FIB rule->action should operate in the same namespace as fib_lookup. This is definitely missed right now. There are two ways to implement this: pass struct net into another rules API call (2 levels) or place netns into rule struct directly. The second approach seems better as the code will grow less. Additionally, the patchset cleanups struct net from fib_rules_register/unregister to have network namespace context at the time of default rules creation. Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx> _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
