Le 07/06/2017 à 21:14, Flavio Leitner a écrit : > On Mon, Jun 05, 2017 at 10:40:24AM +0200, Nicolas Dichtel wrote: >>> Let me ask this instead: How do you think userspace should behave when >>> netnsid allocation fails? >>> >> There is two ways to assign a nsid: >> - manually with netlink ('ip netns set'). In this case, the error is >> reported >> to userspace via netlink. > > OK. > >> - automatically when a x-netns interface is created. The link-nsid is also >> reported to userspace. If the allocation failed, NETNSA_NSID_NOT_ASSIGNED >> is >> reported. And if you were able to create this x-netns interface, it means >> that you have access to this peer netns, thus you can try to assign the >> nsid >> manually. > > Does that prevent the interface to be created? No.
> >> So, in both cases, userland knows that something went wrong. >> Do you have another scenario in mind? > > Let's say the app is restarted, or another monitoring app is executed > with enough perms. How will it identify the error condition? Your app wants to monitor a subset of netns. It means that you already have a way to identify those netns, something like a file stored somewhere (/var/run/netns/, /proc/<pid>/ns/net, ...). Thus, it's easy to check if those netns have a nsid assigned in the netns where your app will open the socket. This option was called NETLINK_F_LISTEN_ALL_NSID, because it only enables to listen netns *with* a nsid assigned, nothing more. It's up to the user to ensure that nsid are correctly assigned. Regards, Nicolas