On Fri, Jul 24, 2015 at 05:39:57PM +0200, Eric Dumazet wrote:
>
> On Fri, 2015-07-24 at 16:16 +0200, Nicolas Dichtel wrote:
> > This patch takes advantage of the newly added lwtunnel framework to
> > allow the user to set routes that point to a peer netns.
> >
> > Packets are injected to the peer netns via the loopback device. It works
> > only when the output device is 'lo'.
> >
> > Example:
> > ip route add 40.1.1.1/32 encap netns nsid 5 via dev lo
> >
>
> Is this feature so badly wanted to add complexity on lo device ?
...
> > static netdev_tx_t loopback_xmit(struct sk_buff *skb,
> > struct net_device *dev)
...
> > + if (nsid != NETNSA_NSID_NOT_ASSIGNED) {
> > + peernet = get_net_ns_by_id(dev_net(dev), nsid);
> > + if (!peernet) {
> > + kfree_skb(skb);
> > + goto end;
> > + }
> > +
> > + /* it's OK to use per_cpu_ptr() because BHs are off */
> > + lb_stats = this_cpu_ptr(peernet->loopback_dev->lstats);
> > + ret = dev_forward_skb(peernet->loopback_dev, skb);
have the same concern as Eric.
Using loopback for this looks wrong.
netns suppose to look like host, but I cannot imagine a host
without NICs seeing packets on loopback from another world.
Then how the opposite direction suppose to work?
netns will setup a route to send packets to loopback of the host?!
The idea of using routing to forward packets to namespaces is great,
but I think we need something else instead of loopback.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
