On 10/24/2013 05:53 PM, Benjamin LaHaise wrote: > On Thu, Oct 24, 2013 at 04:43:42PM +0100, James Chapman wrote: >> I'm thinking about the implications of a skb in the net namespace of the >> ppp interface passing through a tunnel socket which is in another >> namespace. I think net namespaces are completely isolated. >> >> To keep your ppp interfaces isolated from each other, have you >> considered using netfilter to prevent data being passed between ppp >> interfaces? > > Using network namespaces for this is far more efficient. We've already > added support for doing this to other tunneling interfaces. This approach > also makes creating VPNs where there is re-use of the private address space > between different customers far easier to implement. > > -ben That's indeed on of the problems we have to deal with and net namespaces seems to be the right answer. François -- To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
