On 02/19/2015 04:04 PM, Cyril Hrubis wrote:
> Hi!
>>> As network namespaces tests (ltp/testcases/kernel/containers/netns) code is
>>> a bit messy and it's hard to figure out how return values are passed in the
>>> code
>>> I propose to remove all test cases and leave only the ones specified below.
>>
>> Just few notes about history / backwards compatibility; the proposed
>> replacements are not exactly true replacements for the original code
>> regarding kernel/userspace requirements.
>>
>> 2002: (pre-git) Linux namespaces support in the kernel
>> 2007/09: kernel supports moving interfaces between network namespaces
>> 2008/06: 'ip link .. netns <pid>' support in iproute2
>> 2010/03: /proc/<pid>/ns/* support in the kernel
>> 2011/05: /proc/<pid>/ns/* usable as file descriptors (mountable)
>> 2011/07: 'ip netns' support in iproute2, incl. 'ip link .. netns <file>'
>>
>> The point being how far are you willing to go to preserve the
>> functionality on older kernels/userspace.
>>
>> The proposed code uses /proc/<pid>/ns/* as file descriptors, so it needs
>> at least 2.6.39 kernel and related iproute version or /usr/include
>> recent enough to have IFLA_NET_NS_FD (so you can write your own netlink
>> setup utility).
>
> Does not seem to be the case for SLES11 SP3 nor SP4. The kernel should
> be new enough since SP2 though.
Well, this would be a "nice to have", we could still use
IFLA_NET_NS_PID, which you should have (also used by current test code).
Your iproute could also have support for it,
$ ip link help 2>&1 | grep netns
>
>> The original code uses only fork/clone as far as I see, so it goes much
>> more "back" in terms of compatibility, quite likely at the cost of
>> readability, though. The bash portions of the original code use iproute2
>> with 'netns <pid>' only, so their compatibility goes as back as 2008.
>>
>> The ultimate question is therefore "are we willing to TCONF the new
>> tests on anything older than (upstream) 2.6.39?".
>
> Well that may be one possibility. Unfortunatelly 2.6.39 is quite new, if
> it were at least ten years old I would not hesitate. On the other hand
> the old testcases are messy and basically unmaintainable and they tend
> to fail if some subtle details in kernel change or even randomly from
> time to time.
>
> Ideal solution would be to fix the new testcases to work even on older
> kernels but if that is too much work I would rather see us concentrate
> on more recent code.
Let's try to find a reasonable solution even for older kernels.
>
>> Some (most?) enterprise distributions may have the functionality
>> backported, for example RHEL-6.6 fully supports mounting
>> /proc/<pid>/ns/* and even has util-linux support (like nsenter(1)) for
>> the mounted file descriptors. It is, however, missing any 'ip netns'
>> support as well as 'ip link .. netns <file>' (supports only pid).
>>
>> What about others?
>>
>> # kernel fd (setns(2)) + util-linux support
>> touch netnstest
>> unshare --net mount --bind /proc/self/ns/net netnstest
>> nsenter --net=netnstest ip link show
>
> SLES11 unshare does not support --bind and does not have nsenter likely
> util-linux is too old (2.19.1).
The --bind is not for unshare, but for mount(8). If you don't have
unshare(1) from util-linux or have some old one (without netns support),
try this as a quick replacement for creating the namespace, feel free
to use mount(2) with MS_BIND (linux 2.4+) if your mount(8) doesn't
support --bind:
#define _GNU_SOURCE
#include <sched.h>
#include <unistd.h>
int main(int argc, char **argv)
{
char *ma[] = {"mount","--bind","/proc/self/ns/net","netnstest",NULL};
unshare(CLONE_NEWNET);
execvp("mount", ma);
return 1;
}
and this as a replacement for nsenter:
#include <sched.h>
#include <fcntl.h>
#include <unistd.h>
int main(int argc, char **argv)
{
int i, fd;
fd = open(argv[1], O_RDONLY);
/* provide NULL-terminated array for execve */
for (i = 1; i < argc-1; i++)
argv[i] = argv[i+1];
argv[i] = NULL;
setns(fd, 0);
execvp(argv[1], argv+1);
return 1;
}
(use as ./a.out netnstest <cmd> [args])
If it doesn't work, please try strace, doing proper error detection
for everything above would double the necessary code.
If gcc fails because your kernel doesn't support setns(2), then we can't
easily work around that. If it's just glibc not including it,
$ gcc -dM -E /usr/include/asm/unistd.h | grep setns
you can try syscall(__NR_setns, fd, 0).
>
>> # iproute pid support (possible bashisms follow)
>> ip link add dummy123 type dummy
>> nsenter --net=netnstest sleep 10 &
>> ip link set dummy123 netns $!
>> wait
>> nsenter --net=netnstest ip link show
>
> Same here no nesenter.
>
Thanks,
Jiri
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
