On Thu, Oct 24, 2013 at 04:43:42PM +0100, James Chapman wrote: > I'm thinking about the implications of a skb in the net namespace of the > ppp interface passing through a tunnel socket which is in another > namespace. I think net namespaces are completely isolated. > > To keep your ppp interfaces isolated from each other, have you > considered using netfilter to prevent data being passed between ppp > interfaces? Using network namespaces for this is far more efficient. We've already added support for doing this to other tunneling interfaces. This approach also makes creating VPNs where there is re-use of the private address space between different customers far easier to implement. -ben -- "Thought is the essence of where you are now." -- To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html