-
Notifications
You must be signed in to change notification settings - Fork 819
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add in support for network namespaces #676
base: master
Are you sure you want to change the base?
Conversation
please rebase. |
Still working on it. Got it building and starting to work just now. Any ideas on the handle.opt.device vs handlep->device? |
@acmay "wants to merge 774 commits" ??? |
Just struggling with getting git to do what I want. So no I don't want to merge all those commits just one. I can't tell if I can fix it in git easily enough or if I should just start over with doing some file copies. |
Add in cmake checking for namespace support and pcap_get_caps() Fixup pcap_get_caps() function to let an application find out the caps that need to be kept to capture packets. Add in c-define for SYS_CAPABILITY Add in another ifdef check on sys capabilities Yet another spot for an ifdef namespaces Always pass in devprefix instead Remove un-needed var
Hopefully closer to ready now. Some whitespace fixes to make but I would like to get some comments before taking another pass and getting things down to 1 commit. |
This PR should be |
Is this PR going to be merged soon? |
omerb4 <[email protected]> wrote:
Is this PR going to be merged soon?
Yes.
|
Github message: "This branch has conflicts that must be resolved". |
Will this fix allow me to use it for docker namespace? |
Could you symlink /var/run/netns to /var/run/docker/netns? Or mount --bind it?
Do you think that libpcap should look in both places?
|
I think I can spend some time rebasing and looking at things soon here.
I haven't used docker much myself to test there. |
iproute2 just looks in one dir. It is only a compile time option to change it and I am not sure what each distro does to build it. But we could do a build time option to at least match iproute2. |
Build time option like in iproute2 sounds good to me |
Any news here? |
Solaris's zones (see, for example, this Sun paper and this article) might fit into a similar framework. So, for the "enumerate devices" API, would it make more sense to
or
For zones, we already support {zone}/{interface} in Solaris for the "create" API, so presumably something similar would be used for Linux (perhaps ":" should be replaced by "/", for consistency). (See this blog post, too.) |
check_include_file(sys/capability.h HAVE_SYS_CAPABILITY_H) | ||
if(HAVE_SYS_CAPABILITY_H) | ||
add_definitions(-DHAVE_SYS_CAPABILITY=1) | ||
check_c_source_compiles( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can HAVE_LINUX_NETWORK_NAMESPACE without HAVE_SYS_CAPABILITY_H, no?
@@ -303,6 +303,38 @@ include(CheckTypeSize) | |||
check_include_file(inttypes.h HAVE_INTTYPES_H) | |||
check_include_file(stdint.h HAVE_STDINT_H) | |||
check_include_file(unistd.h HAVE_UNISTD_H) | |||
check_include_file(sys/capability.h HAVE_SYS_CAPABILITY_H) | |||
if(HAVE_SYS_CAPABILITY_H) | |||
add_definitions(-DHAVE_SYS_CAPABILITY=1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be true only if HAVE_SYS_CAPABILITY (set below on lines 326-336 is true?
Any news here? |
@acmay I'm interested in this feature, is there the will to carry through? I don't know the code base at the moment, but I could try to help if needed. cc @omeranson |
I just haven’t found the time to do it myself so any help would be great. I also didn’t know the code base going into it and the auto builders are helpful to do the different build variants.
…On Wed, May 24, 2023, at 1:49 AM, Iacopo Rozzo wrote:
@acmay <https://github.com/acmay> I'm interested in this feature, is there the will to carry through? I don't know the code base at the moment, but I could try to help if needed.
cc @omeranson <https://github.com/omeranson>
—
Reply to this email directly, view it on GitHub <#676 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANUHBQAHCI55USS4SXC4TLXHXDSHANCNFSM4ER3KSSQ>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Thanks @acmay, I will start familiarizing myself with the codebase and then I could try to rebase your PR. |
Here is a cut at doing the namespace changes in libpcap for issue #587
I am still not sure on the libpcap details and I am tempted to create a new function pointer to set/unset the namespace (or not) from the pcap.c file so I don't have to catch every return location in the -linux files.
I also left a few comment questions.