port it's looking for is
> freed up.
> - A slice that has vsys_bind_grab can 'grab' a port even if it is in
> use by another slice. Such slices get access to the vsys entry
> /vsys/port_grab. To grab a port, the slice does an "echo <port number>
> > /vsys/port_grab.in". The script at the backend checks an acl to
> verify that the requesting slice owns port 53, and if so, it kills the
> process bound to the port. We might change this to 'send a SIGHUP
> followed by a KILL if the process doesn't release the port'.
>
> Sapan
>
> _______________________________________________
> Devel mailing list
> Devel at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.planet-lab.org/pipermail/devel/attachments/20080315/64c173d6/attachment.html
More information about the Devel
mailing list