diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/include/linux/netdevice.h linux-2.6.14-vs2.1.0-ngn0.01/include/linux/netdevice.h
--- linux-2.6.14-vs2.1.0-rc5/include/linux/netdevice.h	2005-10-28 20:49:54 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/include/linux/netdevice.h	2005-10-30 19:50:56 +0100
@@ -344,8 +344,9 @@ struct net_device
 	unsigned short		hard_header_len;	/* hardware hdr length	*/
 
 	struct net_device	*master; /* Pointer to master device of a group,
-					  * which this device is member of.
-					  */
+					  * which this device is member of.  */
+
+	xid_t 			dev_xid[2];	/* context ids primary/secondary */
 
 	/* Interface address info. */
 	unsigned char		perm_addr[MAX_ADDR_LEN]; /* permanent hw address */
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/include/linux/vs_ngnet.h linux-2.6.14-vs2.1.0-ngn0.01/include/linux/vs_ngnet.h
--- linux-2.6.14-vs2.1.0-rc5/include/linux/vs_ngnet.h	1970-01-01 01:00:00 +0100
+++ linux-2.6.14-vs2.1.0-ngn0.01/include/linux/vs_ngnet.h	2005-10-31 02:55:21 +0100
@@ -0,0 +1,57 @@
+#ifndef _VX_VS_NGNET_H
+#define _VX_VS_NGNET_H
+
+
+#include <linux/kernel.h>
+#include "vserver/debug.h"
+
+
+#ifdef	CONFIG_VSERVER_NGNET
+
+#include <linux/inetdevice.h>
+
+static inline
+int	ngn_dev_visible(struct net_device *dev, xid_t xid)
+{
+	if (!dev)
+		return 1;
+	if (vx_check(xid, VX_WATCH))
+		return 1;
+	if (dev->dev_xid[0]  == xid)
+		return 1;
+	if (dev->dev_xid[1]  == xid)
+		return 1;
+	return 0;
+}
+
+static inline
+int	ngn_ifa_visible(struct in_ifaddr *ifa, xid_t xid)
+{
+	if (!ifa || !ifa->ifa_dev || !ifa->ifa_dev->dev)
+		return 0;
+	return ngn_dev_visible(ifa->ifa_dev->dev, xid);
+}
+
+
+#define	NGN_DEV_VISIBLE(dev, vxi, nxi)				\
+	ngn_dev_visible(dev, vxi ? vxi->vx_id : 0)
+
+#define	NGN_IFA_VISIBLE(ifa, vxi, nxi)				\
+	ngn_ifa_visible(ifa, vxi ? vxi->vx_id : 0)
+
+#else
+
+#define	NGN_DEV_VISIBLE(dev, vxi, nxi)				\
+	(vx_info_flags(vxi, VXF_HIDE_NETIF, 0) &&		\
+	!dev_in_nx_info(dev, nxi))
+
+#define	NGN_IFA_VISIBLE(ifa, vxi, nxi)				\
+	(vx_info_flags(vxi, VXF_HIDE_NETIF, 0) &&		\
+	!ifa_in_nx_info(ifa, nxi))
+
+#endif
+
+
+#else
+#warning duplicate inclusion
+#endif
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/include/linux/vserver/ngnet_cmd.h linux-2.6.14-vs2.1.0-ngn0.01/include/linux/vserver/ngnet_cmd.h
--- linux-2.6.14-vs2.1.0-rc5/include/linux/vserver/ngnet_cmd.h	1970-01-01 01:00:00 +0100
+++ linux-2.6.14-vs2.1.0-ngn0.01/include/linux/vserver/ngnet_cmd.h	2005-10-31 04:10:35 +0100
@@ -0,0 +1,19 @@
+#ifndef _VX_NGNET_CMD_H
+#define _VX_NGNET_CMD_H
+
+
+/* ngnet commands */
+
+#define VCMD_ngnet_tagdev	VC_CMD(SYSTEST, 1, 0)
+
+struct	vcmd_ngnet_tagdev {
+//	uint32_t ifindex;
+	uint32_t xid[2];
+};
+
+#ifdef	__KERNEL__
+
+extern int vc_ngnet_tagdev(uint32_t, void __user *);
+
+#endif	/* __KERNEL__ */
+#endif	/* _VX_NGNET_CMD_H */
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/kernel/vserver/Makefile linux-2.6.14-vs2.1.0-ngn0.01/kernel/vserver/Makefile
--- linux-2.6.14-vs2.1.0-rc5/kernel/vserver/Makefile	2005-10-29 03:28:54 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/kernel/vserver/Makefile	2005-10-31 04:09:40 +0100
@@ -13,4 +13,5 @@ vserver-$(CONFIG_VSERVER_DEBUG) += sysct
 vserver-$(CONFIG_VSERVER_LEGACY) += legacy.o
 vserver-$(CONFIG_VSERVER_LEGACYNET) += legacynet.o
 vserver-$(CONFIG_VSERVER_HISTORY) += history.o
+vserver-$(CONFIG_VSERVER_NGNET) += ngnet.o
 
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/kernel/vserver/ngnet.c linux-2.6.14-vs2.1.0-ngn0.01/kernel/vserver/ngnet.c
--- linux-2.6.14-vs2.1.0-rc5/kernel/vserver/ngnet.c	1970-01-01 01:00:00 +0100
+++ linux-2.6.14-vs2.1.0-ngn0.01/kernel/vserver/ngnet.c	2005-10-31 04:14:18 +0100
@@ -0,0 +1,43 @@
+/*
+ *  kernel/vserver/ngnet.c
+ *
+ *  Copyright (C) 2005  Herbert Pötzl
+ *
+ *  V0.01  ngnet dev tagging
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/netdevice.h>
+
+#include <linux/vserver/ngnet_cmd.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+
+
+
+int vc_ngnet_tagdev(uint32_t id, void __user *data)
+{
+	struct vcmd_ngnet_tagdev vc_data;
+	struct net_device *dev;
+
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	dev = dev_get_by_index(id);
+	if (!dev)
+		return -ESRCH;
+
+	if (vc_data.xid[0] != ~0)
+		dev->dev_xid[0] = vc_data.xid[0];
+
+	if (vc_data.xid[1] != ~0)
+		dev->dev_xid[1] = vc_data.xid[1];
+
+	return 0;
+}
+
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/kernel/vserver/switch.c linux-2.6.14-vs2.1.0-ngn0.01/kernel/vserver/switch.c
--- linux-2.6.14-vs2.1.0-rc5/kernel/vserver/switch.c	2005-10-29 03:19:01 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/kernel/vserver/switch.c	2005-10-31 03:25:33 +0100
@@ -45,6 +45,7 @@ int vc_get_version(uint32_t id)
 #include <linux/vserver/dlimit_cmd.h>
 #include <linux/vserver/signal_cmd.h>
 #include <linux/vserver/namespace_cmd.h>
+#include <linux/vserver/ngnet_cmd.h>
 
 #include <linux/vserver/legacy.h>
 #include <linux/vserver/inode.h>
@@ -227,6 +228,10 @@ long do_vserver(uint32_t cmd, uint32_t i
 	case VCMD_net_remove:
 		return vc_net_remove(id, data);
 
+#ifdef	CONFIG_VSERVER_NGNET
+	case VCMD_ngnet_tagdev:
+		return vc_ngnet_tagdev(id, data);
+#endif
 	}
 	return -ENOSYS;
 }
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/net/core/dev.c linux-2.6.14-vs2.1.0-ngn0.01/net/core/dev.c
--- linux-2.6.14-vs2.1.0-rc5/net/core/dev.c	2005-10-29 19:05:57 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/net/core/dev.c	2005-10-31 00:40:14 +0100
@@ -114,6 +114,7 @@
 #include <net/iw_handler.h>
 #endif	/* CONFIG_NET_RADIO */
 #include <linux/vs_network.h>
+#include <linux/vs_ngnet.h>
 #include <asm/current.h>
 
 /*
@@ -1838,8 +1839,7 @@ static int dev_ifconf(char __user *arg)
 
 	total = 0;
 	for (dev = dev_base; dev; dev = dev->next) {
-		if (vx_flags(VXF_HIDE_NETIF, 0) &&
-			!dev_in_nx_info(dev, current->nx_info))
+		if (!NGN_DEV_VISIBLE(dev, current->vx_info, current->nx_info))
 			continue;
 		for (i = 0; i < NPROTO; i++) {
 			if (gifconf_list[i]) {
@@ -1901,9 +1901,7 @@ void dev_seq_stop(struct seq_file *seq, 
 
 static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
 {
-	struct nx_info *nxi = current->nx_info;
-
-	if (vx_flags(VXF_HIDE_NETIF, 0) && !dev_in_nx_info(dev, nxi))
+	if (!NGN_DEV_VISIBLE(dev, current->vx_info, current->nx_info))
 		return;
 	if (dev->get_stats) {
 		struct net_device_stats *stats = dev->get_stats(dev);
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/net/core/rtnetlink.c linux-2.6.14-vs2.1.0-ngn0.01/net/core/rtnetlink.c
--- linux-2.6.14-vs2.1.0-rc5/net/core/rtnetlink.c	2005-10-29 19:05:57 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/net/core/rtnetlink.c	2005-10-31 00:40:59 +0100
@@ -42,6 +42,7 @@
 
 #include <linux/inet.h>
 #include <linux/netdevice.h>
+#include <linux/vs_ngnet.h>
 #include <net/ip.h>
 #include <net/protocol.h>
 #include <net/arp.h>
@@ -277,8 +278,8 @@ static int rtnetlink_dump_ifinfo(struct 
 	for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) {
 		if (idx < s_idx)
 			continue;
-		if (vx_info_flags(skb->sk->sk_vx_info, VXF_HIDE_NETIF, 0) &&
-			!dev_in_nx_info(dev, skb->sk->sk_nx_info))
+		if (!NGN_DEV_VISIBLE(dev,
+			skb->sk->sk_vx_info, skb->sk->sk_nx_info))
 			continue;
 		if (rtnetlink_fill_ifinfo(skb, dev, RTM_NEWLINK,
 					  NETLINK_CB(cb->skb).pid,
@@ -453,8 +454,7 @@ void rtmsg_ifinfo(int type, struct net_d
 			       sizeof(struct rtnl_link_ifmap) +
 			       sizeof(struct rtnl_link_stats) + 128);
 
-	if (vx_flags(VXF_HIDE_NETIF, 0) &&
-		!dev_in_nx_info(dev, current->nx_info))
+	if (!NGN_DEV_VISIBLE(dev, current->vx_info, current->nx_info))
 		return;
 	skb = alloc_skb(size, GFP_KERNEL);
 	if (!skb)
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/net/ipv4/devinet.c linux-2.6.14-vs2.1.0-ngn0.01/net/ipv4/devinet.c
--- linux-2.6.14-vs2.1.0-rc5/net/ipv4/devinet.c	2005-10-29 19:05:57 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/net/ipv4/devinet.c	2005-10-31 00:41:20 +0100
@@ -57,6 +57,7 @@
 #include <linux/sysctl.h>
 #endif
 #include <linux/kmod.h>
+#include <linux/vs_ngnet.h>
 
 #include <net/ip.h>
 #include <net/route.h>
@@ -641,8 +642,7 @@ int devinet_ioctl(unsigned int cmd, void
 	ret = -EADDRNOTAVAIL;
 	if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
 		goto done;
-	if (vx_flags(VXF_HIDE_NETIF, 0) &&
-		!ifa_in_nx_info(ifa, current->nx_info))
+	if (!NGN_IFA_VISIBLE(ifa, current->vx_info, current->nx_info))
 		goto done;
 
 	switch(cmd) {
@@ -787,8 +787,7 @@ static int inet_gifconf(struct net_devic
 		goto out;
 
 	for (; ifa; ifa = ifa->ifa_next) {
-		if (vx_flags(VXF_HIDE_NETIF, 0) &&
-			!ifa_in_nx_info(ifa, current->nx_info))
+		if (!NGN_IFA_VISIBLE(ifa, current->vx_info, current->nx_info))
 			continue;
 		if (!buf) {
 			done += sizeof(ifr);
@@ -1119,8 +1118,8 @@ static int inet_dump_ifaddr(struct sk_bu
 
 		for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
 		     ifa = ifa->ifa_next, ip_idx++) {
-			if (sk && vx_info_flags(sk->sk_vx_info, VXF_HIDE_NETIF, 0) &&
-				!ifa_in_nx_info(ifa, sk->sk_nx_info))
+			if (sk && !NGN_IFA_VISIBLE(ifa,
+				sk->sk_vx_info, sk->sk_nx_info))
 				continue;
 			if (ip_idx < s_ip_idx)
 				continue;
diff -NurpP --minimal linux-2.6.14-vs2.1.0-rc5/net/ipv4/fib_hash.c linux-2.6.14-vs2.1.0-ngn0.01/net/ipv4/fib_hash.c
--- linux-2.6.14-vs2.1.0-rc5/net/ipv4/fib_hash.c	2005-10-29 19:05:58 +0200
+++ linux-2.6.14-vs2.1.0-ngn0.01/net/ipv4/fib_hash.c	2005-10-31 00:42:01 +0100
@@ -35,6 +35,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <linux/init.h>
+#include <linux/vs_ngnet.h>
 
 #include <net/ip.h>
 #include <net/protocol.h>
@@ -1020,8 +1021,9 @@ static int fib_seq_show(struct seq_file 
 	prefix	= f->fn_key;
 	mask	= FZ_MASK(iter->zone);
 	flags	= fib_flag_trans(fa->fa_type, mask, fi);
-	if (fi && (!vx_flags(VXF_HIDE_NETIF, 0) ||
-		dev_in_nx_info(fi->fib_dev, current->nx_info)))
+
+	if (fi && NGN_DEV_VISIBLE(fi->fib_dev,
+		current->vx_info, current->nx_info))
 		snprintf(bf, sizeof(bf),
 			 "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u",
 			 fi->fib_dev ? fi->fib_dev->name : "*", prefix,