[nycbug-talk] Virtualized Network Stack, jail fun
Isaac Levy
ike at lesmuug.org
Tue Sep 18 12:09:02 EDT 2007
Hey All,
So this is COOL.
At the FreeBSD dev summit, I had the pleasure of speaking with Marco
Zec, (Croatia- Univ. of Zagreb), about his work Virtualizing the
network stack in FreeBSD.
This is cool stuff, described in great detail here:
http://imunes.tel.fer.hr/virtnet/
--
Why am I posting this? Jail(8).
This is currently the future path towards multiple IP addresses for
jails, (and a proper loopback interface), as well as IPv6 addressing
for jails.
Additionally, it enables each jail to do anything which it is given,
for it's IP addresses- including running a packet filter. (spamd from
jails, here we come!!!! Yeah!!!!)
With that, I just wanted to drop this email on list, as many people
have asked me about firewalling from jailed systems- and eventually
it will not only be possible, but as a separate subsystem from jail
(8) altogether :)
--
Add in ZFS work, and jail(8) looks better than ever once FreeBSD 7
hits the street as REL!
Additionally, there are several areas where people are working
towards various cpu/memory/disk resource control, (which would be
great for jailing as well) but this work is extremely difficult- low
level kernel work that moves very slowly... So...
Rocket-
.ike
More information about the talk
mailing list