Home » Mailing lists » Devel » Container Test Campaign
| Re: Container Test Campaign [message #3936 is a reply to message #3888] |
Fri, 23 June 2006 17:31   |
Mark Huang
Messages: 1
Registered: June 2006
|
Junior Member |
|
|
Cedric Le Goater wrote:
> Did you contribute that feature to vserver ?
The feature is fairly specific to our needs and would not be very useful to the
most common vserver use case (shared hosting).
> So you have different containers exposing the same IP address ? How do you
> assign incoming packets to a container ?
We wrote a kernel module that leverages netfilter hooks and ip_conntrack. You're
only allowed to send IP, but you can send IP packets through any type of socket
(TCP, UDP, raw IP, or even raw packet). As Marc mentioned, this flexibility was
an absolute requirement.
The kernel module sits in the input and output path of the stack, and associates
every incoming and outgoing packet with an ip_conntrack struct (to which we
added container IDs). Once a container sends out an outgoing packet, it is
entitled to receive incoming packets associated with that connection. A
container may also receive incoming packets associated with ports that it has
reserved by calling bind() (the kernel module keeps track of bind() calls). You
can think of the kernel module as a local stateful firewall for sockets.
To users, it looks like they can run pretty much anything root would be able to,
including programs that use raw IP sockets (ping and traceroute), programs that
use raw packet sockets (tcpdump), and regular server apps (Apache, MySQL, etc.).
When they run tcpdump, they of course only see packets that they "own" (i.e.,
packets that are associated with their active connections).
There's technical documentation for the kernel module on our website:
http://www.planet-lab.org/doc/vnet.php
The kernel module does a lot more than this as well, which is another reason
that it hasn't been merged into mainline vserver. Recent features include
virtualized TUN/TAP and IP aliasing support.
Lastly, you're of course free to browse the code:
http://cvs.planet-lab.org/cvs/vnet/
|
|
|
|
 |
|
Container Test Campaign
|
|
|
RE: Container Test Campaign
By: mef on Wed, 21 June 2006 19:25 |
|
|
Re: Container Test Campaign
By: serue on Thu, 22 June 2006 11:31 |
|
|
Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
RE: Container Test Campaign
By: mef on Fri, 23 June 2006 07:40 |
|
|
Re: Container Test Campaign
|
|
|
RE: Container Test Campaign
By: mef on Mon, 26 June 2006 08:57 |
|
|
RE: Container Test Campaign
By: mef on Wed, 21 June 2006 19:25 |
|
|
RE: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
RE: Container Test Campaign
By: mef on Fri, 23 June 2006 07:40 |
|
|
Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
By: serue on Thu, 22 June 2006 11:33 |
|
|
Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: dev on Tue, 04 July 2006 14:32 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
RE: Container Test Campaign
By: mef on Mon, 03 July 2006 18:23 |
|
|
Re: Container Test Campaign
By: kir on Mon, 03 July 2006 08:14 |
|
|
Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: kir on Tue, 04 July 2006 12:19 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: kir on Tue, 04 July 2006 14:52 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: kir on Tue, 04 July 2006 16:30 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: kir on Wed, 05 July 2006 08:34 |
|
|
Re: [Vserver] Re: Container Test Campaign
By: dev on Wed, 05 July 2006 10:43 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: dev on Thu, 06 July 2006 10:44 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: dev on Mon, 10 July 2006 08:16 |
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
By: dev on Thu, 06 July 2006 11:30 |
|
|
Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
Re: Container Test Campaign
|
|
|
Re: [Vserver] Re: Container Test Campaign
|
Goto Forum:
Current Time: Sat Jul 12 06:24:36 GMT 2025
Total time taken to generate the page: 0.01555 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
