On Wed, Feb 12, 2020 at 09:42:06PM +0100, William Dauchy wrote:
> On Thu, Feb 13, 2020 at 01:31:51AM +0500, ???? ??????? wrote:
> > we "use" it.
> > depending on true/false we either return -1 or not
>
> I guess it is present in the first condition to be able to access
> `ns->fd` safely in setns; but the second condition does not acces `ns`
> later.
For me it's different, it's not related to the fact that it's used
later but to the fact that we only need to undo the namespace change
if it was changed in the first call. Indeed "ns" is not null only
when the caller wants to switch the namespace to create a socket. In
fact as long as there's no namespace configured on the servers, or
if we're trying to connect to a dispatch or transparent address, ns
will be NULL and we'll save two setns calls (i.e. almost always the
case).
In fact I think we could simplify the logic a bit and merge the code
into the inline function present in common/namespace.h. This would also
require to export default_namespace:
static inline int my_socketat(const struct netns_entry *ns, int domain, int
type, int protocol)
{
#ifdef USE_NS
int sock;
if (likely(!ns || default_namespace < 0))
goto no_ns;
if (setns(ns->fd, CLONE_NEWNET) == -1)
return -1;
sock = socket(domain, type, protocol);
if (setns(default_namespace, CLONE_NEWNET) == -1) {
close(sock);
sock = -1;
}
return sock;
no_ns:
#endif
return socket(domain, type, protocol);
}
This allows to remove the !ns || default_namespace logic from
the function's epilogue. What do you think ?
Willy
