On 24/10/13 14:41, François Cachereul wrote: > On 10/24/2013 12:55 PM, James Chapman wrote: >> On 24/10/13 11:30, François Cachereul wrote: >>> Remove NETIF_F_NETNS_LOCAL flag from ppp device in ppp_connect_channel() >>> if the device is connected to a l2tp session socket. >>> Restore the flag in ppp_disconnect_channel(). >> >> What about pppd's network namespace? Also, L2TP's tunnel socket (UDP or >> L2TP/IP) will be in a different namespace if the ppp interface is moved. > > That's what I'm trying to achieve. I'm not using pppd and my problem is > as follow: I need to isolate ppp devices from each other, even when > they are connected to sessions carried by the same L2TP tunnel. I'm thinking about the implications of a skb in the net namespace of the ppp interface passing through a tunnel socket which is in another namespace. I think net namespaces are completely isolated. To keep your ppp interfaces isolated from each other, have you considered using netfilter to prevent data being passed between ppp interfaces? > Also, I > need the authentication to be terminated to know the namespace in which > the ppp will be moved. For that, the process runs in a namespace with > its l2tp sockets (tunnel and session) in that same namespace and each > ppp device is moved in a specific namespace after authentication. > > Regards > François > -- James Chapman Katalix Systems Ltd http://www.katalix.com Catalysts for your Embedded Linux software development -- To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
