From: Lyashkov Alexey (shadow_at_itt.net.ru)
Date: Wed 04 Dec 2002 - 14:20:05 GMT
Hello Jacques,
Wednesday, December 04, 2002, 8:08:21 AM, you wrote:
JG> Yes. An application making a connection is allowed to use bind before the connect
JG> to select the source IP and the source port. Otherwise, it is selected on the fly
JG> by connect() based on the routing table.
>> > It would be possible for the kernel to select on IP in the IPROOT based on
>> > netmask and find the closest to the target address, so if you kind of bind
>>
>> Hmm, isn't this how it normally works, using the routing tables? If so,
>> can't vserver just use that, and therefore just do the Right Thing?
JG> Yes, this is the idea. But a vserver is tied to a precise IP list and is not allowed to
JG> use anything else. So what will be found using the routing table may or may not
JG> be usable, in which case, the vserver will default to use its first IPROOT address.
For correctly work not need per context routing table enough make
field ctx_id in current key routing table. It way is better because
VPS box have many routings entries but (src/dst) has unique value. For
strong check, I also control context identifier for routing entry.
In that case net_device and socket`s structures be have "context id"
member for select context for use. It's first part.
But user if put interface in promic mode can see all packets in that
interface.
Other alternative write "dump" network driver similar vlan driver but
not insert vlan id in packets. It's second part my plan.
Jacobs: may be merge 2 projects? In that month I planning make
virtually interfaces and routing tables, but problem per context
loopback no examination my.
-- Best regards, Lyashkov mailto:shadow_at_itt.net.ru