Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Stack Cloning / Virtualization Extensions

Posted by timothy on from the your-virtual-empire dept.

HellRazr writes "From the FreeBSD hackers mailing list: 'at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches against 4.8-RELEASE kernel that provide support for network stack cloning. The patched kernel allows multiple fully independent network stack instances to simultaneously coexist within a single OS kernel, providing a foundation for supporting diverse new applications.' We can sure have fun with this..."

44 comments

  1. BSD isn't dying by CableModemSniper · · Score: 3, Funny

    It's cloning itself.

    --
    Why not fork?
  2. Yes by Mensa+Babe · · Score: 5, Informative

    I've heard about the idea and development of the vimage patch and this is a great news, that it's finally done and fully functional. Some of those ideas are not really new, as anyone who knows OS/390 could tell you, but it's really great they can now be used in FreeBSD systems.

    For those of you, who know that I'm involved in building honeynets, it won't be a surprise, that I am really (by which I mean really) looking forward to use those new features in my future honeypots, firewalls and other security-related projects.

    Actually, those features seem to be created just exactly to be used for deploying virtual honeynets. Just imagine what you can do with VMware, vimage-FreeBSD and UML all running on the same machine!

    Great work, Marko.

    --
    Karma: Positive (probably because of superiour intellect)
    1. Re:Yes by Jellybob · · Score: 2, Funny
      Just imagine what you can do with VMware, vimage-FreeBSD and UML all running on the same machine!


      Bring my crappy computer to a screeching halt?
    2. Re:Yes by DrZaius · · Score: 1

      On behalf of myself and all of the other slashdot idiots, I apologize. Sadly, not everyone is as educated or intelligent as you are.

      Wow, get off yourself buddy. Slashdot is not a mensa meeting. In real life, people smile when someone makes a joke.

      btw, could you imagine a beowulf cluster of these?

      --
      -- DrZaius - Minister of Sciences and Protector of the Faith
    3. Re:Yes by rigga · · Score: 1

      *applauds* Geeze, Cheesy Jokes get no respect.

      --
      RiGgA
    4. Re:Yes by Anonymous Coward · · Score: 0

      Mod Parent (Score:-1 Pompus Ass)

    5. Re:Yes by Anonymous Coward · · Score: 0

      YES Enough Already!! We Get it You are SOO smart. Your a mensa member bla bla bla. Yes you obviously know a lot about honeypots. Like we care. Whoopty doo da. BTW 'Mensa Babe' you think that you would have enough class and intelligence to think of a less sexist nic.

    6. Re:Yes by online-shopper · · Score: 1

      > illegal, pornography content, and they could be subject to prosecution, depanding on their jurisdiction).
      yeah, soo smart that you can't spell... the guy made a cheesy joke, get over it.

    7. Re:Yes by Jellybob · · Score: 1

      Well, since I'm half way through a Gentoo install, with nothing to look at but /. in Lynx, I'll reply.

      I'm perfectly aware that the *actual* use is to create honeynets without needing to buy yourself a small rackfull of physical servers to do it with. And I applaud the BSD team for making it possible natively, I may well have a play with it when I get bored someday.

      And I'm very sorry you didn't find my (admittedly poor) joke to your usual standards, I'll attempt to make the next one better.

    8. Re:Yes by Anonymous Coward · · Score: 0

      > > illegal, pornography content, and they could
      > > be subject to prosecution, depanding on their
      > > jurisdiction).
      >
      > yeah, soo smart that you can't spell...
      >
      what exactly is spelled wrong, smart ass?

    9. Re:Yes by Anonymous Coward · · Score: 0

      You're thinking of VM (and perhaps LPARs) not MVS (OS/390).
      OS/390 is first and foremost a batch processing environment.

    10. Re:Yes by Anonymous Coward · · Score: 0

      You judge your abilities based on a benchmark.
      Hahahahahahaha!

      Seriously,
      Perhaps you should look into the modern psychological positions on cognotive abilities.

      IQ has been, as with the so-called social-Darwinian theories, been pushed by the wayside.

      Judge yourself based on the contributions you have made, not by the scores of a test.

      I distrust IQ also because it was created by two antisemites, and I happen to be Jewish.

    11. Re:Yes by Anonymous Coward · · Score: 0

      What may be good and intellegent to you may be obscene and sordid to another.

      For example as a scholar in British governmental history, I find the concept of a written constitution unflexible and unwise, whilst you may disagree.

      More work on improving and less time patting yourself on the back please.
      This type of pettyness is making this forum sound more and more like a high school cafeteria.
      (Btw, I made a fairly decent score on that damned test (190ish composite)) But I'll be the first to say it doesn't mean a damn. I got some info regarding mensa ( anybody who calls themselves "table" doen't get capps, sorry.) and I told them to sodoff, I'm not so bad off as to need to go to a 5-step program for histrionics and narcisissists.

    12. Re:Yes by Anonymous Coward · · Score: 0

      Most of the good hackers can spot decoys with a fair amount of ease.
      So are you an unemployed network technician or what?

    13. Re:Yes by Anonymous Coward · · Score: 0

      You judge your abilities based on a benchmark. Hahahahahahaha!

      You judge your abilities based on a length of your penis. Hahahahahahaha!

      Seriously, Perhaps you should look into the modern psychological positions on cognotive abilities.

      Seriously, Perhaps you should look into the modern sexuological positions on cognotive abilities.

      IQ has been, as with the so-called social-Darwinian theories, been pushed by the wayside.

      Lenght of the penis has been, as with the so-called social-Darwinian theories, been pushed by the wayside.

      Judge yourself based on the contributions you have made, not by the scores of a test.

      Judge yourself based on the contributions you have made, not by the length of your penis.

      (Penis length/IQ) does not matter, damn it!!!

      (Why do I hear stuff like that all the time, from people with low IQ and small penis? It's just a coincidense, I suppose...)

      Cheers!

    14. Re:Yes by Anonymous Coward · · Score: 0

      Most of the good hackers can spot decoys with a fair amount of ease. So are you an unemployed network technician or what?

      Please tell me how do you tell a Debian install which is used to trap crackers, from exactly the same Debian install, which is used as a web server?

    15. Re:Yes by Anonymous Coward · · Score: 0

      Too Chicken Mensa Babe. Now your posting AC to avoid losing more face. Bitch

    16. Re:Yes by Anonymous Coward · · Score: 0

      DEPENDING.

    17. Re:Yes by Anonymous Coward · · Score: 0

      Thorough traffick analysis.

    18. Re:Yes by Anonymous Coward · · Score: 0
      With agressive honeypots using bait and switch, you'd only notice after you broke in.

      Remember to make sure you are where you expected to be and didn't get redirected on the fly!

    19. Re:Yes by Anonymous Coward · · Score: 0

      yeah me too.. prelinking and latest gcc WILL be worth it though..
      ps, try an find a nice small fb browser

  3. Plan 9 blah blah by DrSkwid · · Score: 1

    seems like plenty of ideas from plan 9 are backporting their way to the unix-likes.

    People, if you want plan 9 you know where to find it :

    http://plan9.bell-labs.com/plan9

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    1. Re:Plan 9 blah blah by rpeppe · · Score: 3, Informative
      to be more specific than Dr. Skwid, plan 9 has had multiple IP stacks from the word go (check out the man page).

      but not only that, but the fact that resources can be distributed transparently over the network means that a specific network interface (perhaps an interface to the outside world) can be imported from another machine, and used, exactly as if it were a local IP stack.

      none of this requires any particularly deep magic; it does however require a fresh approach from the ground up, something you're unlikely to find in any of the mainstream unix-like OSes...

  4. This would'nt be even a news on GNU/Hurd by latroM · · Score: 1

    It is interesting to see monolithical kernel systems trying to implement features which are basic stuff in multiserver microkernel operating systems.

    1. Re:This would'nt be even a news on GNU/Hurd by Anonymous Coward · · Score: 0

      Computer Science and the Attack of The Fads !!!!!

      O well, at least they're not ranting about the glories of Pascal anymore, thank God.

      Its interesting to see multiserver microkernels trying to implement features which are basic stuff in monolithic kernel operating systems.
      Example: Perfomance.
      Stability.
      Decent filesystem access routines.

      GNU/Hurd after 13 years finally has a non-beta release. This wouldn't be news on any other operating system.

    2. Re:This would'nt be even a news on GNU/Hurd by dreamchaser · · Score: 1

      No...what would be news on GNU/Hurd would be that it was actually ready for general use...or that disk partitions greater than 512 megabytes were supported...or that it performed with anywhere near the speed and stability of those 'old fashioned' monolithic kernels...

    3. Re:This would'nt be even a news on GNU/Hurd by latroM · · Score: 1

      Actually hurd supports partitions that are 2GB in size and it will support larger than that.

    4. Re:This would'nt be even a news on GNU/Hurd by Anonymous Coward · · Score: 0

      We're goin' for 8gig c'mon we can do it!
      8gig partitions!

  5. That's how it worked originally in UNIX by Animats · · Score: 3, Interesting
    Before BSD, before Bill Joy, there was 3COM's UNET TCP/IP package for UNIX, written by Greg Shaw. Originally, it had a rather weak implementation of TCP, but I fixed that and added ICMP and UDP support. We ran this at Ford Aerospace from 1981 until about 1985. It ran on PDP/11 machines, the original VAX 11/780, and the Z8000. (Our pair of Z8000 machines may have been the first single-chip microprocessors on the Internet.)

    UNET ran almost entirely in user space. All that went into the kernel were device drivers for the network devices and a psuedo-device to allow interprocess communication to the network process. This made modification and debugging much easier. You could kill and restart the network process without rebooting the system.

    Twenty years later, someone has reinvented this approach.

    1. Re:That's how it worked originally in UNIX by Anonymous Coward · · Score: 0
      helicopter crash
      dead flesh stinking charred flesh
      freebsd death
  6. Hard Times for *BSD by Anonymous Coward · · Score: 0
    So why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personalities?

    The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.