Manualshelf

XenServer Software Development Kit Guide 4.1.0

ManualsBrandsHP ManualsServerHP ProLiant DL580 G5 Six Core Configure-to-order Tower Chassis
28293031323334353637
XenServer API extensions
28
The device /dev/xen/evtchn, which is accessed via xs_evtchn_open() in libxenctrl. A han-
dle can be restricted using xs_evtchn_restrict().
The device /proc/xen/privcmd, accessed through xs_interface_open() in libxenctrl. A
handle is restricted using xc_interface_restrict(). Some privileged commands are naturally
hard to restrict (e.g. the ability to make arbitrary hypercalls), and these are simply prohibited on restricted
handles.
A restricted handle cannot later be granted more privilege, and so the interface must be closed and re-
opened. Security is only gained if the process cannot subsequently open more handles.
The qemu device emulation processes and vncterm terminal emulation processes run as a non-root
user ID and are restricted into an empty directory. They uses the restriction API above to drop privileges
where possible.
Access to xenstore is rate-limited to prevent malicious guests from causing a denial of service on the
control domain. This is implemented as a token bucket with a restricted fill-rate, where most operations
take one token and opening a transaction takes 20. The limits are set high enough that they should never
be hit when running even a large number of concurrent guests under loaded operation.
The VNC guest consoles are bound only to the localhost interface, so that they are not exposed
externally even if the control domain packet filter is disabled by user intervention.
5.5. Advanced settings for network interfaces
Virtual and physical network interfaces have some advanced settings that can be configured using the oth-
er-config map parameter. There are a set of custom ethtool settings and some miscellaneous settings.
5.5.1. ethtool settings
Developers might wish to configure custom ethtool settings for physical and virtual network interfaces. This
is accomplished with ethtool-<option> keys via the other-config map parameter.
Key Description Valid settings
ethtool-rx Specify if RX checksumming is enabled on or true to enable the
setting, off or false to disable it
ethtool-tx Specify if TX checksumming is enabled on or true to enable the
setting, off or false to disable it
ethtool-sg Specify if scatter-gather is enabled on or true to enable the
setting, off or false to disable it
ethtool-tso Specify if tcp segmentation offload is enabled on or true to enable the
setting, off or false to disable it
ethtool-ufo Specify if UDP fragmentation offload is enabled on or true to enable the
setting, off or false to disable it
ethtool-gso Specify if generic segmentation offload is enabled on or true to enable the
setting, off or false to disable it
ethtool-autoneg Specify if autonegotiation is enabled on or true to enable the
setting, off or false to disable it
ethtool-speed Set the device speed in Mb/s 10, 100. or 1000
ethtool-duplex Set full or half duplex mode half or full