----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42047/#review114665 -----------------------------------------------------------
Why do we need netcls to regulate framework traffic on a per-container basis? Given the fact that a) the port range based filters already work and the code (see egress fq_codel) already exists b) we only have port range based network isolation so far. I see no point of this. Please describe your use case with details, just pointing to netcls kernel doc doesn't help at all. - Cong Wang On Jan. 15, 2016, 5:44 a.m., Avinash sridharan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42047/ > ----------------------------------------------------------- > > (Updated Jan. 15, 2016, 5:44 a.m.) > > > Review request for mesos and Jie Yu. > > > Bugs: MESOS-4262 > https://issues.apache.org/jira/browse/MESOS-4262 > > > Repository: mesos > > > Description > ------- > > Specified the CgroupsNetClsIsolatorProcess class. This adds the ability to > isolate a mesos container using the net_cls cgroup subsystem. > > > Diffs > ----- > > src/CMakeLists.txt 39a23df3227a4f524ea0d408dc894fa5bbab7d10 > src/Makefile.am 8cbfb1ba5fa49f2d3cc26ea325838a1c68a79660 > src/slave/containerizer/mesos/isolators/cgroups/net_cls.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/cgroups/net_cls.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/42047/diff/ > > > Testing > ------- > > > Thanks, > > Avinash sridharan > >
