[EMAIL PROTECTED] wrote: > What is missing ? > ----------------- > The routes are not yet isolated, that implies: > > - binding to another container's address is allowed > > - an outgoing packet which has an unset source address can > potentially get another container's address > > - an incoming packet can be routed to the wrong container if there > are several containers listening to the same addr:port
Does that mean that identification of containers for incoming packets is done by IP address through routing (just had a quick look at the patches, if I missed something obvious please just point me to it)? How is code that uses global data without verifying its presence (and visibility in the container) at initialization time going to be handled? Netfilter and I think the TC action code contain some examples for this. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
