mirror_iproute2/man/man8/ip-netns.8

.TH IP\-NETNS 8 "16 Jan 2013" "iproute2" "Linux"
.SH NAME
ip-netns \- process network namespace management
.SH SYNOPSIS
.sp
.ad l
.in +8
.ti -8
.B ip
.RI "[ " OPTIONS " ]"
.B netns
.RI  " { " COMMAND " | "
.BR help " }"
.sp
.ti -8
.BR "ip netns" " { " list " } "

.ti -8
.BR "ip netns" " { " add " | " delete " } "
.I NETNSNAME

.ti -8
.BR "ip netns identify"
.RI "[ " PID " ]"

.ti -8
.BR "ip netns pids"
.I NETNSNAME

.ti -8
.BR "ip netns exec "
.I NETNSNAME command ...

.ti -8
.BR "ip netns monitor"

.SH DESCRIPTION
A network namespace is logically another copy of the network stack,
with its own routes, firewall rules, and network devices.

By convention a named network namespace is an object at
.BR "/var/run/netns/" NAME
that can be opened.  The file descriptor resulting from opening
.BR "/var/run/netns/" NAME
refers to the specified network namespace.  Holding that file
descriptor open keeps the network namespace alive.  The file
descriptor can be used with the
.B setns(2)
system call to change the network namespace associated with a task.

For applications that are aware of network namespaces, the convention
is to look for global network configuration files first in
.BR "/etc/netns/" NAME "/"
then in
.BR "/etc/".
For example, if you want a different version of
.BR /etc/resolv.conf
for a network namespace used to isolate your vpn you would name it
.BR /etc/netns/myvpn/resolv.conf.

.B ip netns exec
automates handling of this configuration, file convention for network
namespace unaware applications, by creating a mount namespace and
bind mounting all of the per network namespace configure files into
their traditional location in /etc.

.TP
.B ip netns list - show all of the named network namespaces
.sp
This command displays all of the network namespaces in /var/run/netns

.TP
.B ip netns add NAME - create a new named network namespace
.sp
If NAME is available in /var/run/netns/ this command creates a new
network namespace and assigns NAME.

.TP
.B ip netns delete NAME - delete the name of a network namespace
.sp
If NAME is present in /var/run/netns it is umounted and the mount
point is removed.  If this is the last user of the network namespace the
network namespace will be freed, otherwise the network namespace
persists until it has no more users.  ip netns delete may fail if
the mount point is in use in another mount namespace.

.TP
.B ip netns identify [PID] - Report network namespaces names for process
.sp
This command walks through /var/run/netns and finds all the network
namespace names for network namespace of the specified process, if PID is
not specified then the current process will be used.

.TP
.B ip netns pids NAME - Report processes in the named network namespace
.sp
This command walks through proc and finds all of the process who have
the named network namespace as their primary network namespace.

.TP
.B ip netns exec NAME cmd ... - Run cmd in the named network namespace
.sp
This command allows applications that are network namespace unaware
to be run in something other than the default network namespace with
all of the configuration for the specified network namespace appearing
in the customary global locations.  A network namespace and bind mounts
are used to move files from their network namespace specific location
to their default locations without affecting other processes.

.TP
.B ip netns monitor - Report as network namespace names are added and deleted
.sp
This command watches network namespace name addition and deletion events
and prints a line for each event it sees.

.SH EXAMPLES
.PP
ip netns list
.RS
Shows the list of current named network namespaces
.RE
.PP
ip netns add vpn
.RS
Creates a network namespace and names it vpn
.RE
.PP
ip netns exec vpn ip link set lo up
.RS
Bring up the loopback interface in the vpn network namespace.
.RE

.SH SEE ALSO
.br
.BR ip (8)

.SH AUTHOR
Original Manpage by Eric W. Biederman