[Devel] Re: Network Namespace-1000 networks with Overlap Addresses

Babu N babu.neelam at freescale.com
Thu Apr 23 01:26:23 PDT 2009 

Hi,

I am finding that a unshare call with CLONE_NEWNET is giving error in 
ubuntu 8.10 (kernet version 2.6.27).
The man page here 
(http://manpages.courier-mta.org/htmlman2/clone.2.html) states that 
CLONE_NEWNET implementation is not yet complete, but probably will be 
mostly complete by about Linux 2.6.28.
Is there way I can use CLONE_NEWNET successfully in 2.6.27 ?


Thanks,
Babu



At 04:27 PM 4/22/2009, Eric W. Biederman wrote:
>"Serge E. Hallyn" <serue at us.ibm.com> writes:
>
> > Quoting Krishna Vamsi-B22174 (avamsi at freescale.com):
> >>
> >>
> >> Hi,
> >>
> >> I am a newbie  to this list.  Here is my use case , we have  Loadable
> >> Kernel Module which applies security to
> >> the packets arriving from 1000 networks with overlap addresses. There
> >> are 3 different  user space process which handles
> >> control traffic  from these 1000 networks .
> >>
> >> Please let me know
> >>
> >> 1)How to create a Network Namespace Object ?
> >
> > clone(CLONE_NEWNET)
> >
> >> 2)How to delete a Network Namespace Object ?
> >
> > exit
> >
> >> 3)Can these 3  user space process see all the Network Namespace objects
> >> created in the kernel ?
> >
> > No, network namespaces are fully isolated.  A virtual nic can only exist
> > in one network namespace, and physical nics can only exist in the
> > initial network namespace.
>
>Sockets can be passed between network namespaces if you set things 
>up correctly.
>At which point you can have 3 user space processes doing all of the work.
>
>It can be a bit of a pain to have processes lying around just so you can
>create a socket in another network namespace but the code works today
>and isn't too bad.
>
> >>  If so, how can they access these objects?
> >> 4)How to group 2-3 interfaces under a particular Network Namespace ?
> >
> > I don't understand the question, but you pass a veth endpoint into a
> > network namespace using
> >
> >       /sbin/ip link set veth1 netns $pid_in_other_netns
>
>yep.
>
>Eric
>_______________________________________________
>Containers mailing list
>Containers at lists.linux-foundation.org
>https://lists.linux-foundation.org/mailman/listinfo/containers


_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

More information about the Devel mailing list