Re: Automatic TAP destruction/Monitoring namespace destruction

[Jiri Benc <jbenc@redhat.com>]

On Fri, 23 Feb 2018 04:39:37 -0500, Andrew Cann wrote:
> In a program I'm writing I have a network namespace with a virtual (TAP)
> network interface assigned to it. I would like it so that the interface is
> automatically destroyed when the namespace is destroyed (ie. when the last
> process in the namespace exits). I can't see any way to implement this..

This should just work.

> As I understand it, when a namespace is destroyed all its interfaces are moved
> to the root namespace. If this is the case, is there anyway to detect when an
> interface is moved so that I can close it manually?

It is the case only for interfaces backed by a physical device. Virtual
interfaces are deleted when the netns is destroyed. That includes
tun/tap interfaces.

> Alternatively, is there a way to detect when a namespace is destroyed?

I don't think we emit any netlink event on netns exit.

> I figured it might possible to use inotify to do this, but it won't let me
> watch directories under /proc. Also the files under /proc/*/ns/ seem to be some
> kind of wierd symlink-to-a-raw-inode-thing (?) - is there a way to detect when
> an inode is destroyed that I can use with these?

You'd need this patchset: https://lkml.org/lkml/2016/10/15/40 but
I don't think it went anywhere. Plus it probably wouldn't be enough
anyway.

> I also thought it might be possible to use a netlink socket to detect when an
> interface changes namespace. But the netlink docs don't seem to suggest that
> this is possible.

Yes, that's possible. You'll need a recent kernel with commit
e8368d9ebb94 included.

> Basically I'm looking for any event the Linux kernel can give me that I can use
> to implement what I want. Does anyone have any ideas?

What you want should already be happening automatically. Have you tried?

ip netns add ns0
ip -n ns0 tuntap add name tap0 mode tap
ip -n ns0 link show dev tap0
ip netns del ns0
ip a	# no tap interface

 Jiri