On Wed, Feb 12, 2020 at 09:42:06PM +0100, William Dauchy wrote: > On Thu, Feb 13, 2020 at 01:31:51AM +0500, ???? ??????? wrote: > > we "use" it. > > depending on true/false we either return -1 or not > > I guess it is present in the first condition to be able to access > `ns->fd` safely in setns; but the second condition does not acces `ns` > later.
For me it's different, it's not related to the fact that it's used later but to the fact that we only need to undo the namespace change if it was changed in the first call. Indeed "ns" is not null only when the caller wants to switch the namespace to create a socket. In fact as long as there's no namespace configured on the servers, or if we're trying to connect to a dispatch or transparent address, ns will be NULL and we'll save two setns calls (i.e. almost always the case). In fact I think we could simplify the logic a bit and merge the code into the inline function present in common/namespace.h. This would also require to export default_namespace: static inline int my_socketat(const struct netns_entry *ns, int domain, int type, int protocol) { #ifdef USE_NS int sock; if (likely(!ns || default_namespace < 0)) goto no_ns; if (setns(ns->fd, CLONE_NEWNET) == -1) return -1; sock = socket(domain, type, protocol); if (setns(default_namespace, CLONE_NEWNET) == -1) { close(sock); sock = -1; } return sock; no_ns: #endif return socket(domain, type, protocol); } This allows to remove the !ns || default_namespace logic from the function's epilogue. What do you think ? Willy