From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.zx2c4.com (lists.zx2c4.com [165.227.139.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D0B4AC0015E for ; Sat, 15 Jul 2023 20:32:02 +0000 (UTC) Received: by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e575e060; Sat, 15 Jul 2023 20:29:35 +0000 (UTC) Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [2607:f8b0:4864:20::1136]) by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 660e39b9 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Sat, 15 Jul 2023 20:29:29 +0000 (UTC) Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-57045429f76so29423457b3.0 for ; Sat, 15 Jul 2023 13:29:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689452968; x=1692044968; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=8+cRga8f+nqQQpMcohweNK0k9zYN/Q5EmBHkZiroBU0=; b=h2DXXO1Rr0hJskNIB7oJd4DgY/YJrdNYDg/ydgY1dW8ul2ChaABZ30OMW2xvEafuP/ IaTTHaYRddwJl8j16ObfhCiJe99+OeFSe8yIout8PPWaENiFvZ+6TaF25YI0ZYJQrcN2 Vvsrwpyn0eytSM+GxjZFkRibd6lc7TSASGc4Jwmns6Tb5BciZLFyZ3ihuUBaRx2E3SFv b0WdBJCzcWdjpFstpzjgCtGJnv8u1w/R0E5V0uh0Cy0oXLczkoXhRFPRnhKxDi2J7fTu 7dV//3Xmo1UmWX/LolB3Rd9ZjCl6sk/n/7KNb7qDlU8yaFFlwkN7UrA6PAEylqkHAJyT prZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689452968; x=1692044968; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8+cRga8f+nqQQpMcohweNK0k9zYN/Q5EmBHkZiroBU0=; b=grHIK+enEn0iiq19Zms4A6PCm8j3d83HPUoqu+ztYgrGf8NznRh4GFHuX4cC6BbeT6 tInuHZojJmFGtiXP7EmE1E+TYLjYiKW6etp4Z7jrzBnbfEg4sjaXodK+huSYUOt9NhtE F2n8ZL2HkjZo5eNKHLgEZOO+QLrCK5dDckiHVDX1EsFg1yfVKta/lcooCltHz/QrwUIy GrkOwe+ztNMYsam4w/JeKxlR77BhyOD097/Rw4g3C4yVvLfUQmgxLx6chg9HXjZ5avEF 3eff0/Ix5e6L9d2PnO530zEvSEcr80STVURMzokag+A1Kl7cZvwrkUTiNxaf9EMXLwhc eOLQ== X-Gm-Message-State: ABy/qLZmvwrNmyat4FkaYBX4cxE9pcCJABIMfMyOZwec+aQeYkwhs/1C AnMROHhJvYXUVZYyJaLHnkNjpSvIewY= X-Google-Smtp-Source: APBJJlFKmxVqhIToLvc5qD0CinGcxqJSnREfOb386HAQOR2DEwjSZAvnFug02j73n04h1Y9IIWsfNw== X-Received: by 2002:a0d:d50f:0:b0:57a:6424:d62e with SMTP id x15-20020a0dd50f000000b0057a6424d62emr8306128ywd.48.1689452967574; Sat, 15 Jul 2023 13:29:27 -0700 (PDT) Received: from [10.12.114.193] ([208.38.235.124]) by smtp.gmail.com with ESMTPSA id x206-20020a817cd7000000b0057a8dd7f707sm2988065ywc.2.2023.07.15.13.29.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 15 Jul 2023 13:29:27 -0700 (PDT) Message-ID: Date: Sat, 15 Jul 2023 15:29:25 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: ip netns del zaps wg link To: Michael Tokarev , wireguard@lists.zx2c4.com Cc: maarten@de-vri.es References: <4fd6c9cb-c2cf-7a16-ee62-d958790652ea@gmail.com> <3a110fda-8fc0-d2d3-e866-2a975cce085b@gmail.com> <45a9cfad-7d77-1be7-9e38-165d12a31c08@tls.msk.ru> Content-Language: en-US From: Harry G Coin In-Reply-To: <45a9cfad-7d77-1be7-9e38-165d12a31c08@tls.msk.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" On 7/14/23 23:48, Michael Tokarev wrote: > 15.07.2023 00:48, Harry G Coin wrote: > .. > >> [] allowing wireguard interfaces to behave like all other interfaces >> when a namespace is destroyed  (moving back to the namespace where it >> was born and to which it retains connection anyhow) > > The thing is that all interface types behave like this when a network > namespace is removed: > they're destroyed together with the namespace.  All which can be > deleted anyway, for which > an `ip link del' command works, - like, physical NICs are the only > exception here b/c you > can't remove a physical NIC from a physical machine this way. > > So in this context, wg interfaces are *already* behaving like all > other virtual interfaces, > and this is done by linux network/namespace subsystem, not by wireguard. > > /mjt Oh dear.    It sure makes more sense to me for anything called 'an interface' to move in the same fashion as any other.  Having to 'just know' which ones will 'remain' and which ones will 'go away and need to be entirely reconfigured all the time' seems more than the security need calls for.  Just setting the link down when the netns goes away would be better, I can decide when, whether and how to create and destroy interfaces.   Or at least an option to 'treat all links the same when the netns goes away' somehow. Off soap box now! Thanks for the comments.