Le 25/05/2015 12:55, Alexander Holler a écrit :
Am 25.05.2015 um 09:45 schrieb Nicolas Dichtel:
Le 22/05/2015 22:50, Alexander Holler a écrit :
First I think if NETLINK_LISTEN_ALL_NSID is enabled, a dump
of the interfaces through RTM_GETLINK together with NLM_F_DUMP and
NLM_F_REQUEST should return all interfaces of all reachable namespaces.
This option is only for 'listening', ie spontaneous notifications from the
kernel. It does nothing for request.
The problem is that you need informations about the affected interfaces. E.g. if
you receive an NEWADDR or NEWROUTE for some interface (indicated by the index of
the interface) in a(nother) namespace, how do you get informations about that
interface, if not by a dump which includes the interfaces of these namespaces
too? Without knowledge about the interface, these messages are not very usable.
;)
Yes, this is the right things.
Usually, a daemon opens a socket to listen netlink event. Then, it opens
another netlink socket to dump the configuration (interfaces, addresses,
routes, etc.) and fill its internal structures. Starting from that point, for
most of configuration parameters, it doesn't need anymore to do dumps and thus
it can close the second socket. This allows your daemon to have only one socket
to monitor a set a netns.
Look at iproute for example, it starts by dumping all interfaces before
executing the specified command.
Not sure to follow you. veth0 sits in the current netns (let's say
init_net)
and veth1 in netns1.
So, when you dump veth0 in init_net, its link-netnsid is set to the id of
netns1 in init_net. And when you dump veth1 in netns1, it's link-netnsid
is set
to the id of init_net in netns1.
I've misunderstood the meaning of IFLA_LINK_NETNSID. I thought it indicates the
namespace an interface lives in, but it indicates the namespace it is linked
too.
Yes.
I've also thought that the NETNSID is a global unique identifier of a namespace,
which seems to be wrong too. While I still not have read through all the
sources, the other comments are suggesting that the NSID is just an ID which is
unique only in one namespace, or in other words, every namespace has its own set
of nsids. I'm not sure if I'm now right with that assumption, but that's what I
now think after the responses to my mail. ;)
Right, nsid are local to a netns. This allows to migrate a container. With a
global id, that won't be possible. ifindex are local for the exact same purpose.
So to conclude, I've now scheduled support for namespaces to a far later point.
It doesn't seem to be as easy as I've thought after having read the introductory
mail of your patch series. ;)
The main goal of the series was to improve scalability ;-)
Regards,
Nicolas
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
