Deleting a network namespace

Deleting a network namespace

[David Shwatrz]

Hello,
When assigning a network interface to a network namespace and
afterwards deleting the namespace, we will not see the network
interface in any other namespace (including the default namespace) anymore:

ip netns add ns1
ip link set eth0 netns ns1
ip netns del ns1

This means that in fact we cannot use this interface again (only after
rebooting)
Am I right on this ?
Is moving an interface back to the default (init) namespace,
when deleting the namespace which contains it, can be considered?

(AFAIK, we don't need to check that this interface is in any other namespace,
because by definition, a network interface belongs only to one namespace)

DS

Re: Deleting a network namespace

[Eric W. Biederman]

David Shwatrz <dshwatrz@gmail.com> writes:

> Hello,
> When assigning a network interface to a network namespace and
> afterwards deleting the namespace, we will not see the network
> interface in any other namespace (including the default namespace) anymore:
>
> ip netns add ns1
> ip link set eth0 netns ns1
> ip netns del ns1
>
> This means that in fact we cannot use this interface again (only after
> rebooting)
> Am I right on this ?

Interfaces that represent physical hardware are moved to init_net.
Interfaces that are purely software constructs are deleted.

> Is moving an interface back to the default (init) namespace,
> when deleting the namespace which contains it, can be considered?

If you aren't seeing that your interface is either a purely software
construct like the veth or dummy interfaces or something still has a
reference to your network namespace.

Eric

Re: Deleting a network namespace

[David Shwatrz]

Hello,
I checked and indeed physical hardware are moved to init_net.
I wonder how it is done, as in netns_delete() there is only
umount2() and unlink() syscalls (might these syscalls trigger this
movement to init_net)? I really could not figure how this is
implemented and where in code do we differentiate between physical and
non physical devices.

Best,
DS

On Thu, Mar 28, 2013 at 1:05 PM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
> David Shwatrz <dshwatrz@gmail.com> writes:
>
>> Hello,
>> When assigning a network interface to a network namespace and
>> afterwards deleting the namespace, we will not see the network
>> interface in any other namespace (including the default namespace) anymore:
>>
>> ip netns add ns1
>> ip link set eth0 netns ns1
>> ip netns del ns1
>>
>> This means that in fact we cannot use this interface again (only after
>> rebooting)
>> Am I right on this ?
>
> Interfaces that represent physical hardware are moved to init_net.
> Interfaces that are purely software constructs are deleted.
>
>> Is moving an interface back to the default (init) namespace,
>> when deleting the namespace which contains it, can be considered?
>
> If you aren't seeing that your interface is either a purely software
> construct like the veth or dummy interfaces or something still has a
> reference to your network namespace.
>
> Eric

Re: Deleting a network namespace

[Eric W. Biederman]

David Shwatrz <dshwatrz@gmail.com> writes:

> Hello,
> I checked and indeed physical hardware are moved to init_net.
> I wonder how it is done, as in netns_delete() there is only
> umount2() and unlink() syscalls (might these syscalls trigger this
> movement to init_net)?

The mount holds a refcount to the network namespace, the unmount drops
that refcount.

> I really could not figure how this is
> implemented and where in code do we differentiate between physical and
> non physical devices.

When the refcount drops to zero put_net calls __put_net in
net/core/net_namespace.c which wiggles around and arranges
for cleanup_net to be called.

As for what happens to the network devices look at default_device_exit
and default_device_exit_batch in net/core/dev.c

As for the rest having software based network devices vanish is by
design and I can't think of a single reason why it would make sense to
do anything differently.  Depending on your configuration the initial
network namespace really isn't where you would want network devices to
be moved.   Think about what happens when you run your use can in a lxc
based container for example.

Eric

Re: Deleting a network namespace

[David Shwatrz]

Hello,
Thanks a lot for the detailed explanation!

>As for the rest having software based network devices vanish >is by
>design and I can't think of a single reason why it would make >sense to
>do anything differently.
Agreed.

Best,
DS

On Thu, Mar 28, 2013 at 4:00 PM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
> David Shwatrz <dshwatrz@gmail.com> writes:
>
>> Hello,
>> I checked and indeed physical hardware are moved to init_net.
>> I wonder how it is done, as in netns_delete() there is only
>> umount2() and unlink() syscalls (might these syscalls trigger this
>> movement to init_net)?
>
> The mount holds a refcount to the network namespace, the unmount drops
> that refcount.
>
>> I really could not figure how this is
>> implemented and where in code do we differentiate between physical and
>> non physical devices.
>
> When the refcount drops to zero put_net calls __put_net in
> net/core/net_namespace.c which wiggles around and arranges
> for cleanup_net to be called.
>
> As for what happens to the network devices look at default_device_exit
> and default_device_exit_batch in net/core/dev.c
>
> As for the rest having software based network devices vanish is by
> design and I can't think of a single reason why it would make sense to
> do anything differently.  Depending on your configuration the initial
> network namespace really isn't where you would want network devices to
> be moved.   Think about what happens when you run your use can in a lxc
> based container for example.
>
> Eric