Re: [RFC] [patch 0/6] [Network namespace] introduction

From: Patrick McHardy
Date: Mon Jun 26 2006 - 19:38:38 EST

Next message: Nigel Cunningham: "[Suspend2][ 3/9] [Suspend2] Allocate extra memory for the atomic copy."
Previous message: Nigel Cunningham: "[Suspend2][ 7/9] [Suspend2] Relocate a piece of memory if required."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

dlezcano@xxxxxxxxxx wrote:
> What is missing ?
> -----------------
> The routes are not yet isolated, that implies:
>
> - binding to another container's address is allowed
>
> - an outgoing packet which has an unset source address can
> potentially get another container's address
>
> - an incoming packet can be routed to the wrong container if there
> are several containers listening to the same addr:port

Does that mean that identification of containers for incoming packets
is done by IP address through routing (just had a quick look at the
patches, if I missed something obvious please just point me to it)?
How is code that uses global data without verifying its presence
(and visibility in the container) at initialization time going to be
handled? Netfilter and I think the TC action code contain some examples
for this.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nigel Cunningham: "[Suspend2][ 3/9] [Suspend2] Allocate extra memory for the atomic copy."
Previous message: Nigel Cunningham: "[Suspend2][ 7/9] [Suspend2] Relocate a piece of memory if required."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]