minimal namespace support

We have a setup such as:

physical interface is in the root namespace
VIP being bind for ocserv listening is placed within a dedicated namespace

We would like to be able to keep the main ocserv process in the root namespace and bind the IP within a dedicated namespace. The main advantage is to easily isolate the public traffic on a given host and to minimise performance penalties associated with a conventional bridge + veth setup. As an example, other projects such as HAProxy made the choice to allow users to bind each IP in a specific netns, this allows the healtchecks and backend traffic to happen in the root netns (see https://cbonte.github.io/haproxy-dconv/2.1/configuration.html#5.1-namespace)

Do you think it would be an acceptable feature? I'm willing to work on a patch as a first proposal.

Edited Jun 27, 2020 by William Dauchy