Simple network namespace handling for go.
Go to file
Junhuang Hong 358cc6be9e fix: named ns handler may leak 2023-01-13 09:57:54 -08:00
.github feat: dependabot workflow automation for updating dependency 2022-11-02 13:11:37 -07:00
LICENSE Initial commit of netns package 2014-08-31 14:20:31 -07:00
README.md remove redundant build-tag comments 2023-01-13 09:56:59 -08:00
doc.go move package description to a doc.go 2023-01-13 09:56:59 -08:00
go.mod Use golang.org/x/sys/unix instead of syscall 2020-05-19 21:18:08 -07:00
go.sum Use golang.org/x/sys/unix instead of syscall 2020-05-19 21:18:08 -07:00
netns_linux.go fix: named ns handler may leak 2023-01-13 09:57:54 -08:00
netns_linux_test.go fix unhandled error in TestGetNewSetDelete 2023-01-13 09:56:59 -08:00
netns_others.go make deprecated consts an alias, and don't use internally 2023-01-13 09:56:59 -08:00
nshandle_linux.go fix build-tags for non-linux platforms 2023-01-13 09:56:59 -08:00
nshandle_others.go fix build-tags for non-linux platforms 2023-01-13 09:56:59 -08:00

README.md

netns - network namespaces in go

The netns package provides an ultra-simple interface for handling network namespaces in go. Changing namespaces requires elevated privileges, so in most cases this code needs to be run as root.

Local Build and Test

You can use go get command:

go get github.com/vishvananda/netns

Testing (requires root):

sudo -E go test github.com/vishvananda/netns

Example

package main

import (
    "fmt"
    "net"
    "runtime"

    "github.com/vishvananda/netns"
)

func main() {
    // Lock the OS Thread so we don't accidentally switch namespaces
    runtime.LockOSThread()
    defer runtime.UnlockOSThread()

    // Save the current network namespace
    origns, _ := netns.Get()
    defer origns.Close()

    // Create a new network namespace
    newns, _ := netns.New()
    defer newns.Close()

    // Do something with the network namespace
    ifaces, _ := net.Interfaces()
    fmt.Printf("Interfaces: %v\n", ifaces)

    // Switch back to the original namespace
    netns.Set(origns)
}

NOTE

The library can be safely used only with Go >= 1.10 due to golang/go#20676.

After locking a goroutine to its current OS thread with runtime.LockOSThread() and changing its network namespace, any new subsequent goroutine won't be scheduled on that thread while it's locked. Therefore, the new goroutine will run in a different namespace leading to unexpected results.

See here for more details.