Re: Identifying network namespaces (was: Network namespace manipulation with file descriptors)
From: David Lamparter <hidden>
Date: 2011-05-18 13:33:52
Also in:
linux-arch, linux-fsdevel, lkml
Possibly related (same subject, not in this thread)
- 2011-05-18 · Re: Identifying network namespaces (was: Network namespace manipulation with file descriptors) · Alexey Dobriyan <hidden>
- 2011-05-18 · Identifying network namespaces (was: Network namespace manipulation with file descriptors) · David Lamparter <hidden>
On Wed, May 18, 2011 at 04:03:03PM +0300, Alexey Dobriyan wrote:
On Wed, May 18, 2011 at 3:43 PM, David Lamparter [off-list ref] wrote:quoted
- processes cannot easily be cross referenced with each other in the case of user space stuff running astray - like management software crashing, routing daemons screwing up, etc. - it becomes fairly difficult to shut down a network namespace (or even reaquire physical devices that have been reassigned)It shutdowns itself when last process using netns disappeares, so if you kill your routing daemons you should be fine. Physical netdevices are moved to init_net.
Now assume I'm running pptpd, which forks a new pppd for each connection. Even if I kill pptpd, the pppd keeps running... now how do I find the pppds that belong to that one namespace that I'm trying to get rid of?
quoted
- namespaces cannot adequately be identified to the user for debugging, some kernel messages become useless. most prominently, "unregister_netdevice: waiting for lo to become free. Usage count = 123" could certainly use some clarification, *which* lo is meant...There is no "netns %p" or something, because right now the only unique netns identifier is kernel pointer (which better not be exposed to userspace). Printing such thing would be quite useless since it's not printed at netns creation.
I agree printing the kernel pointer is point-less.
quoted
So, considering this set of premises (feedback welcome) I looked for some suitable means of identification. I discarded going for any process identifiers since Eric's patches allow for network namespaces without any process holding a reference, using bind mounts instead.If anything it should be netns->id, /proc/*/netns outputting id where id is not derived from kernel pointer.quoted
Solution? [ using lo interface index ]What a hack! :-)
Well, you could create another counter and count it up on namespace creation. But the interface index is readily available to userspace as is, and it uniquely identifies the network namespace. (Stupidest thing you can do to break this is renaming the loopback device; but even if you do that userspace can still look at the LOOPBACK flag.) -David _______________________________________________ Containers mailing list Containers@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers