I just read the "Network Subsystems Reloaded" paper by Sinha, Sarat and Shapiro. Part of it discusses a network stack implemented for EROS with several isolated processes. As such layout typically lacks performance, they at least avoid copying accross protection boundaries with shared memory.
A client of the TCP stack would give it access to four memory regions: two for TCP headers and two for payloads, for transmission and reception. This avoids DOS attacks by clients because the stack doesn't use it's own limited memory to work on behalf of it's clients. But to ensure correctness of network packets, header sections must not be writable by the client. With the design of space banks as it was vigourously debated earlier, would that be even possible? IIRC, it was not considered desirable that a process A could give authority to some of it's resources (here, memory) to another process B while losing some of it's own authority to it (but having the ability to reclaim it back). Curiously, Nowhere man -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
