From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nicolas Dichtel Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns Date: Wed, 24 Sep 2014 11:23:19 +0200 Message-ID: <54228D87.3070309@6wind.com> References: <1411478430-4989-1-git-send-email-nicolas.dichtel@6wind.com> Reply-To: nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; Format="flowed" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Cong Wang Cc: netdev , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Andy Lutomirski , Stephen Hemminger , "Eric W. Biederman" , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Andrew Morton , David Miller List-Id: containers.vger.kernel.org TGUgMjMvMDkvMjAxNCAyMToyMiwgQ29uZyBXYW5nIGEgw6ljcml0IDoKPiBPbiBUdWUsIFNlcCAy MywgMjAxNCBhdCA2OjIwIEFNLCBOaWNvbGFzIERpY2h0ZWwKPiA8bmljb2xhcy5kaWNodGVsQDZ3 aW5kLmNvbT4gd3JvdGU6Cj4+Cj4+IEhlcmUgaXMgYSBzbWFsbCBzY3JlZW5zaG90IHRvIHNob3cg aG93IGl0IGNhbiBiZSB1c2VkIGJ5IHVzZXJsYW5kOgo+PiAkIGlwIG5ldG5zIGFkZCBmb28KPj4g JCBpcCBuZXRucyBkZWwgZm9vCj4+ICQgaXAgbmV0bnMKPj4gJCB0b3VjaCAvdmFyL3J1bi9uZXRu cy9pbml0X25ldAo+PiAkIG1vdW50IC0tYmluZCAvcHJvYy8xL25zL25ldCAvdmFyL3J1bi9uZXRu cy9pbml0X25ldAo+PiAkIGlwIG5ldG5zIGFkZCBmb28KPj4gJCBpcCBuZXRucwo+PiBmb28gKGlk OiAzKQo+PiBpbml0X25ldCAoaWQ6IDEpCj4+ICQgaXAgbmV0bnMgZXhlYyBmb28gaXAgbmV0bnMK Pj4gZm9vIChpZDogMykKPj4gaW5pdF9uZXQgKGlkOiAxKQo+PiAkIGlwIG5ldG5zIGV4ZWMgZm9v IGlwIGxpbmsgYWRkIGlwaXAxIGxpbmstbmV0bnNpZCAxIHR5cGUgaXBpcCByZW1vdGUgMTAuMTYu MC4xMjEgbG9jYWwgMTAuMTYuMC4yNDkKPj4gJCBpcCBuZXRucyBleGVjIGZvbyBpcCBsIGxzIGlw aXAxCj4+IDY6IGlwaXAxQE5PTkU6IDxQT0lOVE9QT0lOVCxOT0FSUD4gbXR1IDE0ODAgcWRpc2Mg bm9vcCBzdGF0ZSBET1dOIG1vZGUgREVGQVVMVCBncm91cCBkZWZhdWx0Cj4+ICAgICAgbGluay9p cGlwIDEwLjE2LjAuMjQ5IHBlZXIgMTAuMTYuMC4xMjEgbGluay1uZXRuc2lkIDEKPj4KPj4gVGhl IHBhcmFtZXRlciBsaW5rLW5ldG5zaWQgc2hvd3MgdXMgd2hlcmUgdGhlIGludGVyZmFjZSBzZW5k cyBhbmQgcmVjZWl2ZXMKPj4gcGFja2V0cyAoYW5kIHRodXMgd2Uga25vdyB3aGVyZSBlbmNhcHN1 bGF0ZWQgYWRkcmVzc2VzIGFyZSBzZXQpLgo+Pgo+Cj4gU28gaXBpcDEgaXMgc2hvd24gaW4gbmV0 bnMgZm9vIGJ1dCBmdW5jdGlvbmluZyBpbiBuZXRucyBpbml0X25ldD8gR2V0dGluZyB0aGUKPiBp ZCBvZiBpbml0X25ldCBpbiBmb28gZGVwZW5kcyBvbiB5b3VyIG1vdW50IG5hbWVzcGFjZSwgL3Zh ci9ydW4vbmV0bnMvIG1heQo+IG5vdCB2aXNpYmxlIGluc2lkZSBmb28sIGluIHRoaXMgY2FzZSwg bGluay1uZXRuc2lkIGlzIG1lYW5pbmdsZXNzLiBJdAo+IGlzIG5vdCB5b3VyCj4gZmF1bHQsIG5l dHdvcmsgbmFtZXNwYWNlIGFscmVhZHkgaGVhdmlseSByZWxpZXMgb24gbW91bnQgbmFtZXNwYWNl IChzeXNmcwo+IG5lZWRzIHRvIGJlIHJlbW91bnQgb3RoZXJ3aXNlIHlvdSBjYW4gbm90IGNyZWF0 ZSBkZXZpY2Ugd2l0aCB0aGUgc2FtZSBuYW1lLikKPgo+IE9uIHRoZSBvdGhlciBoYW5kLCB3aGF0 J3MgdGhlIHByb2JsZW0geW91IGFyZSB0cnlpbmcgdG8gc29sdmU/IEFGQUlLLAo+IHRoZSBpZmlu ZGV4Cj4gaXNzdWUgaXMgcHVyZWx5IGluIG91dHB1dCwgSU9XLCB0aGUgZGV2aWNlIHN0aWxsIGZ1 bmN0aW9ucyBjb3JyZWN0bHkKPiBldmVuIHRocm91Z2gKPiBpdHMgbGluayBpZmluZGV4IGlzIG5v dCBjb3JyZWN0IGFmdGVyIG1vdmluZyB0byBhbm90aGVyIG5hbWVzcGFjZS4gSWYKPiBub3QsIGl0 IGlzIGJ1Zwo+IHdlIG5lZWQgdG8gZml4Lgo+ClRoZSBwcm9ibGVtIGlzIGV4cGxhaW5lZCBoZXJl OgpodHRwOi8vdGhyZWFkLmdtYW5lLm9yZy9nbWFuZS5saW51eC5uZXR3b3JrLzMxNTkzMy9mb2N1 cz0zMTYwNjQKYW5kIGhlcmU6Cmh0dHA6Ly90aHJlYWQuZ21hbmUub3JnL2dtYW5lLmxpbnV4Lmtl cm5lbC5jb250YWluZXJzLzI4MzAxL2ZvY3VzPTQyMzkKCgpSZWdhcmRzLApOaWNvbGFzCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkNvbnRhaW5lcnMgbWFp bGluZyBsaXN0CkNvbnRhaW5lcnNAbGlzdHMubGludXgtZm91bmRhdGlvbi5vcmcKaHR0cHM6Ly9s aXN0cy5saW51eGZvdW5kYXRpb24ub3JnL21haWxtYW4vbGlzdGluZm8vY29udGFpbmVycw== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753536AbaIXJX1 (ORCPT ); Wed, 24 Sep 2014 05:23:27 -0400 Received: from mail-we0-f178.google.com ([74.125.82.178]:61618 "EHLO mail-we0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750856AbaIXJXW (ORCPT ); Wed, 24 Sep 2014 05:23:22 -0400 Message-ID: <54228D87.3070309@6wind.com> Date: Wed, 24 Sep 2014 11:23:19 +0200 From: Nicolas Dichtel Reply-To: nicolas.dichtel@6wind.com Organization: 6WIND User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 MIME-Version: 1.0 To: Cong Wang CC: netdev , containers@lists.linux-foundation.org, "linux-kernel@vger.kernel.org" , linux-api@vger.kernel.org, David Miller , "Eric W. Biederman" , Stephen Hemminger , Andrew Morton , Andy Lutomirski Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns References: <1411478430-4989-1-git-send-email-nicolas.dichtel@6wind.com> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 23/09/2014 21:22, Cong Wang a écrit : > On Tue, Sep 23, 2014 at 6:20 AM, Nicolas Dichtel > wrote: >> >> Here is a small screenshot to show how it can be used by userland: >> $ ip netns add foo >> $ ip netns del foo >> $ ip netns >> $ touch /var/run/netns/init_net >> $ mount --bind /proc/1/ns/net /var/run/netns/init_net >> $ ip netns add foo >> $ ip netns >> foo (id: 3) >> init_net (id: 1) >> $ ip netns exec foo ip netns >> foo (id: 3) >> init_net (id: 1) >> $ ip netns exec foo ip link add ipip1 link-netnsid 1 type ipip remote 10.16.0.121 local 10.16.0.249 >> $ ip netns exec foo ip l ls ipip1 >> 6: ipip1@NONE: mtu 1480 qdisc noop state DOWN mode DEFAULT group default >> link/ipip 10.16.0.249 peer 10.16.0.121 link-netnsid 1 >> >> The parameter link-netnsid shows us where the interface sends and receives >> packets (and thus we know where encapsulated addresses are set). >> > > So ipip1 is shown in netns foo but functioning in netns init_net? Getting the > id of init_net in foo depends on your mount namespace, /var/run/netns/ may > not visible inside foo, in this case, link-netnsid is meaningless. It > is not your > fault, network namespace already heavily relies on mount namespace (sysfs > needs to be remount otherwise you can not create device with the same name.) > > On the other hand, what's the problem you are trying to solve? AFAIK, > the ifindex > issue is purely in output, IOW, the device still functions correctly > even through > its link ifindex is not correct after moving to another namespace. If > not, it is bug > we need to fix. > The problem is explained here: http://thread.gmane.org/gmane.linux.network/315933/focus=316064 and here: http://thread.gmane.org/gmane.linux.kernel.containers/28301/focus=4239 Regards, Nicolas