Move interface across network namespaces

Move interface across network namespaces

[Renato Westphal]

Hello,

I have two questions regarding the process of moving a network
interface across different network namespaces:

* When I move an interface, all the virtual interfaces attached to it
are deleted. Is there any reason for such odd behavior? I would like
to move some network interfaces and keep the attached vlans untouched.

* The target network namespace sends a RTM_NEWLINK netlink message
when an interface is moved to it. In the other hand, the source
network namespace doesn't sends a RTM_DELLINK message when an
interface is moved from it. This is very annoying because user space
applications (such as zebra) can't detect some interface moving
operations and then get into an inconsistent state. Anyone knows if
there's a workaround for this?

Any help would be appreciated.

Best Regards,
Renato.

-- 
Renato Westphal

Re: Move interface across network namespaces

[Eric W. Biederman]

Renato Westphal <renatowestphal@gmail.com> writes:

> Hello,
>
> I have two questions regarding the process of moving a network
> interface across different network namespaces:
>
> * When I move an interface, all the virtual interfaces attached to it
> are deleted. Is there any reason for such odd behavior? I would like
> to move some network interfaces and keep the attached vlans untouched.

The defined semantics are that a network device is unregistered from
the networking stack in one network namespace and then registered
with the networking stack in another.  It is an unfortunate fact
that when vlan devices see their underlying device being unregistered
they decide to delete themselves.

A different vlan implementation might be able to have different
properties but I can't think of any obvious solution other than
don't do move the device that you have your vlans on top of.

> * The target network namespace sends a RTM_NEWLINK netlink message
> when an interface is moved to it. In the other hand, the source
> network namespace doesn't sends a RTM_DELLINK message when an
> interface is moved from it. This is very annoying because user space
> applications (such as zebra) can't detect some interface moving
> operations and then get into an inconsistent state. Anyone knows if
> there's a workaround for this?

Not getting RTM_DELLINK is a bug.  The device registration and
unregistration code has changed since dev_change_net_namespace was
written and apparently one of the changes failed to update
dev_change_net_namespace.

Eric

Re: Move interface across network namespaces

[Renato Westphal]

2011/8/11 Eric W. Biederman <ebiederm@xmission.com>:
> Renato Westphal <renatowestphal@gmail.com> writes:
>
>> Hello,
>>
>> I have two questions regarding the process of moving a network
>> interface across different network namespaces:
>>
>> * When I move an interface, all the virtual interfaces attached to it
>> are deleted. Is there any reason for such odd behavior? I would like
>> to move some network interfaces and keep the attached vlans untouched.
>
> The defined semantics are that a network device is unregistered from
> the networking stack in one network namespace and then registered
> with the networking stack in another.  It is an unfortunate fact
> that when vlan devices see their underlying device being unregistered
> they decide to delete themselves.
>
> A different vlan implementation might be able to have different
> properties but I can't think of any obvious solution other than
> don't do move the device that you have your vlans on top of.
>

Thanks for the info, I can handle with that by modifying my quagga-vrf patches.

>> * The target network namespace sends a RTM_NEWLINK netlink message
>> when an interface is moved to it. In the other hand, the source
>> network namespace doesn't sends a RTM_DELLINK message when an
>> interface is moved from it. This is very annoying because user space
>> applications (such as zebra) can't detect some interface moving
>> operations and then get into an inconsistent state. Anyone knows if
>> there's a workaround for this?
>
> Not getting RTM_DELLINK is a bug.  The device registration and
> unregistration code has changed since dev_change_net_namespace was
> written and apparently one of the changes failed to update
> dev_change_net_namespace.
>

Good, that makes a lot more sense. In the kernel 2.6.32.43 the
RTM_DELLINK netlink message is sent when a network interface is moved
from a network namespace. The same doesn't happens in the kernel
2.6.35.13. I'll try to isolate the problem some more.

Best Regards,
Renato.

-- 
Renato Westphal

Re: Move interface across network namespaces

[Renato Westphal]

2011/8/11 Renato Westphal <renatowestphal@gmail.com>:
> 2011/8/11 Eric W. Biederman <ebiederm@xmission.com>:
>> Renato Westphal <renatowestphal@gmail.com> writes:
>>
>>> Hello,
>>>
>>> I have two questions regarding the process of moving a network
>>> interface across different network namespaces:
>>>
>>> * When I move an interface, all the virtual interfaces attached to it
>>> are deleted. Is there any reason for such odd behavior? I would like
>>> to move some network interfaces and keep the attached vlans untouched.
>>
>> The defined semantics are that a network device is unregistered from
>> the networking stack in one network namespace and then registered
>> with the networking stack in another.  It is an unfortunate fact
>> that when vlan devices see their underlying device being unregistered
>> they decide to delete themselves.
>>
>> A different vlan implementation might be able to have different
>> properties but I can't think of any obvious solution other than
>> don't do move the device that you have your vlans on top of.
>>
>
> Thanks for the info, I can handle with that by modifying my quagga-vrf patches.

I forgot to mention that I'm using kernel v2.6.35 (with a lot of
backports). For future reference, the commit 3b27e105550f7c4a ("netns:
keep vlan slaves on master netns move", merged into v2.6.37-rc1) fixes
this problem.

>>> * The target network namespace sends a RTM_NEWLINK netlink message
>>> when an interface is moved to it. In the other hand, the source
>>> network namespace doesn't sends a RTM_DELLINK message when an
>>> interface is moved from it. This is very annoying because user space
>>> applications (such as zebra) can't detect some interface moving
>>> operations and then get into an inconsistent state. Anyone knows if
>>> there's a workaround for this?
>>
>> Not getting RTM_DELLINK is a bug.  The device registration and
>> unregistration code has changed since dev_change_net_namespace was
>> written and apparently one of the changes failed to update
>> dev_change_net_namespace.
>>
>
> Good, that makes a lot more sense. In the kernel 2.6.32.43 the
> RTM_DELLINK netlink message is sent when a network interface is moved
> from a network namespace. The same doesn't happens in the kernel
> 2.6.35.13. I'll try to isolate the problem some more.

Well, this regression was introduced by commit a2835763e130c343ac,
which was merged into v2.6.34. Reverting parts of this commit makes
the problem go away but breaks the support of "specifying device flags
during device creation". I don't know the best way to fix this... any
ideas?

-- 
Renato Westphal

Re: Move interface across network namespaces

[Eric W. Biederman]

Renato Westphal <renatowestphal@gmail.com> writes:

> I forgot to mention that I'm using kernel v2.6.35 (with a lot of
> backports). For future reference, the commit 3b27e105550f7c4a ("netns:
> keep vlan slaves on master netns move", merged into v2.6.37-rc1) fixes
> this problem.

Which makes me silly as I now remember reviewing that patch.

>>>> * The target network namespace sends a RTM_NEWLINK netlink message
>>>> when an interface is moved to it. In the other hand, the source
>>>> network namespace doesn't sends a RTM_DELLINK message when an
>>>> interface is moved from it. This is very annoying because user space
>>>> applications (such as zebra) can't detect some interface moving
>>>> operations and then get into an inconsistent state. Anyone knows if
>>>> there's a workaround for this?
>>>
>>> Not getting RTM_DELLINK is a bug.  The device registration and
>>> unregistration code has changed since dev_change_net_namespace was
>>> written and apparently one of the changes failed to update
>>> dev_change_net_namespace.
>>>
>>
>> Good, that makes a lot more sense. In the kernel 2.6.32.43 the
>> RTM_DELLINK netlink message is sent when a network interface is moved
>> from a network namespace. The same doesn't happens in the kernel
>> 2.6.35.13. I'll try to isolate the problem some more.
>
> Well, this regression was introduced by commit a2835763e130c343ac,
> which was merged into v2.6.34. Reverting parts of this commit makes
> the problem go away but breaks the support of "specifying device flags
> during device creation". I don't know the best way to fix this... any
> ideas?

Everything going through dev_change_net_namespace already needs to be
in the initialized state.  So it looks like we just need to do:

Does the patch below work for you?

Eric

---

diff --git a/net/core/dev.c b/net/core/dev.c
index 17d67b5..bfbde69 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -6108,6 +6108,8 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
 	call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
 	call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev);
 
+	rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
+
 	/*
 	 *	Flush the unicast and multicast chains
 	 */

Re: Move interface across network namespaces

[Renato Westphal]

>> Well, this regression was introduced by commit a2835763e130c343ac,
>> which was merged into v2.6.34. Reverting parts of this commit makes
>> the problem go away but breaks the support of "specifying device flags
>> during device creation". I don't know the best way to fix this... any
>> ideas?
>
> Everything going through dev_change_net_namespace already needs to be
> in the initialized state.  So it looks like we just need to do:
>
> Does the patch below work for you?
>
> Eric
>
> ---
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 17d67b5..bfbde69 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -6108,6 +6108,8 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
>        call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
>        call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev);
>
> +       rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
> +
>        /*
>         *      Flush the unicast and multicast chains
>         */
>

 This works pretty fine. Thanks! :)

-- 
Renato Westphal

[PATCH] rtnetlink: Add missing manual netlink notification in dev_change_net_namespaces

[Eric W. Biederman]

Renato Westphal noticed that since commit a2835763e130c343ace5320c20d33c281e7097b7
"rtnetlink: handle rtnl_link netlink notifications manually" was merged
we no longer send a netlink message when a networking device is moved
from one network namespace to another.

Fix this by adding the missing manual notification in dev_change_net_namespaces.

Since all network devices that are processed by dev_change_net_namspaces are
in the initialized state the complicated tests that guard the manual
rtmsg_ifinfo calls in rollback_registered and register_netdevice are
unnecessary and we can just perform a plain notification.

Cc: stable@kernel.org
Tested-by: Renato Westphal <renatowestphal@gmail.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 net/core/dev.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index ad5d702..b7ba81a 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -6266,6 +6266,7 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
 	*/
 	call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
 	call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev);
+	rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
 
 	/*
 	 *	Flush the unicast and multicast chains
-- 
1.7.2.5

Re: [PATCH] rtnetlink: Add missing manual netlink notification in dev_change_net_namespaces

[David Miller]

From: ebiederm@xmission.com (Eric W. Biederman)
Date: Fri, 21 Oct 2011 09:24:20 -0700

> Renato Westphal noticed that since commit a2835763e130c343ace5320c20d33c281e7097b7
> "rtnetlink: handle rtnl_link netlink notifications manually" was merged
> we no longer send a netlink message when a networking device is moved
> from one network namespace to another.
> 
> Fix this by adding the missing manual notification in dev_change_net_namespaces.
> 
> Since all network devices that are processed by dev_change_net_namspaces are
> in the initialized state the complicated tests that guard the manual
> rtmsg_ifinfo calls in rollback_registered and register_netdevice are
> unnecessary and we can just perform a plain notification.
> 
> Cc: stable@kernel.org
> Tested-by: Renato Westphal <renatowestphal@gmail.com>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

Applied, thanks Eric.