2017-12-07 19:22:34 +00:00
|
|
|
.\" Copyright (c) 2017 by Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
|
|
|
.\"
|
iconv.1, locale.1, memusage.1, memusagestat.1, pldd.1, sprof.1, _syscall.2, add_key.2, adjtimex.2, bind.2, bpf.2, chown.2, clone.2, close.2, copy_file_range.2, eventfd.2, fanotify_init.2, fanotify_mark.2, fork.2, fsync.2, futex.2, getdents.2, getrlimit.2, getxattr.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, ioctl_fat.2, ioctl_getfsmap.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, kcmp.2, keyctl.2, listen.2, listxattr.2, mbind.2, membarrier.2, memfd_create.2, mkdir.2, move_pages.2, mremap.2, msync.2, nfsservctl.2, open.2, perf_event_open.2, pidfd_send_signal.2, pipe.2, pivot_root.2, pkey_alloc.2, process_vm_readv.2, ptrace.2, readlink.2, readv.2, recv.2, recvmmsg.2, rename.2, request_key.2, s390_runtime_instr.2, sched_setaffinity.2, seccomp.2, send.2, sendmmsg.2, sigaltstack.2, signalfd.2, socket.2, socketpair.2, splice.2, spu_create.2, spu_run.2, statfs.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_getoverrun.2, timer_settime.2, umount.2, userfaultfd.2, utimensat.2, wait4.2, INFINITY.3, __ppc_get_timebase.3, __setfpucw.3, abort.3, aio_cancel.3, aio_error.3, aio_read.3, aio_return.3, atexit.3, backtrace.3, basename.3, bsearch.3, bswap.3, cacos.3, cacosh.3, catan.3, catanh.3, cexp2.3, clock_getcpuclockid.3, clog2.3, cmsg.3, confstr.3, div.3, dl_iterate_phdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, duplocale.3, encrypt.3, end.3, endian.3, envz_add.3, err.3, expm1.3, fdim.3, flockfile.3, fmtmsg.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo_a.3, getauxval.3, getdate.3, getdtablesize.3, getgrent_r.3, getgrouplist.3, gethostbyname.3, getline.3, getnameinfo.3, getopt.3, getprotoent_r.3, getpwent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, getutent.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, insque.3, killpg.3, makecontext.3, mallinfo.3, malloc.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbsnrtowcs.3, mbstowcs.3, mcheck.3, mempcpy.3, mq_getattr.3, mq_notify.3, mtrace.3, newlocale.3, nextafter.3, ntp_gettime.3, offsetof.3, open_memstream.3, pow.3, printf.3, pthread_attr_init.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setstack.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_detach.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_mutex_consistent.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_spin_init.3, pthread_testcancel.3, pthread_tryjoin_np.3, ptsname.3, qsort.3, rand.3, random.3, remainder.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, sem_getvalue.3, sem_wait.3, setaliasent.3, setlogmask.3, sigwait.3, sincos.3, sockatmark.3, stdarg.3, stpcpy.3, strcat.3, strfmon.3, strptime.3, strtod.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, tsearch.3, uselocale.3, wcstok.3, wcstombs.3, wordexp.3, y0.3, loop.4, vcs.4, veth.4, charmap.5, core.5, filesystems.5, gai.conf.5, hosts.5, hosts.equiv.5, locale.5, nss.5, repertoiremap.5, securetty.5, shells.5, ttytype.5, ascii.7, complex.7, cpuset.7, credentials.7, fanotify.7, hier.7, inotify.7, ip.7, mount_namespaces.7, mq_overview.7, netlink.7, network_namespaces.7, pid_namespaces.7, pkeys.7, rtld-audit.7, rtnetlink.7, sem_overview.7, signal-safety.7, sock_diag.7, spufs.7, standards.7, symlink.7, tcp.7, time_namespaces.7, unix.7, user_namespaces.7, xattr.7, ldconfig.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-09 12:43:54 +00:00
|
|
|
.TH NETWORK_NAMESPACES 7 2020-06-09 "Linux" "Linux Programmer's Manual"
|
2017-12-07 19:22:34 +00:00
|
|
|
.SH NAME
|
|
|
|
network_namespaces \- overview of Linux network namespaces
|
|
|
|
.SH DESCRIPTION
|
2017-12-08 09:23:09 +00:00
|
|
|
Network namespaces provide isolation of the system resources associated
|
|
|
|
with networking: network devices, IPv4 and IPv6 protocol stacks,
|
2017-12-10 22:17:59 +00:00
|
|
|
IP routing tables, firewall rules, the
|
2017-12-08 09:23:09 +00:00
|
|
|
.I /proc/net
|
2017-12-10 22:17:59 +00:00
|
|
|
directory (which is a symbolic link to
|
|
|
|
.IR /proc/PID/net ),
|
|
|
|
the
|
2017-12-08 09:23:09 +00:00
|
|
|
.I /sys/class/net
|
2017-12-10 22:17:59 +00:00
|
|
|
directory, various files under
|
|
|
|
.IR /proc/sys/net ,
|
|
|
|
port numbers (sockets), and so on.
|
2018-02-24 16:49:24 +00:00
|
|
|
In addition,
|
2018-03-10 19:57:03 +00:00
|
|
|
network namespaces isolate the UNIX domain abstract socket namespace (see
|
|
|
|
.BR unix (7)).
|
2017-12-08 09:24:31 +00:00
|
|
|
.PP
|
2017-12-08 09:23:09 +00:00
|
|
|
A physical network device can live in exactly one
|
|
|
|
network namespace.
|
2017-12-08 09:24:31 +00:00
|
|
|
When a network namespace is freed
|
|
|
|
(i.e., when the last process in the namespace terminates),
|
|
|
|
its physical network devices are moved back to the
|
|
|
|
initial network namespace (not to the parent of the process).
|
|
|
|
.PP
|
2017-12-08 09:23:09 +00:00
|
|
|
A virtual network
|
|
|
|
.RB ( veth (4))
|
|
|
|
device pair provides a pipe-like abstraction
|
|
|
|
that can be used to create tunnels between network namespaces,
|
|
|
|
and can be used to create a bridge to a physical network device
|
|
|
|
in another namespace.
|
2017-12-10 21:33:08 +00:00
|
|
|
When a namespace is freed, the
|
|
|
|
.BR veth (4)
|
|
|
|
devices that it contains are destroyed.
|
2017-12-08 09:23:09 +00:00
|
|
|
.PP
|
|
|
|
Use of network namespaces requires a kernel that is configured with the
|
|
|
|
.B CONFIG_NET_NS
|
|
|
|
option.
|
2020-05-21 08:00:37 +00:00
|
|
|
.\" FIXME .SH EXAMPLES
|
2017-12-07 19:22:34 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR nsenter (1),
|
|
|
|
.BR unshare (1),
|
|
|
|
.BR clone (2),
|
|
|
|
.BR veth (4),
|
|
|
|
.BR proc (5),
|
|
|
|
.BR sysfs (5),
|
|
|
|
.BR namespaces (7),
|
|
|
|
.BR user_namespaces (7),
|
|
|
|
.BR brctl (8),
|
|
|
|
.BR ip (8),
|
intro.1, localedef.1, memusage.1, memusagestat.1, bpf.2, execve.2, fork.2, keyctl.2, request_key.2, sigaction.2, signal.2, socket.2, dlopen.3, getauxval.3, gnu_get_libc_version.3, pthread_atfork.3, sem_post.3, setjmp.3, strftime.3, veth.4, locale.5, nscd.conf.5, resolv.conf.5, address_families.7, armscii-8.7, ascii.7, capabilities.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, iso_8859-1.7, iso_8859-10.7, iso_8859-11.7, iso_8859-13.7, iso_8859-14.7, iso_8859-15.7, iso_8859-16.7, iso_8859-2.7, iso_8859-3.7, iso_8859-4.7, iso_8859-5.7, iso_8859-6.7, iso_8859-7.7, iso_8859-8.7, iso_8859-9.7, keyrings.7, koi8-r.7, koi8-u.7, libc.7, locale.7, man.7, network_namespaces.7, persistent-keyring.7, session-keyring.7, signal.7, unicode.7, uri.7, user-keyring.7, user-session-keyring.7: ffix: replace - with real\-
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-07-06 12:28:51 +00:00
|
|
|
.BR ip\-address (8),
|
|
|
|
.BR ip\-link (8),
|
|
|
|
.BR ip\-netns (8),
|
2017-12-07 19:22:34 +00:00
|
|
|
.BR iptables (8),
|
intro.1, localedef.1, memusage.1, memusagestat.1, bpf.2, execve.2, fork.2, keyctl.2, request_key.2, sigaction.2, signal.2, socket.2, dlopen.3, getauxval.3, gnu_get_libc_version.3, pthread_atfork.3, sem_post.3, setjmp.3, strftime.3, veth.4, locale.5, nscd.conf.5, resolv.conf.5, address_families.7, armscii-8.7, ascii.7, capabilities.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, iso_8859-1.7, iso_8859-10.7, iso_8859-11.7, iso_8859-13.7, iso_8859-14.7, iso_8859-15.7, iso_8859-16.7, iso_8859-2.7, iso_8859-3.7, iso_8859-4.7, iso_8859-5.7, iso_8859-6.7, iso_8859-7.7, iso_8859-8.7, iso_8859-9.7, keyrings.7, koi8-r.7, koi8-u.7, libc.7, locale.7, man.7, network_namespaces.7, persistent-keyring.7, session-keyring.7, signal.7, unicode.7, uri.7, user-keyring.7, user-session-keyring.7: ffix: replace - with real\-
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-07-06 12:28:51 +00:00
|
|
|
.BR ovs\-vsctl (8)
|