-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support network namespaces #191
Comments
I'll have to investigate a little bit more how these network namespaces behave from the host point of view and especially how to query a list with all the relevant interfaces if the host doesn't have direct visibility. Running If it's Docker that you are using, it does appear to create on the fly new container and possibly network namespace specific interfaces which vnStat can monitor from the host side. |
I cited the My use case is LXC (but I suspect very similar to Docker). An LXC container will run in its own namespace but has various options to setup networking. If configured to use But, LXC also supports attaching a physical device into the container. So let's say you have a real NIC As I said I have not read through vnstat source, but switching a C thread into another network namespace appears to be fairly easy. But of course how it might work for vnstat needs some discovery, a separate thread would need to be created for each network namespace that vnstat monitors. |
Available network namespaces on a host can be found by A design issue may be dealing with multiple interfaces of the same name. And to make matters worse... a namespace name could change every reboot. Bad practice would be to use the PID of the container as the network namespace in |
I did a little bit of playing around... I added
So inside the container I have eth0 and wg2, outside on the host I have numerous interfaces. The modification to
Now that is the easy part. The hard part will be modifying vnstat to recognize that interfaces belong to a namespace... everywhere vnstat manages an interface by name, it needs to have the namespace attached to it. so, Here is the code...
Notes...
Enjoy! |
Thanks for the example. You may also have noticed that vnStat doesn't use threads in its implementation so it would either have to constantly jump between network namespaces or threading be implemented. As for the maximum length of a namespace, I suspect at least some part of the implementation must be in the kernel somewhere and that's likely to be where the maximum length is also defined. |
Forgive me if I use this issue just to document continuing thoughts on this topic. Hopefully it will be helpful. On further research it looks like we cannot assume that network namespaces are always found in |
We don't need to introduce threads, we can just switch between namespaces as required. There should be minimal overhead (unless using really old kernels) |
I think the biggest design decision is how to store namespace information internally to
Or, option 2...
In both cases, if no network namespace is specified then vnstat would operate as it does today... namely Whatever is chosen has implications on what is returned in XML or JSON from the database. And any design should be backward compatible with existing programs that pull data from the database. Although we could assume that all existing users of vnstat database are not namespace "aware". I personally prefer option 2. Thus any program that iterates over Just my 2 cents. |
Looks like one rather easy way of creating network namespaces without much risk of affecting the existing networking is to have docker-compose create a shared network between the configured containers. That brings content visible under |
I would find it very useful to monitor interfaces in a specific network name space. For example if I have multiple containers, I could run vnstat (may need to be as root) on the host and monitor traffic inside the container(s). For example from host command line I can run
ip netns exec <netns> cat /sys/class/net/eth0/statistics/rx_bytes
etc.So, if vnstat could accept a network namespace along with the interface name that would be cool...
--iface eth0 --netns <netns>
Thanks!
The text was updated successfully, but these errors were encountered: