Re: Problem with iflink in netns

[Nicolas Dichtel <nicolas.dichtel@6wind.com>]

Le 13/05/2014 17:39, Stephen Hemminger a écrit :
> There have been a couple of bugzilla reports already about cases where a macvlan
> or vlan is moved into another namespace. In these cases the parent device ifindex (iflink)
> is no longer valid.
>
>
> Normally it is not a big issue, until another device is created using the ifindex
> of the parent
>
> Does anyone have a suggested fix? Marking iflink as 0 won't work then the devices no
> longer appear as slaves. Another possibility would be to make block creation of device
> where ifindex matches existing iflink of other devices; but this would slow down device
> creation.
The problem is that we to add an information about the netns where the ifindex
stands, we can currently use only a pid or a file descriptor, hence it's not
possible to broadcast this information. The advantage of the file descriptor is
that it's a local id not a global one.

On idea I'm thinking is that each netns manages its own set of UID for peer
netns, this means that these UID will be valid only in a spcecified netns.
We may add a netlink message to help the user to associate an UID with a file
descriptor/pid (he gives the file descriptor/pid and the kernel returns the
UID).
These UID may be generated only the user requests them or when the kernel sends
an information about a peer netns.
These UID will be provided in existing netlink message in a separate netlink
attribute.

If the idea is ok, I can help to work on this topic.


Regards,
Nicolas
>
>
> The bugs come in as ip command bugs, but obviously the issue is in the kernel.
>
> https://bugzilla.kernel.org/show_bug.cgi?id=66691
> https://bugzilla.kernel.org/show_bug.cgi?id=75911