| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1322489230.7338.71.camel@mojatatu> Date: Mon, 28 Nov 2011 09:07:10 -0500 From: Jamal Hadi Salim <jhs@...atatu.com> To: "Fischer, Anna" <anna.fischer@...com> Cc: Herbert Xu <herbert@...dor.apana.org.au>, David Miller <davem@...emloft.net>, "jesse@...ira.com" <jesse@...ira.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "dev@...nvswitch.org" <dev@...nvswitch.org> Subject: Issues with openflow protocol WAS(RE: [GIT PULL v2] Open vSwitch On Mon, 2011-11-28 at 13:54 +0000, Fischer, Anna wrote: > Yes, I mentioned this months ago, and I am surprised this critical > issue has never been picked up on and addressed. With a flaw like > this there is no chance this component can be used in any serious > virtualization deployment where different customers share the same physical server. > > The path up to user-space needs to be designed in a multi-queue fashion, so that > each vPort has its own queue up to user-space. Ideally those queues also need to > be rate controlled in some form, so that no DoS is possible. Good - more folks scrutinizing openflow ;-> That would resolve the kernel->user if in addition you then add prioritization of those queues. But even then also the same problem exists with open flow in the northbound direction towards the external controller where there is a single (TCP) socket. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists