Add support for disabling netns goroutine (#1)

This change introduces a config parameter that allows to disable the goroutine used for running
netlink socket APIs in a different network namespace. When the goroutine is disabled, no network
namespace switching is performed, and all netlink socket APIs are run in the caller thread's netns.

attribute.go

@@ -5,7 +5,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/mdlayher/netlink/nlenc"
+	"github.com/twistlock/netlink/nlenc"
 )
 
 // errInvalidAttribute specifies if an Attribute's length is incorrect.

attribute_test.go

@@ -9,7 +9,7 @@ import (
 	"unsafe"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/mdlayher/netlink/nlenc"
+	"github.com/twistlock/netlink/nlenc"
 )
 
 func TestMarshalAttributes(t *testing.T) {

bench_test.go

@@ -3,7 +3,7 @@ package netlink_test
 import (
 	"testing"
 
-	"github.com/mdlayher/netlink"
+	"github.com/twistlock/netlink"
 )
 
 var attrBench = []struct {

conn.go

@@ -565,6 +565,14 @@ type Config struct {
 	// no multicast group subscriptions will be made.
 	Groups uint32
 
+	// DisableNSGoroutine disables the goroutine that allows switching to a different
+	// network namespace. This forces running netlink socket syscalls in the caller thread's netns.
+	//
+	// Users who manage namespace transitions manually, or do not require them at all should
+	// set this to true, otherwise overhead will be incurred due to context switches and channel communication
+	// for the executed system calls.
+	DisableNSGoroutine bool
+
 	// NetNS specifies the network namespace the Conn will operate in.
 	//
 	// If set (non-zero), Conn will enter the specified network namespace and

conn_linux.go

@@ -328,24 +328,59 @@ func newError(errno int) error {
 
 var _ socket = &sysSocket{}
 
+// netNSRunner runs a function in a network namespace
+type netNSRunner interface {
+	// stop stops the runner
+	stop()
+	// run runs the given function in a network namespace of the runner
+	run(f func())
+}
+
 // A sysSocket is a socket which uses system calls for socket operations.
 type sysSocket struct {
 	mu     sync.RWMutex
 	fd     *os.File
 	closed bool
-	g      *lockedNetNSGoroutine
+	runner netNSRunner
+}
+
+// selfNetNSRunner executes functions in the current network namespace
+type selfNetNSRunner struct{}
+
+func (l *selfNetNSRunner) stop() {
+	// Empty impl to appease the netNSRunner interface
+	return
+}
+
+func (l *selfNetNSRunner) run(f func()) {
+	// Run the given function directly in the caller thread
+	f()
+}
+
+func newSelfNetNSExecutor() *selfNetNSRunner {
+	return &selfNetNSRunner{}
 }
 
 // newSysSocket creates a sysSocket that optionally locks its internal goroutine
 // to a single thread.
 func newSysSocket(config *Config) (*sysSocket, error) {
-	// Determine network namespaces using the threadNetNS function.
-	g, err := newLockedNetNSGoroutine(config.NetNS, threadNetNS, !config.DisableNSLockThread)
-	if err != nil {
-		return nil, err
+	var runner netNSRunner
+	var err error
+
+	if config.DisableNSGoroutine {
+		if config.NetNS != 0 {
+			return nil, errors.New("netlink Conn attempted to set a namespace with NS goroutine disabled")
+		}
+		runner = newSelfNetNSExecutor()
+	} else {
+		// Determine network namespaces using the threadNetNS function.
+		if runner, err = newLockedNetNSGoroutine(config.NetNS, threadNetNS, !config.DisableNSLockThread); err != nil {
+			return nil, err
+		}
 	}
+
 	return &sysSocket{
-		g: g,
+		runner: runner,
 	}, nil
 }
 
@@ -360,7 +395,7 @@ func (s *sysSocket) do(f func()) error {
 		return syscall.EBADF
 	}
 
-	s.g.run(f)
+	s.runner.run(f)
 	return nil
 }
 
@@ -374,7 +409,7 @@ func (s *sysSocket) read(f func(fd int) bool) error {
 	}
 
 	var err error
-	s.g.run(func() {
+	s.runner.run(func() {
 		err = fdread(s.fd, f)
 	})
 	return err
@@ -390,7 +425,7 @@ func (s *sysSocket) write(f func(fd int) bool) error {
 	}
 
 	var err error
-	s.g.run(func() {
+	s.runner.run(func() {
 		err = fdwrite(s.fd, f)
 	})
 	return err
@@ -406,7 +441,7 @@ func (s *sysSocket) control(f func(fd int)) error {
 	}
 
 	var err error
-	s.g.run(func() {
+	s.runner.run(func() {
 		err = fdcontrol(s.fd, f)
 	})
 	return err
@@ -508,7 +543,7 @@ func (s *sysSocket) Close() error {
 	s.closed = true
 
 	// Stop the associated goroutine and wait for it to return.
-	s.g.stop()
+	s.runner.stop()
 
 	return err
 }
@@ -643,7 +678,7 @@ type lockedNetNSGoroutine struct {
 // specified network namespace netNS (by file descriptor), and will use the
 // getNS function to produce netNS handles.
 func newLockedNetNSGoroutine(netNS int, getNS func() (*netNS, error), lockThread bool) (*lockedNetNSGoroutine, error) {
-	// Any bare syscall errors (e.g. setns) should be wrapped with
+	// Any bare syscall errors (e.runner. setns) should be wrapped with
 	// os.NewSyscallError for the remainder of this function.
 
 	// If the caller has instructed us to not lock OS thread but also attempts

conn_linux_error_test.go

@@ -8,9 +8,9 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nlenc"
-	"github.com/mdlayher/netlink/nltest"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nlenc"
+	"github.com/twistlock/netlink/nltest"
 	"golang.org/x/sys/unix"
 )
 

conn_linux_gteq_1.12_integration_test.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/jsimonetti/rtnetlink/rtnl"
-	"github.com/mdlayher/netlink"
+	"github.com/twistlock/netlink"
 	"golang.org/x/sys/unix"
 )
 

conn_linux_integration_test.go

@@ -14,8 +14,8 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nlenc"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nlenc"
 	"golang.org/x/net/bpf"
 	"golang.org/x/sys/unix"
 )

conn_test.go

@@ -8,8 +8,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nltest"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nltest"
 )
 
 func TestConnExecute(t *testing.T) {

example_attributedecoder_test.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/mdlayher/netlink"
+	"github.com/twistlock/netlink"
 )
 
 // decodeNested is a nested structure within decodeOut.

example_attributeencoder_test.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/mdlayher/netlink"
+	"github.com/twistlock/netlink"
 )
 
 // encodeNested is a nested structure within out.

example_test.go

@@ -3,9 +3,9 @@ package netlink_test
 import (
 	"log"
 
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nlenc"
-	"github.com/mdlayher/netlink/nltest"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nlenc"
+	"github.com/twistlock/netlink/nltest"
 )
 
 // This example demonstrates using a netlink.Conn to execute requests against

go.mod

@@ -1,4 +1,4 @@
-module github.com/mdlayher/netlink
+module github.com/twistlock/netlink
 
 go 1.12
 

go.sum

@@ -8,6 +8,7 @@ github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+
 github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4 h1:nwOc1YaOrYJ37sEBrtWZrdqzK22hiJs3GpDmP3sR2Yw=
 github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
 github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
+github.com/mdlayher/netlink v1.0.0 h1:vySPY5Oxnn/8lxAPn2cK6kAzcZzYJl3KriSLO46OT18=
 github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=

message.go

@@ -4,7 +4,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/mdlayher/netlink/nlenc"
+	"github.com/twistlock/netlink/nlenc"
 )
 
 // Flags which may apply to netlink attribute types when communicating with

message_test.go

@@ -6,7 +6,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/mdlayher/netlink/nlenc"
+	"github.com/twistlock/netlink/nlenc"
 )
 
 func TestHeaderFlagsString(t *testing.T) {

nltest/nltest.go

@@ -6,8 +6,8 @@ import (
 	"io"
 	"os"
 
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nlenc"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nlenc"
 )
 
 // PID is the netlink header PID value assigned by nltest.

nltest/nltest_linux_gteq_1.13_test.go

@@ -7,8 +7,8 @@ import (
 	"os"
 	"testing"
 
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nltest"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nltest"
 	"golang.org/x/sys/unix"
 )
 

nltest/nltest_test.go

@@ -8,8 +8,8 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/mdlayher/netlink"
-	"github.com/mdlayher/netlink/nltest"
+	"github.com/twistlock/netlink"
+	"github.com/twistlock/netlink/nltest"
 )
 
 func TestConnSend(t *testing.T) {