From patchwork Tue Oct 28 17:35:56 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vivien Chappelier X-Patchwork-Id: 6129 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 1BEE1DDEDA for ; Wed, 29 Oct 2008 04:58:47 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752966AbYJ1R6q (ORCPT ); Tue, 28 Oct 2008 13:58:46 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752906AbYJ1R6o (ORCPT ); Tue, 28 Oct 2008 13:58:44 -0400 Received: from ns2.thmulti.com ([141.11.234.72]:33861 "EHLO dmzraw4.extranet.thmulti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752149AbYJ1R6n (ORCPT ); Tue, 28 Oct 2008 13:58:43 -0400 Received: from [127.0.0.1] (unknown [10.11.123.122]) by dmzraw4.extranet.thmulti.com (Postfix) with ESMTP id AA61E4D2A; Tue, 28 Oct 2008 17:35:56 +0000 (GMT) Message-ID: <49074D7C.7010505@thomson.net> Date: Tue, 28 Oct 2008 18:35:56 +0100 From: Vivien Chappelier User-Agent: Mozilla-Thunderbird 2.0.0.9 (X11/20080109) MIME-Version: 1.0 To: netdev CC: David Miller , Benjamin Thery , jleu@mindspring.com, linux-vrf-general@lists.sourceforge.net Subject: [PATCH 0/6] netns: port linux-vrf features to network namespaces Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hi, The recently introduced network namespaces allow separate standalone network stacks to coexist on the same machine. This is a very useful functionality that we have been using in our products for some time, through the VRF patchset (http://linux-vrf.sourceforge.net/). The goal of the VRF patchset and network namespaces are very similar, yet some features of the VRF are missing that these patches intend to provide. The network namespaces are currently tied to a process, and referenced by its pid. However, a networking stack has no particular reason to be associated with any process and it should be possible to use and setup additional networking stacks without the need to clone() or unshare(). The initial version of the "Coexist with the sysfs limitations" patches by Benjamin Thery introduced the notion of a unique network namespace identifier (nsid) that is perfectly fit for the purpose of referencing networking stacks independently of any process. The first two patches of his set are therefore reused here to identify networking stacks. These patches additionally introduce the following features that were initially provided by the VRF patchset: - the ability to move a socket to a different network namespace, through the new SO_NSID setsockopt(), given the nsid - the ability to move a process to an existing network namespace, through the new SO_NETNS setsockopt(), given the nsid - the ability to move an interface to a different namespace by nsid instead of pid - the ability to create additional network namespaces on startup (dynamic addition/deletion is not supported but should be easy to add) To test those features, the chvrf tools attached in this mail have been ported to the new setsockopt() API. Example usage: $ chnetns 1 /bin/sh # This will attach a shell to existing network namespace 1 $ port -n 1 -p 3434 # This will open a listening socket on port 3434 of network namespace 1 Also attached is a patch to iproute2 to add the ability to move an interface to a different namespace by nsid, used this way: $ ip link set eth0 nsid 1 # This will move eth0 to network namespace 1 The patches should apply cleanly to the net-next-2.6 git tree, version 2.6.28-rc2, at commit 3891845e1ef6e6807075d4241966b26f6ecb0a5c. I would be glad to have your impression and comments on these patches, and to have them merged upstream once everybody is satisfied with them. regards, Vivien Chappelier. From 698eb7aeb60baca7fc7f0fda9080174c96f92e02 Mon Sep 17 00:00:00 2001 From: Vivien Chappelier Date: Tue, 28 Oct 2008 18:06:13 +0100 Subject: [PATCH] Add support for testing IFLA_NET_NS --- include/linux/if_link.h | 2 ++ ip/iplink.c | 9 +++++++++ misc/Makefile | 2 +- 3 files changed, 12 insertions(+), 1 deletions(-) diff --git a/include/linux/if_link.h b/include/linux/if_link.h index c948395..fab393d 100644 --- a/include/linux/if_link.h +++ b/include/linux/if_link.h @@ -79,6 +79,8 @@ enum IFLA_LINKINFO, #define IFLA_LINKINFO IFLA_LINKINFO IFLA_NET_NS_PID, + IFLA_IFALIAS, + IFLA_NET_NS, __IFLA_MAX }; diff --git a/ip/iplink.c b/ip/iplink.c index fd23db1..ffb0d39 100644 --- a/ip/iplink.c +++ b/ip/iplink.c @@ -67,6 +67,7 @@ void iplink_usage(void) fprintf(stderr, " [ broadcast LLADDR ]\n"); fprintf(stderr, " [ mtu MTU ]\n"); fprintf(stderr, " [ netns PID ]\n"); + fprintf(stderr, " [ nsid NSID ]\n"); fprintf(stderr, " ip link show [ DEVICE ]\n"); if (iplink_have_newlink()) { @@ -179,6 +180,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char abuf[32]; int qlen = -1; int mtu = -1; + int net = -1; int netns = -1; ret = argc; @@ -228,6 +230,13 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, if (get_integer(&netns, *argv, 0)) invarg("Invalid \"netns\" value\n", *argv); addattr_l(&req->n, sizeof(*req), IFLA_NET_NS_PID, &netns, 4); + } else if (strcmp(*argv, "nsid") == 0) { + NEXT_ARG(); + if (net != -1) + duparg("nsid", *argv); + if (get_integer(&net, *argv, 0)) + invarg("Invalid \"nsid\" value\n", *argv); + addattr_l(&req->n, sizeof(*req), IFLA_NET_NS, &net, 4); } else if (strcmp(*argv, "multicast") == 0) { NEXT_ARG(); req->i.ifi_change |= IFF_MULTICAST; diff --git a/misc/Makefile b/misc/Makefile index 8c25381..a4c9591 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -1,7 +1,7 @@ SSOBJ=ss.o ssfilter.o LNSTATOBJ=lnstat.o lnstat_util.o -TARGETS=ss nstat ifstat rtacct arpd lnstat +TARGETS=ss nstat ifstat rtacct lnstat include ../Config -- 1.5.4.4