Network Stack Cloning / Virtualization Extensions

HellRazr writes "From the FreeBSD hackers mailing list: 'at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches against 4.8-RELEASE kernel that provide support for network stack cloning. The patched kernel allows multiple fully independent network stack instances to simultaneously coexist within a single OS kernel, providing a foundation for supporting diverse new applications.' We can sure have fun with this..."

BSD isn't dying

[CableModemSniper]

It's cloning itself.

Yes

[Mensa Babe]

I've heard about the idea and development of the vimage patch and this is a great news, that it's finally done and fully functional. Some of those ideas are not really new, as anyone who knows OS/390 could tell you, but it's really great they can now be used in FreeBSD systems.

For those of you, who know that I'm involved in building honeynets [honeynet.org], it won't be a surprise, that I am really (by which I mean really) looking forward to use those new features in my future honeypots, firewalls and other security-related projects.

Actually, those features seem to be created just exactly to be used for deploying virtual honeynets [honeynet.org]. Just imagine what you can do with VMware, vimage-FreeBSD and UML all running on the same machine!

Great work, Marko.

Re:Yes

[Jellybob]

Just imagine what you can do with VMware, vimage-FreeBSD and UML all running on the same machine!

Bring my crappy computer to a screeching halt?

Re:Yes

[DrZaius]

On behalf of myself and all of the other slashdot idiots, I apologize. Sadly, not everyone is as educated or intelligent as you are.

Wow, get off yourself buddy. Slashdot is not a mensa meeting. In real life, people smile when someone makes a joke.

btw, could you imagine a beowulf cluster of these?

Re:Yes

[rigga]

*applauds* Geeze, Cheesy Jokes get no respect.

Re:Yes

[online-shopper]

> illegal, pornography content, and they could be subject to prosecution, depanding on their jurisdiction).
yeah, soo smart that you can't spell... the guy made a cheesy joke, get over it.

Re:Yes

[Jellybob]

Well, since I'm half way through a Gentoo install, with nothing to look at but /. in Lynx, I'll reply.

I'm perfectly aware that the *actual* use is to create honeynets without needing to buy yourself a small rackfull of physical servers to do it with. And I applaud the BSD team for making it possible natively, I may well have a play with it when I get bored someday.

And I'm very sorry you didn't find my (admittedly poor) joke to your usual standards, I'll attempt to make the next one better.

Plan 9 blah blah

[DrSkwid]

seems like plenty of ideas from plan 9 are backporting their way to the unix-likes.

People, if you want plan 9 you know where to find it :

http://plan9.bell-labs.com/plan9 [bell-labs.com]

Re:Plan 9 blah blah

[rpeppe]

to be more specific than Dr. Skwid, plan 9 has had multiple IP stacks from the word go (check out the man page [bell-labs.com]).

but not only that, but the fact that resources can be distributed transparently over the network means that a specific network interface (perhaps an interface to the outside world) can be imported from another machine, and used, exactly as if it were a local IP stack.

none of this requires any particularly deep magic; it does however require a fresh approach from the ground up, something you're unlikely to find in any of the mainstream unix-like OSes...

This would'nt be even a news on GNU/Hurd

[latroM]

It is interesting to see monolithical kernel systems trying to implement features which are basic stuff in multiserver microkernel operating systems.

Re:This would'nt be even a news on GNU/Hurd

[dreamchaser]

No...what would be news on GNU/Hurd would be that it was actually ready for general use...or that disk partitions greater than 512 megabytes were supported...or that it performed with anywhere near the speed and stability of those 'old fashioned' monolithic kernels...

Re:This would'nt be even a news on GNU/Hurd

[latroM]

Actually hurd supports partitions that are 2GB in size and it will support larger than that.

That's how it worked originally in UNIX

[Animats]

Before BSD, before Bill Joy, there was 3COM's UNET TCP/IP package for UNIX, [quux.org] written by Greg Shaw. Originally, it had a rather weak implementation of TCP, but I fixed that and added ICMP and UDP support. We ran this at Ford Aerospace from 1981 until about 1985. It ran on PDP/11 machines, the original VAX 11/780, and the Z8000. (Our pair of Z8000 machines may have been the first single-chip microprocessors on the Internet.)

UNET ran almost entirely in user space. All that went into the kernel were device drivers for the network devices and a psuedo-device to allow interprocess communication to the network process. This made modification and debugging much easier. You could kill and restart the network process without rebooting the system.

Twenty years later, someone has reinvented this approach.