Cedric Le Goater <[email protected]> writes:
>> no problem here, but I think we will need another one,
>> or some smart way to do the network isolation (layer 3)
>> for the network namespace (as alternative to the layer 2
>> approach) ...
>
> My feeling (Dmitry and Daniel can correct me) is that it will be
> addressed with an unshare-like flag : NETNS2 and NETNS3.
>
>> as they are both complementary in some way, I'm not sure
>> a single space will suffice ...
>
> hmm, so you think there could be a 2 differents namespaces
> for network to handle layer 2 or 3. Couldn't that be just a sub part
> of net_namespace.
The justification is performance and a little on the simplicity side.
My personal feel is still that layer 3 is something easier done
as a new kind of table in an iptables type infrastructure. And in
fact I believe if done that way would capture do what 90%+ of what
all of the iptables rules do. So it might be a nice firewalling speed up.
I don't think the layer 3 idea where you just do bind filter fits
the namespace concept very well.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]