From: Paul Sladen (vserver_at_paul.sladen.org)
Date: Mon 11 Nov 2002 - 11:19:09 GMT
On 11 Nov 2002, djp_at_comm.it wrote:
> On Mon, 2002-11-04 at 06:48, Paul Sladen wrote:
> > This will open up the possibility of having a local-loopback
> To be usefull [...] Bindings should work and report address 127.0.0.1 and
> connections to 127.0.0.1 should have client ip address 127.0.0.1 (not
> the IP root and *not* the 127.1.0.ctx or 127.1.ctxhi.ctxlo address).
Yup, I think the idea will be to mangle 127.0.0.1 -> 127.1.ctxhi.ctxlo (so
that the routeing/binding works), then to /demangle/ it back to 127.0.0.1
for delivery to the application. Or to put it another way, userspace only
ever sees 127.0.0.1 and kernel space only ever sees 127.1.ctx.yz.
For privacy we also need, either to load a separate lo device (not lo:alias)
for each context, or put some filtering in so that tcpdumping the interface
doesn't get you everybody else's data like it was a shared ethernet segment.
> I would be very willing to contribute programming and testing time and
> resources to this, as I'm currently trying to get a piece of commercial
> binary-only cr*p to run within a context.
That's a very kind statement!
Out of interest, what is the binary-only cr*p you're needing to run?
Hmm, we need a flag on whether you not to mangle localhost, because that way
(as a kludge) you could allow that vserver access to `lo:127.0.0.1'.
-- Nottingham, GB