In the previous story we seen what the network stack really represent and how is built up in the kernel , the interesting question would be to see how does this work from user-land. The real question would be: How is it that i see only the namespace’s interfaces when i do ifconfig from within a namespace??? Let me illustrate it Root Namespace (We get the loopback to and a pair) eths veth From “blue” namespace: So this all look very good , so lets drill into it. We want to intercept the call that actually returns this info (strace) Ok so tells you that this is reading info from (we kind of knew this , or supposed it) strace /proc 2. Let’s look in the kernel for the proc implementation I ended up finding interesting stuff in fs/proc/proc_net.c I’ve highlighted the important stuff in orange, let’s go by parts: The init function takes a , this is the whole network stack of a (devs , routes, etc) . struct net namespace netd is allocated netd seems to be a struct so some attributes ate filled up (data , namelen(3 ==net ) etc we set the attribute on to be proc_net stuct net netd This suggest that the actual network stack implementation ( ) holds the information the entry? struct net proc fs let’s verify this in struct net , include/net/net_namespace.h There it is , so when a is allocated for a namespace the for the lies inside the struct net itself , hence it can display information only related to its own network stack dentry proc fs struct net (namespace). Next time let’s look into those structs and who populates the “dev” leaf inside proc/net. Thanks!
