jamal writes:
> On Tue, 2010-02-23 at 12:00 -0800, Eric W. Biederman wrote:
>
>> That point of the mount to hold a persistent reference to the
>> namespace without using a process.
>>
>> The point of the of the to be written set_ns call is to change
>> the default network namespace of the proces
Quoting Eric W. Biederman (ebied...@xmission.com):
> Matt Helsley writes:
>
> > On Tue, Feb 23, 2010 at 12:00:55PM -0800, Eric W. Biederman wrote:
> >> jamal writes:
> >>
> >> > Added Daniel to the discussion..
> >> >
> >> > On Tue, 2010-02-23 at 06:07 -0800, Eric W. Biederman wrote:
> >> >> ja
Matt Helsley writes:
> On Tue, Feb 23, 2010 at 12:00:55PM -0800, Eric W. Biederman wrote:
>> jamal writes:
>>
>> > Added Daniel to the discussion..
>> >
>> > On Tue, 2010-02-23 at 06:07 -0800, Eric W. Biederman wrote:
>> >> jamal writes:
>> >
>> >> > Does the point after sys_setns(fd) allow me
On Tue, Feb 23, 2010 at 12:00:55PM -0800, Eric W. Biederman wrote:
> jamal writes:
>
> > Added Daniel to the discussion..
> >
> > On Tue, 2010-02-23 at 06:07 -0800, Eric W. Biederman wrote:
> >> jamal writes:
> >
> >> > Does the point after sys_setns(fd) allow me to do io inside
> >> > ns ? Can
On Tue, 2010-02-23 at 12:00 -0800, Eric W. Biederman wrote:
> That point of the mount to hold a persistent reference to the
> namespace without using a process.
>
> The point of the of the to be written set_ns call is to change
> the default network namespace of the process such that all future
>
jamal writes:
> Added Daniel to the discussion..
>
> On Tue, 2010-02-23 at 06:07 -0800, Eric W. Biederman wrote:
>> jamal writes:
>
>> > Does the point after sys_setns(fd) allow me to do io inside
>> > ns ? Can i do open() and get a fd from ns ?
>>
>> Yes. My intention is that current->nsproxy
Added Daniel to the discussion..
On Tue, 2010-02-23 at 06:07 -0800, Eric W. Biederman wrote:
> jamal writes:
> > Does the point after sys_setns(fd) allow me to do io inside
> > ns ? Can i do open() and get a fd from ns ?
>
> Yes. My intention is that current->nsproxy->net_ns be changed.
> We c
jamal writes:
> On Mon, 2010-02-22 at 15:17 -0800, Eric W. Biederman wrote:
>
>> What I am thinking is:
>>
>> "ip ns route add blah" is:
>> fd = open("/var/run/netns/");
>> sys_setns(fd); /* Like unshare but takes an existing namespace */
>> /* Then the rest of the existing ip command */
>
> T
On Mon, 2010-02-22 at 15:17 -0800, Eric W. Biederman wrote:
> What I am thinking is:
>
> "ip ns route add blah" is:
> fd = open("/var/run/netns/");
> sys_setns(fd); /* Like unshare but takes an existing namespace */
> /* Then the rest of the existing ip command */
The other two below make some
jamal writes:
> On Mon, 2010-02-22 at 12:46 -0800, Eric W. Biederman wrote:
>> jamal writes:
>
>>
>> This is one of the long standing issues that we have always known
>> we needed to solve, but have not taken the time to do it. Now that
>> the need is more real it looks about time to solve thi
On Mon, 2010-02-22 at 12:46 -0800, Eric W. Biederman wrote:
> jamal writes:
>
> This is one of the long standing issues that we have always known
> we needed to solve, but have not taken the time to do it. Now that
> the need is more real it looks about time to solve this one.
>
> There are cu
jamal writes:
>> > Agreed. But the major ones like iproute2 etc could be taught. We have
>> > namespaces in the kernel already, over a period of time I think changing
>> > the user space tools would a sensible evolution.
>>
>> Yes, that might be useful in any case. But I don't think it would
>>
On Fri, 2010-01-15 at 11:15 +0100, Patrick McHardy wrote:
> jamal wrote:
> > b) dynamic protocols (routing, IKE etc): how do you do that without
> > making both sides understand what is going on?
>
> In case of IPsec the outer addresses are different, its only the
> selectors which will have sim
On Thu, 2010-01-14 at 10:32 -0800, Ben Greear wrote:
> For small or simple cases, this may be true..but there is a lot of work
> to make a complex user-space app that manages arbitrary amounts of interfaces
> routing tables in an arbitrary amount of network namespaces. With the
> contrack-zones
jamal wrote:
> On Thu, 2010-01-14 at 16:37 +0100, Patrick McHardy wrote:
>> jamal wrote:
>
>>> Agreed that this would be a main driver of such a feature.
>>> Which means that you need zones (or whatever noun other people use) to
>>> work on not just netfilter, but also routing, ipsec etc.
>> Routi
On 01/14/2010 07:05 AM, jamal wrote:
>
> Ive had an equivalent discussion with B Greear (CCed) at one point on
> something similar, curious if you solve things differently - couldnt
> tell from the patch if you address it.
> Comments inline:
>
> On Thu, 2010-01-14 at 15:05 +0100, Patrick McHardy wr
On Thu, 2010-01-14 at 16:37 +0100, Patrick McHardy wrote:
> jamal wrote:
> > Agreed that this would be a main driver of such a feature.
> > Which means that you need zones (or whatever noun other people use) to
> > work on not just netfilter, but also routing, ipsec etc.
>
> Routing already works
jamal wrote:
> Ive had an equivalent discussion with B Greear (CCed) at one point on
> something similar, curious if you solve things differently - couldnt
> tell from the patch if you address it.
Its basically the same, except that this patch uses ct_extend
and mark values.
> Comments inline:
>
Ive had an equivalent discussion with B Greear (CCed) at one point on
something similar, curious if you solve things differently - couldnt
tell from the patch if you address it.
Comments inline:
On Thu, 2010-01-14 at 15:05 +0100, Patrick McHardy wrote:
> The attached largish patch adds support fo
19 matches
Mail list logo
