On 3/08/09 11:30 AM, Sebastien Roy wrote: > On Sun, 2009-08-02 at 18:34 -0700, Darren Reed wrote: > >> Whilst testing ipnet on the weekend, I noticed something strange. >> >> For loopback capture (lo0), it appears that an application using >> this interface in the global zone gets all of the packets for all >> shared zones courtesy of ipnet_loaccept: >> > > That's deliberate. The global zone has visibility into all shared-stack > zone communication as described in PSARC 2006/475. This is what makes > the source and destination zoneid's in the ipnet header useful. From > the global zone, you're able to observe all packets for the global > stack, differentiated by zoneid. > > Note that this isn't specific to capturing loopback packets. This is > also true of packets originating from non-global zones to external > destinations, inter-zone packets not using the loopback address, etc. > The semantics are as such for all ipnet devices, and not just lo0. >
Ok, thanks. Darren -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/clearview-discuss/attachments/20090803/f6168cb0/attachment.html>
