|
Packit Service |
3880ab |
.TH IP\-NETNS 8 "16 Jan 2013" "iproute2" "Linux"
|
|
Packit Service |
3880ab |
.SH NAME
|
|
Packit Service |
3880ab |
ip-netns \- process network namespace management
|
|
Packit Service |
3880ab |
.SH SYNOPSIS
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
.ad l
|
|
Packit Service |
3880ab |
.in +8
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.B ip
|
|
Packit Service |
3880ab |
.RI "[ " OPTIONS " ]"
|
|
Packit Service |
3880ab |
.B netns
|
|
Packit Service |
3880ab |
.RI " { " COMMAND " | "
|
|
Packit Service |
3880ab |
.BR help " }"
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.BR "ip netns" " [ " list " ]"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.B ip netns add
|
|
Packit Service |
3880ab |
.I NETNSNAME
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.B ip netns attach
|
|
Packit Service |
3880ab |
.I NETNSNAME PID
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.B ip [-all] netns del
|
|
Packit Service |
3880ab |
.RI "[ " NETNSNAME " ]"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.B ip netns set
|
|
Packit Service |
3880ab |
.I NETNSNAME NETNSID
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.IR NETNSID " := " auto " | " POSITIVE-INT
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.BR "ip netns identify"
|
|
Packit Service |
3880ab |
.RI "[ " PID " ]"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.BR "ip netns pids"
|
|
Packit Service |
3880ab |
.I NETNSNAME
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.BR "ip [-all] netns exec "
|
|
Packit Service |
3880ab |
.RI "[ " NETNSNAME " ] " command ...
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.BR "ip netns monitor"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.BR "ip netns list-id"
|
|
Packit Service |
3880ab |
.RI "[ target-nsid " POSITIVE-INT " ] [ nsid " POSITIVE-INT " ]"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH DESCRIPTION
|
|
Packit Service |
3880ab |
A network namespace is logically another copy of the network stack,
|
|
Packit Service |
3880ab |
with its own routes, firewall rules, and network devices.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
By default a process inherits its network namespace from its parent. Initially all
|
|
Packit Service |
3880ab |
the processes share the same default network namespace from the init process.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
By convention a named network namespace is an object at
|
|
Packit Service |
3880ab |
.BR "@NETNS_RUN_DIR@/" NAME
|
|
Packit Service |
3880ab |
that can be opened. The file descriptor resulting from opening
|
|
Packit Service |
3880ab |
.BR "@NETNS_RUN_DIR@/" NAME
|
|
Packit Service |
3880ab |
refers to the specified network namespace. Holding that file
|
|
Packit Service |
3880ab |
descriptor open keeps the network namespace alive. The file
|
|
Packit Service |
3880ab |
descriptor can be used with the
|
|
Packit Service |
3880ab |
.B setns(2)
|
|
Packit Service |
3880ab |
system call to change the network namespace associated with a task.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
For applications that are aware of network namespaces, the convention
|
|
Packit Service |
3880ab |
is to look for global network configuration files first in
|
|
Packit Service |
3880ab |
.BR "@NETNS_ETC_DIR@/" NAME "/"
|
|
Packit Service |
3880ab |
then in
|
|
Packit Service |
3880ab |
.BR "/etc/".
|
|
Packit Service |
3880ab |
For example, if you want a different version of
|
|
Packit Service |
3880ab |
.BR /etc/resolv.conf
|
|
Packit Service |
3880ab |
for a network namespace used to isolate your vpn you would name it
|
|
Packit Service |
3880ab |
.BR @NETNS_ETC_DIR@/myvpn/resolv.conf.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B ip netns exec
|
|
Packit Service |
3880ab |
automates handling of this configuration, file convention for network
|
|
Packit Service |
3880ab |
namespace unaware applications, by creating a mount namespace and
|
|
Packit Service |
3880ab |
bind mounting all of the per network namespace configure files into
|
|
Packit Service |
3880ab |
their traditional location in /etc.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns list - show all of the named network namespaces
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
This command displays all of the network namespaces in @NETNS_RUN_DIR@
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns add NAME - create a new named network namespace
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
If NAME is available in @NETNS_RUN_DIR@ this command creates a new
|
|
Packit Service |
3880ab |
network namespace and assigns NAME.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns attach NAME PID - create a new named network namespace
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
If NAME is available in @NETNS_RUN_DIR@ this command attaches the network
|
|
Packit Service |
3880ab |
namespace of the process PID to NAME as if it were created with ip netns.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip [-all] netns delete [ NAME ] - delete the name of a network namespace(s)
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
If NAME is present in @NETNS_RUN_DIR@ it is umounted and the mount
|
|
Packit Service |
3880ab |
point is removed. If this is the last user of the network namespace the
|
|
Packit Service |
3880ab |
network namespace will be freed and all physical devices will be moved to the
|
|
Packit Service |
3880ab |
default one, otherwise the network namespace persists until it has no more
|
|
Packit Service |
3880ab |
users. ip netns delete may fail if the mount point is in use in another mount
|
|
Packit Service |
3880ab |
namespace.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
If
|
|
Packit Service |
3880ab |
.B -all
|
|
Packit Service |
3880ab |
option was specified then all the network namespace names will be removed.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
It is possible to lose the physical device when it was moved to netns and
|
|
Packit Service |
3880ab |
then this netns was deleted with a running process:
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.RS 10
|
|
Packit Service |
3880ab |
$ ip netns add net0
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RS 10
|
|
Packit Service |
3880ab |
$ ip link set dev eth0 netns net0
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RS 10
|
|
Packit Service |
3880ab |
$ ip netns exec net0 SOME_PROCESS_IN_BACKGROUND
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RS 10
|
|
Packit Service |
3880ab |
$ ip netns del net0
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
and eth0 will appear in the default netns only after SOME_PROCESS_IN_BACKGROUND
|
|
Packit Service |
3880ab |
will exit or will be killed. To prevent this the processes running in net0
|
|
Packit Service |
3880ab |
should be killed before deleting the netns:
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RS 10
|
|
Packit Service |
3880ab |
$ ip netns pids net0 | xargs kill
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RS 10
|
|
Packit Service |
3880ab |
$ ip netns del net0
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns set NAME NETNSID - assign an id to a peer network namespace
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
This command assigns a id to a peer network namespace. This id is valid
|
|
Packit Service |
3880ab |
only in the current network namespace.
|
|
Packit Service |
3880ab |
If the keyword "auto" is specified an available nsid will be chosen.
|
|
Packit Service |
3880ab |
This id will be used by the kernel in some netlink messages. If no id is
|
|
Packit Service |
3880ab |
assigned when the kernel needs it, it will be automatically assigned by
|
|
Packit Service |
3880ab |
the kernel.
|
|
Packit Service |
3880ab |
Once it is assigned, it's not possible to change it.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns identify [PID] - Report network namespaces names for process
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
This command walks through @NETNS_RUN_DIR@ and finds all the network
|
|
Packit Service |
3880ab |
namespace names for network namespace of the specified process, if PID is
|
|
Packit Service |
3880ab |
not specified then the current process will be used.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns pids NAME - Report processes in the named network namespace
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
This command walks through proc and finds all of the process who have
|
|
Packit Service |
3880ab |
the named network namespace as their primary network namespace.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip [-all] netns exec [ NAME ] cmd ... - Run cmd in the named network namespace
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
This command allows applications that are network namespace unaware
|
|
Packit Service |
3880ab |
to be run in something other than the default network namespace with
|
|
Packit Service |
3880ab |
all of the configuration for the specified network namespace appearing
|
|
Packit Service |
3880ab |
in the customary global locations. A network namespace and bind mounts
|
|
Packit Service |
3880ab |
are used to move files from their network namespace specific location
|
|
Packit Service |
3880ab |
to their default locations without affecting other processes.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
If
|
|
Packit Service |
3880ab |
.B -all
|
|
Packit Service |
3880ab |
option was specified then
|
|
Packit Service |
3880ab |
.B cmd
|
|
Packit Service |
3880ab |
will be executed synchronously on the each named network namespace even if
|
|
Packit Service |
3880ab |
.B cmd
|
|
Packit Service |
3880ab |
fails on some of them. Network namespace name is printed on each
|
|
Packit Service |
3880ab |
.B cmd
|
|
Packit Service |
3880ab |
executing.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns monitor - Report as network namespace names are added and deleted
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
This command watches network namespace name addition and deletion events
|
|
Packit Service |
3880ab |
and prints a line for each event it sees.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT] - list network namespace ids (nsid)
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
Network namespace ids are used to identify a peer network namespace. This
|
|
Packit Service |
3880ab |
command displays nsids of the current network namespace and provides the
|
|
Packit Service |
3880ab |
corresponding iproute2 netns name (from @NETNS_RUN_DIR@) if any.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
The
|
|
Packit Service |
3880ab |
.B target-nsid
|
|
Packit Service |
3880ab |
option enables to display nsids of the specified network namespace instead of the current network
|
|
Packit Service |
3880ab |
namespace. This
|
|
Packit Service |
3880ab |
.B target-nsid
|
|
Packit Service |
3880ab |
is a nsid from the current network namespace.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
The
|
|
Packit Service |
3880ab |
.B nsid
|
|
Packit Service |
3880ab |
option enables to display only this nsid. It is a nsid from the current network namespace. In
|
|
Packit Service |
3880ab |
combination with the
|
|
Packit Service |
3880ab |
.B target-nsid
|
|
Packit Service |
3880ab |
option, it enables to convert a specific nsid from the current network namespace to a nsid of the
|
|
Packit Service |
3880ab |
.B target-nsid
|
|
Packit Service |
3880ab |
network namespace.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH EXAMPLES
|
|
Packit Service |
3880ab |
.PP
|
|
Packit Service |
3880ab |
ip netns list
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
Shows the list of current named network namespaces
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.PP
|
|
Packit Service |
3880ab |
ip netns add vpn
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
Creates a network namespace and names it vpn
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.PP
|
|
Packit Service |
3880ab |
ip netns exec vpn ip link set lo up
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
Bring up the loopback interface in the vpn network namespace.
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.PP
|
|
Packit Service |
3880ab |
ip netns add foo
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip netns add bar
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip netns set foo 12
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip netns set bar 13
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip -n foo netns set foo 22
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip -n foo netns set bar 23
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip -n bar netns set foo 32
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip -n bar netns set bar 33
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
ip netns list-id target-nsid 12
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
Shows the list of nsids from the network namespace foo.
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
ip netns list-id target-nsid 12 nsid 13
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
Get nsid of bar from the network namespace foo (result is 23).
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH SEE ALSO
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
.BR ip (8)
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH AUTHOR
|
|
Packit Service |
3880ab |
Original Manpage by Eric W. Biederman
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
Manpage revised by Nicolas Dichtel <nicolas.dichtel@6wind.com>
|