|
|
|
|
|
|
by touisteur
2031 days ago
|
|
|
Yeah, network namespaces are I think the best way to go. You can do so, so many things with netns, the abstraction is quite nice. BTW I think setns works on /threads/ if you wish. Not as secure but allows some interesting things. And if you need to do real-time, specific packet validation, interface state, route change, just go full netlink. Not sure why more in-kernel code might help. There's already so much stuff available. Not often well documented but so much powerful stuff!
Recently I wanted better control over bonds, and I discovered teams. How the hell did I not find them when I was looking for ways to control bonds from userland. And when I wanted bonds in network namespaces... |
|
|