Breaking namespace isolation with PF_RING before 7.0.0

Linux hardening and proper isolation using containerization can be tricky especially when performance is critical.

We recently helped a client to design a secure network appliance that involve sniffing network traffic. This device has high security and performance constraints.

This post is a feedback on the unlikely integration of fast sniffers with linux containers.