> On June 19, 2014, 2:06 a.m., Vinod Kone wrote: > > src/slave/containerizer/isolators/network/port_mapping.cpp, lines 347-349 > > <https://reviews.apache.org/r/21594/diff/4/?file=611965#file611965line347> > > > > Why do we drop these? Are there no apps out there which spoof the > > source ip? > > Vinod Kone wrote: > can you explain why this is dropped? as a courtesy to reviewers, we > always expect dropped issues to have an explanation. > http://mesos.apache.org/documentation/latest/mesos-developers-guide/
We did have a discussion on this but I missed to comment on this. It generally takes root permission to spoof the source ip, which we don't have right now. - Chi ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21594/#review46101 ----------------------------------------------------------- On June 24, 2014, 7:26 a.m., Chi Zhang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21594/ > ----------------------------------------------------------- > > (Updated June 24, 2014, 7:26 a.m.) > > > Review request for mesos, Ian Downes, Jie Yu, Vinod Kone, and Cong Wang. > > > Bugs: https://issues.apache.org/jira/browse/MESOS-1324 > > https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/MESOS-1324 > > > Repository: mesos-git > > > Description > ------- > > Added a network isolator using port-range based traffic redirection on Linux. > > - Containers are assigned non-ephemeral ports by the scheduler and ephemeral > ports by the network isolator. > - Virtual ethernet devices and Traffic Control filters are set up so that > network traffic in and out of the containers is isolated based on the ports > assigned to them. > - Containers run inside their own network namespaces with separate network > stacks, from which per-container network statistics can be retrieved. > > A joint work with: > - Cong Wang ([email protected]) > - Jie Yu ([email protected]) > - Ian Downes ([email protected]) > > > Diffs > ----- > > include/mesos/mesos.proto 2f6be05 > src/Makefile.am 5e5ccd5 > src/slave/constants.hpp c65a62d > src/slave/constants.cpp 51f65bb > src/slave/containerizer/isolators/network/helper.cpp PRE-CREATION > src/slave/containerizer/isolators/network/port_mapping.hpp PRE-CREATION > src/slave/containerizer/isolators/network/port_mapping.cpp PRE-CREATION > src/slave/containerizer/linux_launcher.cpp acaf9b5 > src/slave/containerizer/mesos_containerizer.cpp 917eebf > src/slave/flags.hpp 3b8ba08 > src/tests/environment.cpp e991d57 > src/tests/isolator_tests.cpp 5a141e3 > src/tests/mesos.cpp 1037420 > > Diff: https://reviews.apache.org/r/21594/diff/ > > > Testing > ------- > > make check on linux. more test cases are being written. > > > Thanks, > > Chi Zhang > >
