[PATCH 3/3] C/R: Basic support for network namespaces and devices
Serge E. Hallyn
serue at us.ibm.com
Wed Jan 20 09:36:39 PST 2010
Quoting Dan Smith (danms at us.ibm.com):
> When checkpointing a task tree with network namespaces, we hook into
> do_checkpoint_ns() along with the others. Any devices in a given namespace
> are checkpointed (including their peer, in the case of veth) sequentially.
> Each network device stores a list of protocol addresses, as well as other
> information, such as hardware address.
> This patch supports veth pairs, as well as the loopback adapter. The
> loopback support is there to make sure that any additional addresses and
> state (such as up/down) is copied to the loopback adapter that we are
> given in the new network namespace.
> On restart, we instantiate new network namespaces and veth pairs as
> necessary. Any device we encounter that isn't in a network namespace
> that was checkpointed as part of a task is left in the namespace of the
> restarting process. This will be the case for a veth half that exists
> in the init netns to provide network access to a container.
> Still to do are:
> 1. Routes
> 2. Netfilter rules
> 3. IPv6 addresses
> 4. Other virtual device types (e.g. bridges)
> Signed-off-by: Dan Smith <danms at us.ibm.com>
Cool - I don't see any issues in the patchset.
Acked-by: Serge Hallyn <serue at us.ibm.com>
More information about the Containers