Le 26/01/2018 à 09:36, Jiri Benc a écrit : > On Fri, 26 Jan 2018 00:34:51 +0100, Nicolas Dichtel wrote: >> Why meaningful? The user knows that the answer is like if if was done in >> another >> netns. It enables to have only one netlink socket instead of one per netns. >> But >> the code using it will be the same. > > Because you can't use it to query the linked interface. You can't even > use it as an opaque value to track interfaces (netnsid+ifindex) because > netnsids are not unique across net name spaces. You can easily have two > interfaces that have all the ifindex, ifname, netnsid (and basically > everything else) identical but being completely different interfaces. Yes, the user have to map those info correctly. And this complexifies the (user) code a lot.
> That's really not helpful. > >> I fear that with your approach, it will results to a lot of complexity in the >> kernel. > > The complexity is (at least partly) already there. It's an inevitable > result of the design decision to have relative identifiers. Yes, you're right. My approach moves the complexity to the user, which make this feature hard to use. > > I agree that we should think about how to make this easy to implement. > I like your idea of doing this somehow generically. Perhaps it's > possible to do while keeping the netnsids valid in the caller's netns? Yes. I agree that it will be a lot easier to use if the conversion is done in the kernel. And having a generic mechanism will also help a lot to use it. > >> What is really missing for me, is a way to get a fd from an nsid. The user >> should be able to call RTM_GETNSID with an fd and a nsid and the kernel >> performs >> the needed operations so that the fd points to the corresponding netns. > > That's what I was missing, too. I even looked into implementing it. But > opening a fd on behalf of the process and returning it over netlink is a > wrong thing to do. Netlink messages can get lost. Then you have a fd > leak you can do nothing about. Yes, I also looked at this ;-) > > Given that we have netnsids used for so much stuff already (like > NETLINK_LISTEN_ALL_NSID) you need to track them anyway. And if you need > to track them, why bother with another identifier? It would be better > if netnsid can be used universally for anything. Then there will be no > need for the conversion. I like this idea a lot. So the missing part is a setns() using the nsid ;-) Regards, Nicolas
