netns: Issues with deleting virtual interfaces during namespace cleanup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(Apologies for the cross-post, but Thunderbird messed up the formatting when I sent this originally, and then I realized I sent it to the wrong list.)
A patch was applied to the kernel in November 2008 that deletes virtual network interfaces when network namespaces are cleaned up (d0c082cea6dfb9b674b4f6e1e84025662dbd24e8). A discussion about this patch took place on this list (https://lists.linux-foundation.org/pipermail/containers/2008-October/013460.html), where Daniel Lezcano wrote: 

> After discussing with Benjamin, this patch means an user can no longer
> manage a pool of virtual devices because they will be automatically
> destroyed when the namespace exits. I don't think it is a big concern,
> but just in case I am asking :)

I currently have two use cases where this behavior is not desirable:

  1. I use a veth pair device to connect two containers together (as
     opposed to connecting a container to the host).  To do this, I
     create the veth pair device manually in the host with iproute2
     ("ip link add type veth").  Then when I start each container, it
     pulls in one of the interfaces of the veth pair device with
     "lxc.network.type = phys".  When I stop one of the containers, its
     interface to the veth pair device is deleted instead of moved back
     to the host, so I can not just start the stopped container again
     and re-establish the same link.
  2. I start a process in the host that creates a TUN/TAP interface,
     such as a VPN client.  I pull the TUN/TAP interface into the
     container with "lxc.network.type = phys".  When the container
     exits, the TUN/TAP interface is deleted because it is a virtual
     interface, while the VPN client process continues to run in the
     host.  Again I can not just start the container again with the
     same connection; I have to restart the VPN client.
It makes sense that virtual network interfaces that get created inside a container should be deleted when the container exits. However, I feel that network interfaces from the host that get assigned to the container should be returned to the host when the container exits, whether they are physical or virtual.
Can the kernel distinguish between network interfaces that were created inside the namespace, and network interfaces that were moved there? 

David

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux