[vbox-dev] Internal Network - Switch Like Behavior

Antonio Augusto (Mancha) mkhaos7 at gmail.com
Fri Apr 24 10:12:02 PDT 2009


On Fri, Apr 24, 2009 at 07:11, Knut St. Osmundsen <bird at sun.com> wrote:
> Antonio Augusto (Mancha) wrote:
>> Hey Guys,
>>
>> I'm working on a security project and would like to do some
>> experiments with arp/dns poisoning, but to do so I'd need that the
>> network the VMs are connected behaved like a switched one, that is:
>> packets arrive only on the interface to where they are destined.
>> I've tried looking on the code, specially in
>> src/VBox/Devices/Network/DrvIntNet.cpp but I couldn't quite understand
>> how the "receiving" works ...
>> I see that there is a ringbuffer one the drvIntNetAsyncIoRun , but i
>> don't get if this buffer is exclusive for each interface or if its the
>> "network" buffer.
>>
>
> That ring buffer is exclusive for each interface. The ring is fed from
> src/VBox/Devices/Network/SrvIntNetR0.cpp and that's also where the
> "switch" code is.
>

Okie!
Got it working like i wanted :D
Took me some time to find where the Network was being spawned, but
eventually I got it.

I just needed to add one line
On ConcoleImpl2.cpp, line 1792, I just added one line contaning this:
rc = CFGMR3InsertInteger(pCfg, "IgnoreAllPromisc", true); RC_CHECK();

Did a quick test with 3 VMs and, even with the interface on
promiscuos, I can't see the communications between the other two
machines.
I didn't do much further testing, but as far as i can tell all the
rest is working like expected :)

It'd be a good thing to add this as a parameter on the XML files, but
I've noticed one thing: the network definitions are located on the VM
files, meaning that the network is created based on the VM desideres.
So, if VM1 decides to connect to a Net1 with "IgnoreAllPromisc" but
VM2 wants to create Net1 without this options it would bring up some
problems, am I right?

Do you guys have any plans or preferences on how this feature
would/could be implemented?
I might be able to accomplish this, but having something that follows
Sun intend would be the best.

In my head, this would be best added as an option into
NetserviceRegistry on VirtualBox.xml. Something like
<IntNetConfig name="Net" options="IgnoreAllPromisc" />

What do you guys think? Any comments?

Cheers,
KM




More information about the vbox-dev mailing list