Network Namespace Implementation

[JoshuaWatt]

Description

Adds support for network namespaces that can be used to give a client access to a NetworkInterface on an exporter. The data is streamed between a tap on client and exporter over SSH

Checklist

• Documentation for the feature
• Tests for the feature

• The arguments and description in doc/configuration.rst have been updated

• Add a section on how to use the feature to doc/usage.rst

• Add a section on how to use the feature to doc/development.rst

• PR has been tested

• Man pages have been regenerated

[jluebbe]

@JPEWdev As discussed via matrix, I've squashed our commits. I've squashed some minor fixes and doc updates as well. Support for socks5 is still as separate commits.

The tests fail because autodoc can't import the netns agent (due to the missing s2py globals in s2py = s2py). Do you have a better idea to handle that?

Also, the netns tests are currently skipped in CI, as we seem to be missing privileges for the mount namespace. Perhaps we can adjust the workflow configuration to allow that.

[codecov]

Codecov Report

❌ Patch coverage is 15.60694% with 438 lines in your changes missing coverage. Please review.
✅ Project coverage is 45.8%. Comparing base (5e74a80) to head (b07ef1c).
⚠️ Report is 13 commits behind head on master.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
labgrid/tapfwd.py	0.0%	142 Missing ⚠️
labgrid/util/agents/netns.py	0.0%	111 Missing ⚠️
labgrid/util/netns.py	33.5%	87 Missing ⚠️
labgrid/driver/rawnetworkinterfacedriver.py	16.4%	56 Missing ⚠️
labgrid/remote/client.py	7.4%	25 Missing ⚠️
labgrid/util/agent.py	31.8%	15 Missing ⚠️
labgrid/target.py	50.0%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##           master   #1805     +/-   ##
========================================
- Coverage    46.7%   45.8%   -1.0%     
========================================
  Files         179     182      +3     
  Lines       14198   14718    +520     
========================================
+ Hits         6635    6743    +108     
- Misses       7563    7975    +412     

Flag	Coverage Δ
3.10	45.8% <15.6%> (-1.0%)	⬇️
3.11	45.8% <15.6%> (-1.0%)	⬇️
3.12	45.8% <15.6%> (-1.0%)	⬇️
3.13	45.7% <15.6%> (-1.0%)	⬇️
3.14	45.7% <15.6%> (-1.0%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[JoshuaWatt]

@JPEWdev As discussed via matrix, I've squashed our commits. I've squashed some minor fixes and doc updates as well. Support for socks5 is still as separate commits.

The tests fail because autodoc can't import the netns agent (due to the missing s2py globals in s2py = s2py). Do you have a better idea to handle that?

Probably just inline them instead of share them. I'll take a look

Also, the netns tests are currently skipped in CI, as we seem to be missing privileges for the mount namespace. Perhaps we can adjust the workflow configuration to allow that.

[JoshuaWatt]

@jluebbe Ok, it's working now. FYI, the reason for the unshare failure was two fold:

1. There is a sysctl that needs to be set to allow unprivileged users to create user namespaces; I added this to the CI setup
2. A mount can prevent itself from being shared into a new mount namespace, which causes a failure. I don't think there is a "reasonable" (that is, a way normal users can fix this without admin permissions) way for users to work around this, and I was always skeptical that the sysfs mount was even strictly required, so I removed it. Perhaps something that can be revisited later, but it's not needed ATM.

[jluebbe]

Thanks! The sysfs mount was needed to find the tap interface name in the namespace so that it could be opened. As we no longer need that, don't need to mount sysfs in the namespace.