Expand description
Rust netlink helpers that replace shell-outs to ip/nsenter/sysctl
for per-container overlay network setup.
This module is populated incrementally through a phased migration.
Stage 1: move_link_into_netns_and_rename replaces the shell pair
ip link set <name> netns <pid> + nsenter -t <pid> -n ip link set <name> name <new> with a single atomic RTNETLINK
SetLink carrying both IFLA_NET_NS_FD and IFLA_IFNAME.
This bypasses the /proc/<pid>/ns/net access problem caused
by libcontainer setting PR_SET_DUMPABLE(false) on the
container init process under SELinux enforcing.
Stage 2: create_veth_pair, delete_link_by_name, and
set_link_up_by_name replace the host-side veth shell
commands (ip link add ... type veth peer name ...,
ip link delete ..., ip link set ... up) used by
overlay_manager::attach_to_interface and the orphan
sweeper. These helpers talk RTNETLINK directly via the
rtnetlink crate (async, tokio-backed).
Stage 3: with_netns, add_address_to_link_by_name, and
add_default_route_via_dev replace the remaining
container-netns shell-outs in
overlay_manager::attach_to_interface. with_netns
runs a closure on a dedicated OS thread that has joined
the target container’s network namespace via setns(2),
while the two new RTNETLINK helpers operate on the
current netns (so they must be invoked from inside a
with_netns closure). This removes the last three
nsenter -t <pid> -n ip ... shell-outs used to assign
the container IP, bring eth0 / lo up, and add the
default route.
Enums§
- Netlink
Error - Errors returned by the netlink helpers in this module.
Functions§
- add_
address_ to_ link_ by_ name - Add an IP address to the link identified by
namein the current network namespace. - add_
default_ route_ via_ dev - Add a default route via the given device name in the current network namespace.
- create_
veth_ pair - Create a veth pair with the two ends named
host_nameandpeer_name. - delete_
link_ by_ name - Delete the link by name. Idempotent: returns
Ok(())if the link does not exist. Any other error surfaces asNetlinkError::Netlink. - list_
all_ links - List all network interfaces in the current netns.
- move_
link_ into_ netns_ and_ rename - Move a link from the current network namespace into the target PID’s network namespace, renaming it in the same atomic operation.
- move_
link_ into_ netns_ fd_ and_ rename - Stub for non-Linux Unix platforms (macOS/BSD) and for Linux builds without
the
youki-runtimefeature (which provides the libcontainer-backed impl). - replace_
route_ via_ dev - Add or replace a route to
dest/prefix_lenthat forwards via the interface nameddev_name. Optionalsrcsets the preferred source address. - set_
link_ up_ by_ name - Set the link identified by
nameto the “up” administrative state. - set_
sysctl - Set a sysctl via the
/proc/sys/...filesystem. - with_
netns - Run a synchronous closure inside the network namespace of the given PID.
- with_
netns_ async - Convenience wrapper around
with_netnsthat builds a local current-thread tokio runtime inside the dedicated thread and drives the provided async future to completion. - with_
netns_ fd - Run a synchronous closure inside the network namespace referenced
by the given
OwnedFd. - with_
netns_ fd_ async - Convenience wrapper around
with_netns_fdthat builds a local current-thread tokio runtime inside the dedicated thread and drives the provided async future to completion.