Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Stack Cloning Updates on FreeBSD

Posted by Hemos on from the multi-stack-joy dept.

Dan writes "Network stack cloning patches on FreeBSD allow for multiple fully independent network stacks to simultaneously coexist in a single FreeBSD kernel. Marko Zec has prepared a latest snapshot of the patches (against 4.8-RELEASE). The latest snapshot includes (a) internal restructuring - - struct vimage is now separated in resource-specific containers, and (b) Kernel message buffers - each vimage / vprocg now has a private kernel message buffer instance. Julian Elischer gave a talk on this subject at the USENIX Annual Technical Conference (FreeNIX track) in San Antonio, TX, June 2003. Marko's slides were presented at BSDCon Europe 2002 in Amsterdam."

56 comments

  1. Very nice, but can it use another machine's nic? by DrSkwid · · Score: 5, Interesting

    Like many of the new ideas in the BSDs (private namespaces as chroot for instance), the idea of separate networks stacks is taken from plan9.

    It is even possible in plan9 to use the network stack of a remote machine as your own.

    Using sshnet one can do "sshnet remote_host" then all subsequent network activity for the current process group and any children will use the remote hosts' network stack as though it were local.

    In this way one can run tcp listeners on a remote machine (on IP N) that deny requests from anything but the IP N and leave SSH as the only external listener. No special tunnelling hoops to jump through.

    Monolithic kernels are dying.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  2. Re:Very nice, but can it use another machine's nic by F2F · · Score: 2, Insightful

    amen to that!

    one hasn't truly lived until they've done an:

    import somewhere.far.away /net /net

  3. zen the the art of trolling by Anonymous Coward · · Score: 0, Offtopic

    Trolling is an ancient artform, you my freind are a spammer. Learn the way of the troll and you can help others come to new realisations, elightening the world.

    The troll is outcast, he is forever the outsider commited to the outside. When the reality changes, so does the troll. In this sense a troll is like water, changing his position as the rock moves. You have yet to change your nappies.

    When someone is about to snap the troll pushes a little harder till he hears cracking, then stops. The victim of the trolling can then see the cracks, and has the spinal mobility to change form and evolve. If you push too hard you either make them snap or you make them dig into an immobile position to resist the trolling (which is the case when you spam them).

    I appreciate what you are trying to do, but you are giving trolling a bad name.

    1. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      He wasn't using reverse psychology, you dumb cunt. He was insulting you. He was saying you have no class, and he was correct. Crapflooders are the lowest form of troll.

    2. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      Incorrect. He is pretending to be a BSD troll, you dumbfuck and trying to say that I dont meet his standards of BSD trolling, you cunt.

    3. Re:zen the the art of trolling by Anonymous Coward · · Score: 0
      It is with a heavy heart that we must report that Bob "I'm still dead" Hope has gone
      on to join the "B" team. As you all may know, BSD has been part of
      the "B" team for quite some time.

      The Year of Our Lord 2003 has been
      a particularly bad year for the "B"s,

      • Bob Hope
      • Buddy Ebsen
      • Buddy Hackett
      • Barry White
      • BSD
      This honored list
      of dead is but a small token of adieu from the many fans of the deceased.

      These dead were truly some American Icons. They will be missed.

    4. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      Fair enough -- I suppose if he were pretending, then what he said could be considered reverse pyschology. If that was the case, I apologize for calling you a dumb cunt. I guess you are right; his calling himself a BSD troll was disingenuous. But his little Tao of trolling thing was a thousand times better than your feeble-minded attempt. You really need to lift your game. Cunt.

    5. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      You have begun to doubt as you fumble blindly, as a man in fire or lime, attempting to grasp at something which you cannot understand.

      You are the darth maul of trolls, ill-spoken and thinking that brute force (number of posts, severity of language) alone can defeat your opponents.

      You have been a victim of MY trolling power, for I am one of teh ancient trolls of old.

      If you shut up, you are obeying my will.
      If you change your tactics, you are subject to my power and teaching.
      If you continue on as you have, you dig yourself deeper into my troll-trap.

      You are defeated.

      And you BSD fan-boys had best not thank me, for while I was only passing through, I may decide to stay a while.

      For I am one of the last true trolls - keeper of the dark order, I wear the skin of billy goat gruff and listen to the whispering voices that reside beneath my bridge that speak of the eternal ragnatroll - the trollerdammerung - for the fight between good and evil is not the concern of a troll - only the balance of the invisible scales that exist in the hearts of all men.

    6. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      "what is a troll?" said a jesting Anonymous Coward, but did not stay for an answer.

    7. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      And the crapflooding in all the other areas of /dork have been stopped by what passes as management here.

    8. Re:zen the the art of trolling by andrewski · · Score: 0, Offtopic

      Our trolling will continue.

      It's 'My' not 'Our', Kevin. Please, go ahead and just fuck off. It'll only be a matter of time until everyone here knows who you are.

      Not even the amazing Kreskin could predict how many cocks in the ass you'll recieve in prison once your former employers bring you up on theft charges, which everyone hopes and prays they will. You are a cancer on the world, and should just stop holding a grudge against all things BSD.

      Besides, since you began your spam-fest, BSD has seen an exponential rise in users and deployed machines. Maybe your spamming is like a good luck charm!

      Anyway, here's to ButtStingingDeath!

    9. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      The only ButtStingingDeath around here is what's going to happen when your dad discovers you've been downloading pr0n on his computer.

      In the meantime stop feeding the trolls. If you ignore them they'll get tired of trolling and move on to something more interesting and socially productive like collecting navel lint.

    10. Re:zen the the art of trolling by Anonymous Coward · · Score: 0

      Ignoring hasn't really been tried. Almost every BSD article has at least one poster taking the troll-bait. Given that the form of the trolling hasn't changed much in over two years, I've got to wonder if these responses aren't themselves a subtle form of trolling -- I just can't imagine why someone would seriously take the time to respond to postings that have been repeated verbatim dozens of times and are so obviously lame. Perhaps the trolls are just egging each other on.

      The BSD section is just a more concentrated version of what's happening elsewhere on Slashdot. Linux posts get a lot of trolling too (along with MS astroturfing), but the total number of postings is so much greater that it's not as noticeable. What is noticeable is that the general percentage of accurate technical content in postings is steadily decreasing. That's not surprising; the folks who actually write sophisticated code are a shrinking fraction of the various camp-followers that make up the average slashdotter these days. So it actually wouldn't surprise me if someone thought that, as non-coders, they were contributing to Linux by tearing down anything that differs. This accounts for the ill-posed "why BSD?" challenges that crop up here. But all the "dying" posts are so obviously either the product of adolescent hijinks or some mentally imbalanced person with an obsession.

      In either case, why bother doing anything? Life is short enough as it is -- let these poor folk waste their time, but why should we let them waste ours?

  4. can somebody please summarize this? by Anonymous Coward · · Score: 0

    what is the point? :( pdf is a little rough for a monday morning.

  5. Jail by rf0 · · Score: 1

    Just sent an email to the author to see if using this would allows jails full access to the TCP/IP stack

    Rus

    --
    Cheap UK and US VPS
  6. *BSD by Anonymous Coward · · Score: 0

    this is great work, i appreciate it. I think its important to enjoy all forms of open source research.

    I do, however, pity the children who squander their valued time in life on putting down the hard work of individuals who create such great things.

    People like this, give whatever "community" they think they are a part of a childish image, when in reality the community wants nothing to do with any of them.

    I would rather not make any insults back, but please...go home, give your mother or whom ever raised you a visit, and ask them to explain why you were fed so paint chips as a child.

  7. Re:Hey, everybody, the main BSD spammer is Kevin! by Anonymous Coward · · Score: 0, Insightful

    If this is true, why not tell us his last name?

    me thinks you just have a grudge against someone and do not want to reveal his full name because of the obvious slander lawsuit that would be levied against you.

  8. I GLANCED at the paper by kwerle · · Score: 1

    But didn't get the point.

    What are some concrete uses of this technology?

    TIA

    1. Re:I GLANCED at the paper by trippinonbsd · · Score: 4, Interesting

      An alternative model, the jail [2] facility implemented in FreeBSD, provides the ability to partition the OS into multiple separated process groups with limited network addressing space. The kernel prevents user processes running in jailed environments from managing the processes and certain system resources outside their own jailed protection domain. All the jailed environments share the same network stack; however each jail is restricted to use a unique IP address, and cannot interfere with other network traffic. Creating jailed pseudo virtual machines in this manner has many potential uses; thus far the most popular one has been for providing highly efficient virtual machine services in Internet Service Provider environments. It should be noted that the standard jail architecture still uses a monolithic network stack. Therefore the jails do not maintain private instances of subsystems such as routing tables, traffic counters, packet filters and traffic shapers etc., so they must rely on the master OS environment to manage those facilities.
      The article says jails will have full control over a virtual stack. Soo... We can now have full firewall control under a jail, now that would make my life at LEAST twice as fun!

    2. Re:I GLANCED at the paper by kwerle · · Score: 1

      ...OK, that all sounds very exciting...

      Could you give me just one example of a use case for this?

      Thanks!

    3. Re:I GLANCED at the paper by trippinonbsd · · Score: 2, Interesting

      An example of using a firewall with in a jail? There are plenty of uses. Normally one cant control a firewall with in a jail. So for instance on my FreeBSD jail account I cant control the firewall at all, it would be nice to block some annoying users (or just add some nice 75% packetless and 200ms extra latency) at the firewall level with out having to email the hosting company and asking them to add a rule to the firewall on the server that my jail is on. This is another step towards vservers being as fast and as featurefull as a normal dedicated server.

    4. Re:I GLANCED at the paper by kwerle · · Score: 1

      Thanks for the example. Makes a lot more sense now.

  9. Re:Hey, everybody, the main BSD spammer is Kevin! by andrewski · · Score: 0, Offtopic

    Naw, in fact I didn't know his name was Kevin until I read post #6926523. I am also unafraid of slander lawsuits - I doubt this prick has the intelligence to figure out who I am, and the gumption to act upon that information if indeed he found out.

    I'm just tired of the crapflooding.

  10. Re:*BSD IS DYING by Anonymous Coward · · Score: 0

    Absolutely brilliant. Here is the original post for other readers, if they cannot grasp the genius.

  11. Re:*BSD IS DYING by Anonymous Coward · · Score: 0

    How helpful of you to point out your own genius.

  12. Re:Hey, everybody, the main BSD spammer is Kevin! by Anonymous Coward · · Score: 0

    The only Kevin I knew of was Kevin Rose - marketing director. He didn't make the WindRiver cut as I remember. I didn't keep records of when the 1st of the BSD is dying crapflooding started, so I can't say if the WindRiver buyout is about the time of the crapflooding.

    I'd have to see if I had his old e-mail(s) talking about he was going to be doing the consulting 'thing'.

  13. Re:SHIT ON ME! It's official by Anonymous Coward · · Score: 0

    IT MAKES ME SICK JUST THINKING ABOUT IT.

    Then please nip off and shoot yourself, M'kay?

  14. Re:Very nice, but can it use another machine's nic by mritunjai · · Score: 1
    amen to that! one hasn't truly lived until they've done an: import somewhere.far.away /net /net

    Your wish has been granted... actually it was around more than a decade ago.

    Check out QNX, you can use other QNX machine's network (and other devices, including audio, graphics, block devices etc) as your own local ones!!! And no silly imports etc... they just work!

    --
    - mritunjai
  15. Re:Very nice, but can it use another machine's nic by edhall · · Score: 4, Informative

    We're talking about a different level of abstraction, here. After all, from the OS's perspective, how can Plan9 "use the network stack of a remote machine" except via the network stack of the local machine? Nothing short of magic will let a machine "use another machine's nic" except via packets sent through its own. Yes, Plan9 supports user namespaces that allows network interfaces to be virtualized, but that's from the perspective of what BSD calls "userland" -- which is only partly related to what the article discusses.

    This facility is about allowing multiple networks stacks from the kernel's perspective. Not just the illusion of separate stacks as seen from userland (though it certainly provides that, too). These stacks can then be treated independently from the perspective of packet filtering, traffic shaping, and so on, as well as providing a "virtual machine" from a user's perspective. This isn't to say that Plan9's capabilities aren't useful or interesting, especially from a theoretical perspective. But Plan9 has different goals than an OS like FreeBSD that first and foremost is designed to be used as on server in a datacenter. Thus the perspective is more along the lines of machine virtualization and really has little to do with Plan9's concept of a namespace.

    -Ed
  16. Re:Very nice, but can it use another machine's nic by F2F · · Score: 1

    Plan 9 had it 14 years ago. Importing something and using it as your own is a consequence of its design -- everything is a file, so everything could be shared -- not a special hack like in QNX. That means I can let people import my mailbox so they can send mail to me on the 9grid or I can import somebody's IRC file system on my machine.

    And it really means _everything_, not only devices. Check out this MPI implementation using remotely served and imported _pipes_:

    message passing for Plan 9

  17. BSD Advisory #217 by Anonymous Coward · · Score: 0

    this Bitch iS Dead
  18. Re:*BSD IS DYING by Anonymous Coward · · Score: 0
    It's not dying.

    It's dead. D - E - A - D.