On Thu, Sep 23, 2010 at 04:34:37PM +0400, Pavel Emelyanov wrote: > On 09/23/2010 04:11 PM, jamal wrote: > > On Thu, 2010-09-23 at 15:53 +0400, Pavel Emelyanov wrote: > > > >> Why does it matter? You told, that the usage scenario was to > >> add routes to container. If I do 2 syscalls instead of 1, is > >> it THAT worse? > >> > > > > Anything to do with socket IO that requires namespace awareness > > applies for usage; it could be tcp/udp/etc socket. If it doesnt > > make any difference performance wise using one scheme vs other > > to write/read heavy messages then i dont see an issue and socketat > > is redundant. > > That's what my point is about - unless we know why would we need it > we don't need it. > > Eric, please clarify, what is the need in creating a socket in foreign > net namespace? Hmm. If you somewhere get the fd to a socket from another namespace, it definitely does work (I'm currently implementing my "socketat" with fd passing through AF_UNIX sockets, so i know it works), so the setns(other...) fd = socket(...) setns(orig...) sequence would certainly work. However, there might be other things happening inbetween like a signal (imagine AIO particularly). While signals are user-controllable (and therefore to be managed/excluded by the user), we need to think if there are other problems with doing this as sequence? If there are no other problematic conditions with this, socketat should probably be moved to a user library. -David -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html