Loopback and net namespace

Loopback and net namespace

[emil]

Currently it is impossible to use both net namespace and sysfs
because sysfs does not allow two devices with the same name
and each net namespace has to have loopback device.

To have this working there must be possibility to
create loopback devices with different names.

The easiest way to acomplish this seems to be with this patch below.

I know the devices will be seen in each namespace, but sometimes
the only thing that is needed is network environment separation.
For example when I need to run two different services on the same TCP port
bound to 0.0.0.0.

This patch will not break anything and allow people to test
net namespace functionality.


Emil Stepniewski



----------------------- CUT HERE ------------------------------

--- /usr/src/linux/drivers/net/loopback.c  2008-04-17 04:49:44.000000000 +0200
+++ /usr/src/linux/drivers/net/loopback.c.new      2009-04-24 23:27:43.000000000 +0200
@@ -254,7 +254,11 @@
         int err;

         err = -ENOMEM;
+#ifdef CONFIG_SYSFS
+       dev = alloc_netdev(0,  (net == &init_net) ? "lo" : "lo%d", loopback_setup);
+#else
         dev = alloc_netdev(0, "lo", loopback_setup);
+#endif
         if (!dev)
                 goto out;

Re: Loopback and net namespace

[David Miller]

From: emil@linux.org.pl
Date: Fri, 24 Apr 2009 23:55:36 +0200 (CEST)

> 
> Currently it is impossible to use both net namespace and sysfs
> because sysfs does not allow two devices with the same name
> and each net namespace has to have loopback device.
> 
> To have this working there must be possibility to
> create loopback devices with different names.
> 
> The easiest way to acomplish this seems to be with this patch below.
> 
> I know the devices will be seen in each namespace, but sometimes
> the only thing that is needed is network environment separation.
> For example when I need to run two different services on the same TCP
> port
> bound to 0.0.0.0.
> 
> This patch will not break anything and allow people to test
> net namespace functionality.

Can you please contact the namespace developers when you post things
like this (as I have on the CC: list now)?  I was sure this issue had
been resolved already or there was a larger plan to do so.

Also your patch is very poorly formatted, lacks a proper signoff, was
corrupted by your email client, etc. so we wouldn't be able consider
it anyways.

> ----------------------- CUT HERE ------------------------------
> 
> --- /usr/src/linux/drivers/net/loopback.c 2008-04-17 04:49:44.000000000
> --- +0200
> +++ /usr/src/linux/drivers/net/loopback.c.new 2009-04-24
> 23:27:43.000000000 +0200
> @@ -254,7 +254,11 @@
>         int err;
> 
>         err = -ENOMEM;
> +#ifdef CONFIG_SYSFS
> + dev = alloc_netdev(0, (net == &init_net) ? "lo" : "lo%d",
> loopback_setup);
> +#else
>         dev = alloc_netdev(0, "lo", loopback_setup);
> +#endif
>         if (!dev)
>                 goto out;
> 

Re: Loopback and net namespace

[Serge E. Hallyn]

Quoting emil@linux.org.pl (emil@linux.org.pl):
>
> Currently it is impossible to use both net namespace and sysfs
> because sysfs does not allow two devices with the same name
> and each net namespace has to have loopback device.

?  What kernel version are you on?  Try jumping to 2.6.29 or later
(and non-distro kernel).

It most certainly is possible to have net namespaces and sysfs.
Since sysfs tagged directories must wait until sysfs locking itself
is straightened out, the workaround was to have network devices
in a network namespace other than init not show up in sysfs.
(Physical devices therefore cannot be passed into non-init network
namespaces).

thanks,
-serge

Re: Loopback and net namespace

[Daniel Lezcano]

David Miller wrote:
> From: emil@linux.org.pl
> Date: Fri, 24 Apr 2009 23:55:36 +0200 (CEST)
>
>   
>> Currently it is impossible to use both net namespace and sysfs
>> because sysfs does not allow two devices with the same name
>> and each net namespace has to have loopback device.
>>
>> To have this working there must be possibility to
>> create loopback devices with different names.
>>
>> The easiest way to acomplish this seems to be with this patch below.
>>
>> I know the devices will be seen in each namespace, but sometimes
>> the only thing that is needed is network environment separation.
>> For example when I need to run two different services on the same TCP
>> port
>> bound to 0.0.0.0.
>>
>> This patch will not break anything and allow people to test
>> net namespace functionality.
>>     
I don't think you have to patch anything if you try a kernel >= 2.6.29.
The sysfs restriction has been solved by disabling the registering of 
the kobject when we are not in the initial network namespace.

For more information you can check this commit:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6-stable.git;a=commit;h=3891845e1ef6e6807075d4241966b26f6ecb0a5c

Regards,
  -- Daniel