Re: Retrieving the network namespace of a socket

From: Sergey Ryazanov
Date: Wed Oct 20 2021 - 16:01:30 EST

Next message: Pavel Begunkov: "[PATCH 0/2] optimise blk_try_enter_queue()"
Previous message: Kees Cook: "[PATCH] compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer"
In reply to: Christian Brauner: "Re: Retrieving the network namespace of a socket"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 20, 2021 at 7:34 PM Sargun Dhillon <sargun@xxxxxxxxx> wrote:
> On Wed, Oct 20, 2021 at 05:03:56PM +0300, Sergey Ryazanov wrote:
>> On Wed, Oct 20, 2021 at 12:57 PM Sargun Dhillon <sargun@xxxxxxxxx> wrote:
>>> I'm working on a problem where I need to determine which network namespace a
>>> given socket is in. I can currently bruteforce this by using INET_DIAG, and
>>> enumerating namespaces and working backwards.
>>
>> Namespace is not a per-socket, but a per-process attribute. So each
>> socket of a process belongs to the same namespace.
>>
> > Could you elaborate what kind of problem you are trying to solve?
>> Maybe there is a more simple solution. for it.
>
> That's not entirely true. See the folowing code:
>
> int main() {
> int fd1, fd2;
> fd1 = socket(AF_INET, SOCK_STREAM, 0);
> assert(fd1 >= 0);
> assert(unshare(CLONE_NEWNET) == 0);
> fd2 = socket(AF_INET, SOCK_STREAM, 0);
> assert(fd2 >= 0);
> }
>
> fd1 and fd2 have different sock_net.

Ouch, I totally missed this case. Thank you for reminding me.

--
Sergey

Next message: Pavel Begunkov: "[PATCH 0/2] optimise blk_try_enter_queue()"
Previous message: Kees Cook: "[PATCH] compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer"
In reply to: Christian Brauner: "Re: Retrieving the network namespace of a socket"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]