Re: Network namespaces a path to mergable code.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: Andrey Savochkin <saw@swsoft.com>,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	serue@us.ibm.com, haveblue@us.ibm.com, clg@fr.ibm.com,
	Andrew Morton <akpm@osdl.org>,
	dev@sw.ru, herbert@13thfloor.at, devel@openvz.org,
	sam@vilain.net, viro@ftp.linux.org.uk,
	Alexey Kuznetsov <alexey@sw.ru>
Subject: Re: Network namespaces a path to mergable code.
Date: Wed, 28 Jun 2006 18:25:40 -0600	[thread overview]
Message-ID: <m11wt8erjv.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <44A2FA66.5070303@fr.ibm.com> (Daniel Lezcano's message of "Wed, 28 Jun 2006 23:53:42 +0200")

Daniel Lezcano <dlezcano@fr.ibm.com> writes:

> Andrey Savochkin wrote:
>
>> Ok, fine.
>> Now I'm working on socket code.
>> We still have a question about implicit vs explicit function parameters.
>> This question becomes more important for sockets: if we want to allow to use
>> sockets belonging to namespaces other than the current one, we need to do
>> something about it.
>> One possible option to resolve this question is to show 2 relatively short
>> patches just introducing namespaces for sockets in 2 ways: with explicit
>> function parameters and using implicit current context.
>> Then people can compare them and vote.
>> Do you think it's worth the effort?
>>
>
> The attached patch can have some part interesting for you for the socket
> tagging. It is in the IPV4 isolation (part 5/6). With this and the private
> routing table you will probably have a good IPV4 isolation.
> This patch partially isolates ipv4 by adding the network namespace
> structure in the structure sock, bind bucket and skbuf.

Ugh.  skbuf sounds very wrong.  Per packet overhead?

> When a socket
> is created, the pointer to the network namespace is stored in the
> struct sock and the socket belongs to the namespace by this way. That
> allows to identify sockets related to a namespace for lookup and
> procfs. 
>
> The lookup is extended with a network namespace pointer, in
> order to identify listen points binded to the same port. That allows
> to have several applications binded to INADDR_ANY:port in different
> network namespace without conflicting. The bind is checked against
> port and network namespace.

Yes.  If we don't duplicate the hash table we need to extend the lookup.

> When an outgoing packet has the loopback destination addres, the
> skbuff is filled with the network namespace. So the loopback packets
> never go outside the namespace. This approach facilitate the migration
> of loopback because identification is done by network namespace and
> not by address. The loopback has been benchmarked by tbench and the
> overhead is roughly 1.5 %

Ugh.  1.5% is noticeable.

I think it is cheaper to have one loopback device per namespace.
Which removes the need for a skbuff tag.

Eric

next prev parent reply	other threads:[~2006-06-29  0:27 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-26  9:49 [patch 1/4] Network namespaces: cleanup of dev_base list use Andrey Savochkin
2006-06-26  9:52 ` [patch 2/4] " Andrey Savochkin
2006-06-26  9:54   ` [patch 3/4] Network namespaces: IPv4 FIB/routing in namespaces Andrey Savochkin
2006-06-26  9:55     ` [patch 4/4] Network namespaces: playing and debugging Andrey Savochkin
2006-06-26 15:04       ` Daniel Lezcano
2006-06-26 15:43         ` Andrey Savochkin
2006-06-26 17:29           ` Daniel Lezcano
2006-06-26 19:34             ` Andrey Savochkin
2006-06-26 14:56     ` [patch 3/4] Network namespaces: IPv4 FIB/routing in namespaces Daniel Lezcano
2006-06-26 15:46       ` Andrey Savochkin
2006-06-26 15:57         ` Daniel Lezcano
2006-06-26 19:39           ` Andrey Savochkin
2006-06-26 20:05       ` Herbert Poetzl
2006-06-27  9:25         ` Andrey Savochkin
2006-06-28 13:51       ` Daniel Lezcano
2006-06-28 14:19         ` Herbert Poetzl
2006-06-28 14:30         ` Andrey Savochkin
2006-06-28 14:34           ` Kirill Korotaev
2006-06-28 16:56             ` Daniel Lezcano
2006-06-28 17:10               ` Ben Greear
2006-06-28 15:05         ` Eric W. Biederman
2006-06-26 15:13 ` [RFC][patch 1/4] Network namespaces: cleanup of dev_base list use Eric W. Biederman
2006-06-26 15:42   ` [patch " Andrey Savochkin
2006-06-26 16:26     ` Eric W. Biederman
2006-06-26 20:14       ` Andrey Savochkin
2006-06-26 21:02         ` Eric W. Biederman
2006-06-27  6:59   ` [RFC][patch " Kirill Korotaev
2006-06-27 11:13     ` Eric W. Biederman
2006-06-27 15:08       ` Kirill Korotaev
2006-06-27 15:26         ` Serge E. Hallyn
2006-06-27 16:54         ` Eric W. Biederman
2006-06-27 17:20 ` [RFC] Network namespaces a path to mergable code Eric W. Biederman
2006-06-27 17:58   ` Andrey Savochkin
2006-06-27 22:20     ` Sam Vilain
2006-06-28  4:33       ` Eric W. Biederman
2006-06-28  5:59         ` Abdallah Chatila
2006-06-28  6:19         ` Sam Vilain
2006-06-28  6:55           ` Eric W. Biederman
2006-06-28  9:54             ` Cedric Le Goater
2006-06-28 14:03               ` Eric W. Biederman
2006-06-28 14:15                 ` Serge E. Hallyn
2006-06-28 14:56                   ` Eric W. Biederman
2006-06-28  4:20     ` Eric W. Biederman
2006-06-28 11:06       ` Andrey Savochkin
2006-06-28 16:51         ` Eric W. Biederman
2006-06-28 17:22           ` Andrey Savochkin
2006-06-28 17:40             ` Herbert Poetzl
2006-06-28 17:50             ` Eric W. Biederman
2006-06-28 18:11             ` Eric W. Biederman
2006-06-28 18:14             ` Eric W. Biederman
2006-06-28 18:51               ` Andrey Savochkin
2006-06-28 21:53         ` Daniel Lezcano
2006-06-28 22:54           ` James Morris
2006-06-29  0:19             ` Eric W. Biederman
2006-06-29  0:25           ` Eric W. Biederman [this message]
2006-06-29  9:42             ` Daniel Lezcano
2006-06-28 10:20   ` [RFC] " Cedric Le Goater
2006-06-28 15:20     ` Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m11wt8erjv.fsf@ebiederm.dsl.xmission.com \
    --to=ebiederm@xmission.com \
    --cc=akpm@osdl.org \
    --cc=alexey@sw.ru \
    --cc=clg@fr.ibm.com \
    --cc=dev@sw.ru \
    --cc=devel@openvz.org \
    --cc=dlezcano@fr.ibm.com \
    --cc=haveblue@us.ibm.com \
    --cc=herbert@13thfloor.at \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sam@vilain.net \
    --cc=saw@swsoft.com \
    --cc=serue@us.ibm.com \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox