Received: by 10.223.176.46 with SMTP id f43csp3425427wra;
        Mon, 22 Jan 2018 14:06:59 -0800 (PST)
X-Google-Smtp-Source: AH8x226AsRuqdPyRxi0yE9VCwq1q0g2t0F6rJbg1xxUILj3f09l+7cqQ2NB+gX0/FoPrjRwCrm8Z
X-Received: by 10.36.125.205 with SMTP id b196mr522479itc.128.1516658819013;
        Mon, 22 Jan 2018 14:06:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516658818; cv=none;
        d=google.com; s=arc-20160816;
        b=D8eSHsc42Wi5xqekzeZ0X3XtbNUc2nIiF2mhnbY2tV6fWEsiu3l9hErJeJ2UB9H5d1
         arYmHMYQM8zkmnAtmVQgKyRw7yXo7HRtyiszd5glpey7Oa2TExrvCR81cwN5bagn6Cz5
         EbUgR7gRvRD+gRQAY6U2SRYPcnEDJsNoiH55sBCzqof3YZmB5ZtM5TXk+qyC9LgfkAbi
         R0BLC3No8qJwtkAN0EFkGS0ofEUR+eSiGEEI+fLmCR6gEFB8k6zekDQlfgGYafkCt1S9
         BGU+tBveBmIeYrj9CWaM/RqSNfZgqR4m32yM1Sv2aWxwYR0Fw26BisyHM/ofYzuUUwzQ
         IwNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :arc-authentication-results;
        bh=izawse1N97cQeE1uAy0WZq6tGE8FtOIxl5I9G2j2ekk=;
        b=v/90DrSyIt8KE6O87/RTFsG1bNDVIFpdYifRbex4BX75i+/7lL+3L5P1r30GKVetzG
         jXNnqQNRel6lIJiOaafLrTAAGRFOlIUJhJJYZa9bFna99cRR7I727xjywRIVMU001/Zm
         ppymXwNIGEiizR9GqbdN/NqK5tRLzoZhHGORm1bVsuLNifIVxcuIafRse6yqL81aCTi1
         5BuQz2HNWX3EhysrBiWflDEedOnraSl4GFixQMeI2w8XtTyz0m/OYg/EgWW1LdNvl0pB
         rxuQE7XUWqtTJDAhRBnpRGq6u1oyCr/4zRHOhj8WXkUFkyV+bgoIK715gbYPcis/VJRi
         LWUg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u187si10898373ioe.159.2018.01.22.14.06.45;
        Mon, 22 Jan 2018 14:06:58 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751137AbeAVWGW (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Mon, 22 Jan 2018 17:06:22 -0500
Received: from mx1.redhat.com ([209.132.183.28]:33360 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750892AbeAVWGV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Jan 2018 17:06:21 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 3D973A842;
        Mon, 22 Jan 2018 22:06:21 +0000 (UTC)
Received: from localhost (unknown [10.40.205.28])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 664006268B;
        Mon, 22 Jan 2018 22:06:18 +0000 (UTC)
Date:   Mon, 22 Jan 2018 23:06:16 +0100
From:   Jiri Benc <jbenc@redhat.com>
To:     Christian Brauner <christian.brauner@canonical.com>
Cc:     Christian Brauner <christian.brauner@ubuntu.com>,
        davem@davemloft.net, dsahern@gmail.com, fw@strlen.de,
        daniel@iogearbox.net, lucien.xin@gmail.com,
        mschiffer@universe-factory.net, jakub.kicinski@netronome.com,
        vyasevich@gmail.com, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, stephen@networkplumber.org
Subject: Re: [PATCH net-next 1/1] rtnetlink: request RTM_GETLINK by pid or
 fd
Message-ID: <20180122230616.0c457f55@redhat.com>
In-Reply-To: <20180122212353.7n6lrruqedfhrwux@gmail.com>
References: <20180118202124.21616-1-christian.brauner@ubuntu.com>
        <20180118202124.21616-2-christian.brauner@ubuntu.com>
        <20180118212914.74878b82@redhat.com>
        <20180118205552.jm7shzcojbumax2k@gmail.com>
        <20180122220046.7b65a98a@redhat.com>
        <20180122212353.7n6lrruqedfhrwux@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 22 Jan 2018 22:06:21 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 22 Jan 2018 22:23:54 +0100, Christian Brauner wrote:
> That is certainly a good idea and I'm happy to send a follow-up patch
> for that!

Note that I haven't looked into that and I don't know whether it is
easily possible. I'll appreciate if you could try that.

> But there's still value in being able to use
> IFLA_NET_NS_{FD,PID} in scenarios where the network namespace has been
> created by another process. In this case we don't know what its netnsid
> is and not even if it had been assigned one at creation time or not. In
> this case it would be useful to refer to the netns via a pid or fd. A
> more concrete and frequent example is querying a network namespace of a
> (sorry for the buzzword :)) container for all defined network
> interfaces.

That's what spurred my original comment. If you don't know the netnsid
in such case, we're missing something in uAPI but at a different point
than RTM_GETLINK.

When you find yourself in a need to query an interface in another
netns, you had to learn about that interface in the first place.
Meaning you got its ifindex (or ifname, perhaps) somehow. My point is,
you should have learned the netnsid at the same time.

ifindex alone is not an unique identifier of an interface. The
(ifindex, netnsid) pair is. (Also, note that ifindex can change when
moving the interface to a different netns.) So you should never get
ifindex alone when the interface is in another netns than the current
one. If that happens, that is the uAPI that needs to be fixed. You have
to always get the (ifindex, netnsid) pair.

And that's also the way how it should operate in the other direction:
(ifindex, netnsid) is the identifier to query interface in another
netns.

Note that many APIs in networking are based around netnsid - look at
NETLINK_LISTEN_ALL_NSID. It allows you to keep track of interfaces as
they are moved from name spaces to name spaces using a single socket:
you get notifications about interfaces disappearing or appearing in
"watched" name spaces. The name spaces are, of course, referenced by
their netnsid. In order to add another "watched" name space, just
assign it (or, more typically, let the kernel assign) a netnsid.

Btw, we have one missing piece here: when an interface is moved to a
name space that does not have netnsid attached, we want to find out
where the interface was moved to. But there's currently no reliable way
to do it. For veth, the other end can be used to get the netnsid (note
that RTM_GETLINK will return the correct link netnsid even when the
queried veth interface is in a different name space), for openvswitch,
we can now use genetlink, etc., but using different ways for different
interface types is not the best API ever and for standalone interfaces
we have nothing. I'd like to see something added to uAPI to cover this
in a generic way.

But as for this patch, I don't think it's the correct way. We do have
missing pieces in uAPI wrt. netns support but I think they're at
different places. If you have a counter example, please speak up.

Thanks,

 Jiri