[Devel] [PATCH 0/6] netns: add linux-vrf features via network namespaces
Vivien Chappelier
vivien.chappelier at thomson.net
Thu Oct 30 06:05:14 PDT 2008
Hi,
The recently introduced network namespaces allow separate standalone
network stacks to coexist on the same machine. This is a very useful
functionality that we have been needing and using in our products for
some time, through the VRF ptchset (http://linux-vrf.sourceforge.net/).
The goal of the VRF patchset and network namespaces are very similar,
yet some features of the VRF are missing that these patches intend to
provide.
The network namespaces are currently tied to a process, and
referenced by its pid. However, a networking stack has no particular
reason to be associated with any process and it should be possible to
use and setup additional networking stacks without the need to clone()
or unshare(). The initial version of the "Coexist with the sysfs
limitations" patches by Benjamin Thery introduced the notion of a unique
network namespace identifier (nsid) that is perfectly fit for the
purpose of referencing networking stacks independently of any process.
The first two patches of his set are therefore reused here to identify
networking stacks.
These patches additionally introduce the following features that
were initially provided by the VRF patchset:
- the ability to move a socket to a different network namespace, through
the new SO_NSID setsockopt(), given the nsid
- the ability to move a process to an existing network namespace,
through the new SO_NETNS setsockopt(), given the nsid
- the ability to move an interface to a different namespace by nsid
instead of pid
- the ability to create additional network namespaces on startup
(dynamic addition/deletion is not supported but should be easy to add)
To test those features, the chvrf tools attached in this mail have
been ported to the new setsockopt() API. Example usage:
$ chnetns 1 /bin/sh # This will attach a shell to existing network
namespace 1
$ port -n 1 -p 3434 # This will open a listening socket on port 3434
of network namespace 1
Also attached is a patch to iproute2 to add the ability to move an
interface to a different namespace by nsid, used this way:
$ ip link set eth0 nsid 1 # This will move eth0 to network namespace 1
The patches should apply cleanly to net-next-2.6, version 2.6.28-rc2,
commit 3891845e1ef6e6807075d4241966b26f6ecb0a5c.
I would be glad to have your impressions and comments on these
patches, and to have them merged upstream once everybody is satisfied
with them.
regards,
Vivien Chappelier.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iproute2.patch
Type: text/x-diff
Size: 2452 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20081030/d4c8fa90/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chnetns.tar.gz
Type: application/x-gzip
Size: 1553 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20081030/d4c8fa90/attachment.gz>
-------------- next part --------------
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list