Re: Thinking about "branes" for netbsd...

[Gert Doering <gert%greenie.muc.de@localhost>]

Hi,

On Thu, May 03, 2012 at 12:23:36PM -0400, Mouse wrote:
> >>> [...] "processes get chroot'd into branes" [...]
> >> I'm not even sure what it could mean, [...].  Perhaps something is
> >> being extended metaphorically, but it's unclear to me what or how
> >> that could be.
> > "Give processes a different view to the network than 'the rest of the
> > machine' has" - not that different to "give processes a different
> > view to the file system", no?
> 
> Yeah, but that involves (or, at least, I would expect that to involve)
> more than just the routing table.  Or do branes cover more than just
> routing?

I'm not sure how that particular bikeshed is planned, but I'd consider
"IP addresses on Interfaces + Routing + Firewall rules" to be all I
need to define a network environment.  If that's a "brane", I could
very well see a process being "chroot()"ed into that.

Sort of like a VRF on a Cisco router, with some of the services on
the box (like "telnet") only operating within a certain routing
instance, but not in others.  Or particularily, telnet://192.168.0.1 
only working in a particular VRF, and not in another that happens
to use 192.168.0.1 as well  [not that this works overly well on Cisco
today, but some bits already do, and the idea is sane].

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             
gert%greenie.muc.de@localhost
fax: +49-89-35655025                        
gert%net.informatik.tu-muenchen.de@localhost