Network Stack Cloning / Virtualization Extensions

HellRazr writes "From the FreeBSD hackers mailing list: 'at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches against 4.8-RELEASE kernel that provide support for network stack cloning. The patched kernel allows multiple fully independent network stack instances to simultaneously coexist within a single OS kernel, providing a foundation for supporting diverse new applications.' We can sure have fun with this..."

Yes

[Mensa+Babe]

I've heard about the idea and development of the vimage patch and this is a great news, that it's finally done and fully functional. Some of those ideas are not really new, as anyone who knows OS/390 could tell you, but it's really great they can now be used in FreeBSD systems.

For those of you, who know that I'm involved in building honeynets, it won't be a surprise, that I am really (by which I mean really) looking forward to use those new features in my future honeypots, firewalls and other security-related projects.

Actually, those features seem to be created just exactly to be used for deploying virtual honeynets. Just imagine what you can do with VMware, vimage-FreeBSD and UML all running on the same machine!

Great work, Marko.

Re:Plan 9 blah blah

[rpeppe]

to be more specific than Dr. Skwid, plan 9 has had multiple IP stacks from the word go (check out the man page).

but not only that, but the fact that resources can be distributed transparently over the network means that a specific network interface (perhaps an interface to the outside world) can be imported from another machine, and used, exactly as if it were a local IP stack.

none of this requires any particularly deep magic; it does however require a fresh approach from the ground up, something you're unlikely to find in any of the mainstream unix-like OSes...