[libvirt] Libvirt and IPSec (was: What about Trusted Virtual Domains???)

Hi to everyone! First of all, sorry for the thread subject change. Due to the several issues of the Libvirt implementation of the Trusted Virtual Domains (TVD), I decided to approach the topic in a modular manner. I think that the first step should be to define the IPSec support or, more in general, the secure tunnel support for Libvirt. I see the implementation divided in two step: 1. define a new driver called 'sectunnel' which describes a generic secure tunnel that will be established using several technologies (for now using only ipsec) 2. modify the existing 'network' driver by adding the possibility to specify the 'sectunnel' that the network have to use in the virtual network definition As an example, you can see below a possible XML definition of the network which use a secure tunnel and the corresponding 'sectunnel' XML definition: NETWORK DEFINITION ================== <network> <name>sec-net</name> <uuid>3e3fce45-4f53-4fa7-bb32-11f34168b82b</uuid> <bridge name='virbr0' /> <domain name='example' /> ... <sectunnel name='sec-tun' /> <--(specify the 'sectunnel' to use) </network> SECTUNNEL DEFINITION ==================== <sectunnel type='ipsec'> <name>sec-tun</name> <uuid>8b7fd1b0-4463-43b7-8b6e-8006344aeb66</uuid> <!-- Security Association definitions --> <sa> <secret uuid='...' /> <--(specify the 'secret' which contains the pre-shared key) </sa> <!-- Security Policy definitions --> <sp> <src_range address='10.0.0.1' prefixlen='30' port='5000' /> <dst_range address='10.0.0.2' prefixlen='30' port='5000' /> <upperspec protocol='any' /> <policy direction='out' action='ipsec'> <rule protocol='esp' mode='tunnel' level='require'> <src address='192.168.0.1' port='55055' /> <dst address='192.168.0.2' port='55055' /> </rule> </policy> </sp> <sp> <src_range address='10.0.0.2' prefixlen='30' port='5000' /> <dst_range address='10.0.0.1' prefixlen='30' port='5000' /> <upperspec protocol='any' /> <policy direction='in' action='ipsec'> <rule protocol='esp' mode='tunnel' level='require'> <src address='192.168.0.2' port='55055' /> <dst address='192.168.0.1' port='55055' /> </rule> </policy> </sp> </sectunnel> As you can see in the 'sectunnel' XML definition, I use a 'secret' element. This element is a Libvirt secret [1] and it stores the pre-shared key used by IPSec to establish the Security Associations (SA). Obviously this feature requires to define a new usage category in the 'secret' driver definition. Another possible way to establish the SA is to use the X.509 certificates. To this purpose, I think that the certificates already used by Libvirt to setup SSL/TLS remote connections, might be used. That's all! :-) What do you think about this possible IPSec implementation? Thanks in advance for the replies! Best regards, PAOLO LINK LIST --------- [1] http://libvirt.org/formatsecret.html -- PAOLO SMIRAGLIA Department of Control and Computer Engineering Mobile: +39 (333) 527 3593 Email: paolo.smiraglia(a)polito.it