Alexey Dobriyan wrote:
On Thu, Oct 02, 2008 at 11:12:08AM +0200, Patrick McHardy wrote:
Is there an easy way to test all this stuff?
I used the following:
0) netns is currently mutually exclusive with sysfs, so depending on
sanity of distro initscripts booting sysfs-less kernel can be tricky.
In Gentoo, for example a) rm -rf /sys (sic!), b) RC_USE_FSTAB="yes",
c) RC_DEVICES="static" in /etc/conf.d/rc are needed.
1) netns creation tool (attached, some container guy posted it somewhere)
# ns_exec -n /bin/sh
2) shutdown network in init_net
sudo /etc/init.d/ntpd stop
sudo /etc/init.d/sshd stop
sudo /etc/init.d/iptables stop
sudo /etc/init.d/ip6tables stop
sudo /etc/init.d/net.eth1 stop
sudo /etc/init.d/net.eth0 stop
3) move netdevices to netns
ip l s dev eth0 netns "$1"
ip l s dev eth1 netns "$1"
where $1 is PID of shell from 1)
4) in netns start everything back
sudo /etc/init.d/net.eth0 start
sudo /etc/init.d/net.eth1 start
sudo /etc/init.d/iptables start
sudo /etc/init.d/ip6tables start
sudo /etc/init.d/sshd start
sudo /etc/init.d/ntpd start
5) at this point my usual NAT setup is back working for me and everything should
be like in init_net (modulo aforementioned exceptions) and
independent from init_net.
Leaked netns are in /proc/slabinfo under "net_namespace".
Some IPv6 printks can be annoying, so mute them.
Object poisoning with SLUB won't work for irrelevant reasons, so use SLAB.
Something like that.
Thanks, I'll give it a try.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
