Chapter 12: Networks
❑ Since each namespace can contain different network devices, this must also be reflected
in the contents of Procfs (see Chapter 10.1). Three entries require a per-namespace han-
dling:/proc/netis represented byproc_net, while/proc/net/statsis represented by
proc_net_stats.proc_net_rootpoints to the root element of the Procfs instance for the current
namespace, that is,/proc.
❑ Each namespace may have a different loopback device, andloopback_devpoints to the (virtual)
network device that fulfills this role.
❑ Network devices are represented bystruct net_device. All devices associated with a specific
namespace are kept on a doubly linked list headed bydev_base_head.Thedevicesarekepton
two additional hash tables: One uses the device name as hash key (dev_name_head), and one
uses the interface index (dev_index_head).
Note that there is a slight difference in terminology between devices and interfaces. Whiledevices
represent hardware devices that provide physical transmission capabilities,interfacescan be
purely virtual entities, possibly implemented on top of real devices. For example, a network card
could provide two interfaces.
Since the distinction between these terms is not relevant for our purposes, I use both terms inter-
changeably in the following.
Many components still require substantial rework tomake them handle namespaces correctly, and there
is still a considerable way to go until a fully namespace-aware networking subsystem will be avail-
able. For instance, kernel 2.6.25 (which was still under development when this chapter was written) will
introduce initial preparations to make specific protocols aware of namespaces:
include/net/net_namespace.h
struct net {
...
struct netns_packet packet;
struct netns_unix unx;
struct netns_ipv4 ipv4;
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
struct netns_ipv6 ipv6;
#endif
};
The new members likeipv4will store (formerly global) protocol parameters, and protocol-specific struc-
tures are introduced for this purpose. The approach proceeds step-by-step: First, the basic framework is
set in place. Subsequent steps will then move globalproperties into the per-namespace representation;
the structures are initially empty. More work along these lines is expected to be accepted into future
kernel versions.
Each network namespace consists of several components, for example, the representation in Procfs.
Whenever a new networking namespace is created, these components must be initialized. Likewise,
some cleanups are necessary when a namespace is deleted. The kernel employs the following structure
to keep track of all required initialization/cleanup tuples:
include/net/net_namespace.h
struct pernet_operations {
struct list_head list;
