New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: net: add an option to provide the socket filedescriptor to the connection #46932
Comments
Are the concerns there addressed?
|
It's hard to be sure, but this looks like the kind of thing intended to be addressed by code like If that doesn't help, can you explain what kind of thing would help? Right now this is a little vague. Thanks. |
I think that this is in the context of using C, I expect golang and its runtime to handle this , the SocketAt func will be something like this: func SocketAt(domain, typ, proto, ns int) (int, error) {
// get current namespace
origin, err := os.Open("/proc/self/ns/net")
if err != nil {
return -1, err
}
// lock the thread so we don't switch namespaces
runtime.LockOSThread()
defer runtime.UnlockOSThread()
// enter the new namespace
err = unix.Setns(int(ns), syscall.CLONE_NEWNET)
if err != nil {
return -1, err
}
// always come back to the original namespace
defer func() {
if e := unix.Setns(int(origin.Fd()), syscall.CLONE_NEWNET); e != nil {
log.Printf("failed to recover netns: %+v", e)
}
}()
// open the socket in the new namespace and return its file descriptor
return syscall.Socket(domain, typ, proto)
}
yeah, let me elaborate and try to explain it more on detail, bear in mind this is too low level to me and I may be doing some false assumptions, so please correct me if I'm wrong. Right now, if I want to listen or dial from a namespace I have to lock the thread, enter the namespace and do the network operations there, no further goroutines allowed inside the namespace, ... more details on https://www.weave.works/blog/linux-namespaces-golang-followup Let's say that I want to have an http server in each namespace/container/pod (serving the same content in all of them), or that I need to create connections from the namespaces, everything handled by a single process in the root namespace.
Both solutions seems to have scale/performance problems on environments with large number of namespaces, order of 100s.
I was looking at that and also reading the discussion about the Hope this clarifies a bit more the problem ... |
As far as I can tell you can write the |
I can't see any advantage of adding a I've wrapped current net.Dial and net.Listen with the SocketAt code to create net.DialAt and net.ListenAt , with the code I pasted above and it does work: https://github.com/aojea/socketat/blob/main/socketat_linux_test.go, it manages the network connections on different namespaces from the default namespace, Lines 19 to 23 in f448cb8
I don't think that the socketat code should go in golang either, the only solutions I have in mind are if:
|
This is definitevely the solution I'd like to have, being able to create a network connection from a socket file descriptor I've created ... I don't know if this is too crazy though 😅 |
To create a socket yourself and then turn it into a |
As far as I can tell, there isn't anything to change in the Go project here. Please comment if you disagree. |
sorry I forgot to close it, indeed there is nothing about Go here Thanks |
Golang and network namespaces have an "interesting" history #44922, basically mixing goroutines and network namespaces is a bad idea.
However, there was an interesting discussion in the kernel mailing list back in 2010 to
the conclusion is that the same functionality should be easy to implement in userspace, so no need to add a new syscall
I think that this can solve some of the problems of golang with network namespace, allowing to create a socket inside a namespace, but using it outside of it, so no need to lock the thread and remove the limitation of creating additional goroutines.
It seems that right now we can manipulate the socket but not the file descriptor
go/src/net/sock_posix.go
Lines 17 to 23 in ed01cea
What is the golang opinion about this?
Is this something interesting to add to the language?
The text was updated successfully, but these errors were encountered: