[nycbug-talk] Virtualized Network Stack, jail fun

Isaac Levy ike at lesmuug.org
Tue Sep 18 12:09:02 EDT 2007


Hey All,

So this is COOL.

At the FreeBSD dev summit, I had the pleasure of speaking with Marco  
Zec, (Croatia- Univ. of Zagreb), about his work Virtualizing the  
network stack in FreeBSD.

This is cool stuff, described in great detail here:
http://imunes.tel.fer.hr/virtnet/

--
Why am I posting this?  Jail(8).

This is currently the future path towards multiple IP addresses for  
jails, (and a proper loopback interface), as well as IPv6 addressing  
for jails.

Additionally, it enables each jail to do anything which it is given,  
for it's IP addresses- including running a packet filter. (spamd from  
jails, here we come!!!!  Yeah!!!!)

With that, I just wanted to drop this email on list, as many people  
have asked me about firewalling from jailed systems- and eventually  
it will not only be possible, but as a separate subsystem from jail 
(8) altogether :)

--
Add in ZFS work, and jail(8) looks better than ever once FreeBSD 7  
hits the street as REL!

Additionally, there are several areas where people are working  
towards various cpu/memory/disk resource control, (which would be  
great for jailing as well) but this work is extremely difficult- low  
level kernel work that moves very slowly...  So...

Rocket-
.ike





More information about the talk mailing list