Are network namespaces supported?
-
Hi there,
I'm using version 4.14.81, and I'm wondering if network namespaces are supported. I've tried commands like, "ip netns add container" and had no success. Just want to check that I'm not missing something prior to digging in deeper.
Thanks!
-
@huntc network namespaces are supported but not enabled by default, you need to configure the kernel parameter CONFIG_KERNEL_NET_NS before building a custom firmware, you can do this by using make kernel_menuconfig and look in General Setup menu option.
I'm not sure this is supported by the standard Warp Core network module provided by Onion, you probably need to revert to the standard OpenWrt network setup.
-
Thanks for the clarification!
-
As a follow up, indeed I don't think namespaces are supported from the Onion firmware build. I'm getting "Cannot satisfy the following dependencies " style errors via opkg install during the build. As soon as I disable namespaces then all builds well again. Oh well.
-
@huntc "style of error" doesn't help much in identifying the specific cause of the issue, a specific error would
-
@crispyoz I can't believe that you replied post my going to bed at 1am! Pretty sure you're in the same TZ!
Here are the steps I've taken:
- observed:
root@build-server-01:~/onion/source# more target/linux/ramips/mt76x8/config-4.14|grep CONFIG_NET_NS CONFIG_NET_NS=y
make -j1 V=s
results in:
package/Makefile:65: recipe for target 'package/install' failed make[2]: *** [package/install] Error 255 make[2]: Leaving directory '/root/onion/source' package/Makefile:104: recipe for target '/root/onion/source/staging_dir/target-mipsel_24kc_musl/stamp/.package_install' failed make[1]: *** [/root/onion/source/staging_dir/target-mipsel_24kc_musl/stamp/.package_install] Error 2 make[1]: Leaving directory '/root/onion/source' /root/onion/source/include/toplevel.mk:216: recipe for target 'world' failed make: *** [world] Error 2
Prior to that result, lots of messages similar to and starting with:
Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-exfat: * kernel (= 4.14.81-1-d38bb0cccb6c2f5c91562ebf1fb26fa2) * * opkg_install_cmd: Cannot install package kmod-fs-exfat. * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-scsi-core: * kernel (= 4.14.81-1-d38bb0cccb6c2f5c91562ebf1fb26fa2) * * opkg_install_cmd: Cannot install package kmod-scsi-core. * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-crypto-acompress: * kernel (= 4.14.81-1-d38bb0cccb6c2f5c91562ebf1fb26fa2) * ...
-
@huntc based in Sydney here, only pansies go to bed at 1am
You've hit the old kernel dependency problem. The issue is that the kernel modules are built with a dependency on the kernel version and checksum. The checksum is based on the configuration so if you change a kernel option it changes the checksum. The solution is to rebuild everything from scratch so the checksum matches. To do this you follow these steps:
make kernel_menuconfig
#set any required kernel options
make defconfig
#check your configuration again here, make menuconfig/make kernel_menuconfig
#step may be redundant but OCD prevails
make clean
make -j8Update: The key points here are the make defconfig and the make clean.
-
@crispyoz LOL.
This is all so easy if you're familiar with building Linux kernels.
The build now indeed seems to work. Thanks.
However, on having run
opkg install ip
as the busybox doesn't support netns, I'm still having an issue with adding a namespace:# ip netns add container Failed to create a new network namespace "container": Invalid argument
Does this imply that my build still doesn't support netns?
The configuration does appear to be correct in my build, although I may be looking at the wrong file.
~/onion/source# more target/linux/ramips/mt76x8/config-4.14|grep CONFIG_NET_NS CONFIG_NET_NS=y
Separately, please feel free to DM me on Twitter at @huntchr. It'd be great to make contact given our locality and technical interests.
-
@huntc this error will occur if you have not selected the network namespaces in make menuconfig
Global Builld Options-> ->Enable Kernel Name Spaces->Network NamespacesRather than needing to install ip using opkg, you can select it when you build your firmware, it is in
Network->Routing and Redirection->-IP Full
-
@crispyoz We're now good and have network namespaces working - well, I can at least add them - more investigation to be done, but we're on our way!
Thanks again for the help. As you can see, I'm new to building and configuring Linux, so I really appreciate the guidance you've provided.
-
@huntc Glad to see you're up and running. I'm not sure that containers are supported but routing etc is supported and this is the extent of my experience with netns.
I took a look at your product, congratulations looks like a winner.