Quoting Ted ([EMAIL PROTECTED]): > Can anyone point me to a good source of information on namespaces in > general and network namespaces specifically. Are network namespaces > something that could be utilized through xinetd to get polyinstantiated > port functionality?
I was just talking to Serge about this on IRC a bit. I think network namespaces might do some of what you want. Note that this is coming from somebody (me) that has never written a line of networking code in his life. So, don't pay too much attention. Just brainstorming. One of the important things that they give you is the ability to have multiple stupid daemons listening on "*:80". Each daemon thinks they "own" that port. However, the network namespace patches make sure that such a daemon doesn't receive any packets not meant for an IP owned by that daemon. So, if you added network namespaces with a rewriting netfilter rule that would mangle destination addresses to match the IP address of a containerized daemon, I _think_ you might be able to get what you want. So, 1. packet comes in for port 80 2. packet is tagged by secmark 3. packet matches netfilter rule, is redirected to a _specific_ IP 4. packet reaches containerized daemon listening on port 80 -- Dave -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
