Interesting additions to Build 126
This Wednesday brought some interesting additions to the build 126 of Opensolaris. At first Crossbow got two new features: At first it got a feature called “Anti-spoofing link protection”. When you give away a VM bound to a virtual interface, the guest can do everything with this interface. Even sending malicious packets. Link protection in Opensolaris protects the network and other VMs from such VMs gone bad. This is a outcome of the PSARC 2009/436 :
Link protection is a new mechanism for preventing potentially malicious or misbehaving guest VMs from sending harmful packets to the network. This feature provides protection against these basic threats: IP, DHCP and mac spoofing; and L2 frame spoofing.
Another addition to Crossbow is the capability to define flows based on their remote port. This option was missing so far. You was just able to configure a remote IP. PSARC 2009/488 adds this option. In the TopSecret department the Solaris Cryptographic Framework got some additions needed for FIPS 140-2 compliance with the integration of the outcomes of PSARC 2009/447.