fix: remove vishvananda/netns pkg

Signed-off-by: Jack-R-lantern <tjdfkr2421@gmail.com>

Author: Jack-R-lantern

go.mod

@@ -6,7 +6,6 @@ require (
 	github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6
 	github.com/google/go-cmp v0.7.0
 	github.com/jsimonetti/rtnetlink/v2 v2.0.1
-	github.com/vishvananda/netns v0.0.5
 	golang.org/x/sys v0.37.0
 )
 

go.sum

@@ -60,8 +60,6 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
 github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
-github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
-github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
 golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
 golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=

internal/testutils/netns.go

@@ -0,0 +1,58 @@
+package testutils
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"syscall"
+	"testing"
+
+	"golang.org/x/sys/unix"
+)
+
+// GetThreadNetNS gets the network namespace file descriptor of the thread the current goroutine
+// is running on. Make sure to call runtime.LockOSThread() before this so the goroutine does not
+// get scheduled on another thread in the meantime.
+func GetThreadNetNS() (int, error) {
+	file, err := os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/net", unix.Getpid(), unix.Gettid()))
+	if err != nil {
+		return -1, err
+	}
+	return int(file.Fd()), nil
+}
+
+// CreateNamedNetNS unshares the current thread's network namespace,
+// creating a new isolated network namespace for testing or sandboxing purposes.
+// It returns an error if the unshare operation fails.
+func CreateNamedNetNS() error {
+	if err := unix.Unshare(unix.CLONE_NEWNET); err != nil {
+		return err
+	}
+	return nil
+}
+
+// SetThreadNetNS sets the network namespace of the thread of the current goroutine to
+// the namespace described by the user-provided file descriptor.
+func SetThreadNetNS(fd int) error {
+	return unix.Setns(fd, unix.CLONE_NEWNET)
+}
+
+func WithNetNameSpace(ns int, fn func(t *testing.T)) func(t *testing.T) {
+	return func(t *testing.T) {
+		runtime.LockOSThread()
+		defer runtime.UnlockOSThread()
+
+		origNS, err := GetThreadNetNS()
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer syscall.Close(origNS)
+		defer SetThreadNetNS(origNS)
+
+		if err := SetThreadNetNS(ns); err != nil {
+			t.Fatal(err)
+		}
+
+		fn(t)
+	}
+}

link/netkit_test.go

@@ -6,12 +6,12 @@ import (
 	"fmt"
 	"runtime"
 	"sync/atomic"
+	"syscall"
 	"testing"
 
 	"github.com/go-quicktest/qt"
 	"github.com/jsimonetti/rtnetlink/v2"
 	"github.com/jsimonetti/rtnetlink/v2/driver"
-	"github.com/vishvananda/netns"
 
 	"github.com/cilium/ebpf"
 	"github.com/cilium/ebpf/internal/testutils"
@@ -33,21 +33,25 @@ func TestNetkitAnchor(t *testing.T) {
 	a := mustLoadProgram(t, ebpf.SchedCLS, ebpf.AttachNetkitPrimary, "")
 	b := mustLoadProgram(t, ebpf.SchedCLS, ebpf.AttachNetkitPrimary, "")
 
-	const testNamespace string = "test_netkit_anchor"
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
 
-	rootNS, err := netns.Get()
+	rootNS, err := testutils.GetThreadNetNS()
 	if err != nil {
 		t.Fatal(err)
 	}
-	defer rootNS.Close()
-	defer netns.Set(rootNS)
+	defer syscall.Close(rootNS)
+	defer testutils.SetThreadNetNS(rootNS)
 
-	testNS, err := netns.NewNamed(testNamespace)
+	err = testutils.CreateNamedNetNS()
+	if err != nil {
+		t.Fatal(err)
+	}
+	testNS, err := testutils.GetThreadNetNS()
 	if err != nil {
 		t.Fatal(err)
 	}
-	defer netns.DeleteNamed(testNamespace)
-	defer testNS.Close()
+	defer syscall.Close(testNS)
 
 	linkA, ifIndex := mustAttachNetkit(t, a, ebpf.AttachNetkitPrimary)
 
@@ -67,19 +71,16 @@ func TestNetkitAnchor(t *testing.T) {
 		AfterLink(linkA),
 		AfterLinkByID(linkID),
 	} {
-		t.Run(fmt.Sprintf("%T", anchor), func(t *testing.T) {
-			linkB, err := withNetNameSpace(
-				testNamespace,
-				NetkitOptions{
-					Program:   b,
-					Attach:    ebpf.AttachNetkitPrimary,
-					Interface: ifIndex,
-					Anchor:    anchor,
-				},
-				AttachNetkit)
+		t.Run(fmt.Sprintf("%T", anchor), testutils.WithNetNameSpace(testNS, func(t *testing.T) {
+			linkB, err := AttachNetkit(NetkitOptions{
+				Program:   b,
+				Attach:    ebpf.AttachNetkitPrimary,
+				Interface: ifIndex,
+				Anchor:    anchor,
+			})
 			qt.Assert(t, qt.IsNil(err))
 			qt.Assert(t, qt.IsNil(linkB.Close()))
-		})
+		}))
 	}
 }
 
@@ -132,27 +133,3 @@ func mustAttachNetkit(tb testing.TB, prog *ebpf.Program, attachType ebpf.AttachT
 
 	return link, int(ifIndex)
 }
-
-func withNetNameSpace(name string, opt NetkitOptions, fn func(opt NetkitOptions) (Link, error)) (Link, error) {
-	runtime.LockOSThread()
-	defer runtime.UnlockOSThread()
-
-	rootNS, err := netns.Get()
-	if err != nil {
-		return nil, err
-	}
-	defer rootNS.Close()
-	defer netns.Set(rootNS)
-
-	netns.NewNamed("")
-
-	testNS, err := netns.GetFromName(name)
-	if err != nil {
-		return nil, err
-	}
-	defer testNS.Close()
-
-	netns.Set(testNS)
-
-	return fn(opt)
-}