Chapter 12: Networks
The figure clearly illustrates that part of the bandwidth is inevitably sacrificed to accommodate control
information.12.5 Networking Namespaces
Recall from Chapter 1 that many parts of the kernel are contained in namespaces. These allow for build-
ing multiple virtual viewpoints of the system that are separated and segregated from each other. Every
instance looks like a single machine running Linux, but, in fact, many such instances can operate simul-
taneously on a single physical machine. During the development of 2.6.24, the kernel started to adopt
namespaces also for the networking subsystem. Thisadds some extra complexity to the networking layer
because all properties of the subsystem that used to be ‘‘global’’ in former versions — for instance, the
available network cards — need to be managed on a per-namespace basis now. If a particular networking
device is visible in one namespace, it need not be available in another one.As usual, a central structure is used to keep track of allavailable namespaces. The definition is as follows:include/net/net_namespace.h
struct net {
atomic_t count; /* To decided when the network
* namespace should be freed.
*/
...
struct list_head list; /* list of network namespaces */
...
struct proc_dir_entry *proc_net;
struct proc_dir_entry *proc_net_stat;
struct proc_dir_entry *proc_net_root;struct net_device *loopback_dev; /* The loopback */struct list_head dev_base_head;
struct hlist_head *dev_name_head;
struct hlist_head *dev_index_head;
};Work has only begun to make the networking subsystem fully aware of namespaces. What you see
now — the situation in kernel 2.6.24 — still represents a comparatively early stage of development.
Therefore,struct netwill grow in size in the future as more and more networking components are
transferred from a global management to a namespace-aware implementation. For now, the basic infras-
tructure is in place. Network devices are kept trackof under consideration of namespaces, and support
for the most important protocols is available. Since I have not yet discussed any specific points of the net-
working implementation, the structures referenced instruct netare naturally still unknown (however,
I promise that this will certainly change in the course of this chapter). For now, it suffices to present a
broad overview about what is handled in a namespace-aware fashion:❑ countis a standard usage counter, and the auxiliary functionsget_netandput_netare pro-
vided to obtain and release permission to use a specificnetinstance. Whencountdrops to zero,
the namespace is deallocated and removed from the system.
❑ All available namespaces are kept on a doubly linked list that is headed bynet_namespace_list.
listis used as the list element. The functioncopy_net_nsadds a new namespace to the list. It is
automatically called when a set of new namespaces is created withcreate_new_namespace.