On Tue, 2008-09-23 at 14:36 -0400, Sebastien Roy wrote: > John found and filed this bug during testing: > > 6749533 Zone incorrectly sees traffic sent to another zone on destination > interface ... > > Any opinions?
After some discussions with Meem over IRC, I've decided to ensure that no zone can only ever open or see /dev/ipnet nodes that have equivalent IP interfaces in "ifconfig -a". Additionally, if an IP interface is removed from a zone (by removing the last IP address from the zone), any ipnet_t's with that interface open in that zone will be send M_HANGUP. In addition, I had to add the SDEV_NO_NCACHE flag to /dev/ipnet's sdev_flags, as there was a drastically negative side-effect of devname's negative cache due to this change (and no, a double negative in this case isn't a positive). :-) If the system has two interfaces, A and B, and only B has addresses in a non-global zone. Doing ls /dev/ipnet/A from the non-global zone should return ENOENT, and this change indeed makes that happen. Unfortunately, the devname negative cache removes A from the global devname cache as a result, and A is no longer visible in the global zone anymore. Removing the negative caching fixes this issue. http://zhadum.east/ws/seb/seb-ipobs/webrev.zones/ -Seb
