I just figured out why rumpkernel is used here:
Since the NUSE host backend embeds a network stack into a
single process, other processes have no access neither to the
process nor the network stack. As a result, we cannot benefit
to reuse standard configuration tools such as iproute2 and
iptables as DCE does.
Rump kernel seems a quite heavy dependency here. Is it possible to just
insert some execve("iptables ...") in between the syscalls of the hijacked application?
I think even putting invocations of iproute2/iptables in the static nuse.conf would set up the network stack nicely for most of applications. And that would only require some execve's during initialization and avoid any task scheduling.
I just figured out why rumpkernel is used here:
Rump kernel seems a quite heavy dependency here. Is it possible to just
insert some execve("iptables ...") in between the syscalls of the hijacked application?
I think even putting invocations of iproute2/iptables in the static
nuse.confwould set up the network stack nicely for most of applications. And that would only require some execve's during initialization and avoid any task scheduling.