@@ -103,7 +103,7 @@ type Controller struct {

 	// FIXME(thaJeztah): defOsSbox is always nil on non-Linux: move these fields to Linux-only files.

 	defOsSboxOnce sync.Once

-	defOsSbox     osl.Sandbox

+	defOsSbox     *osl.Namespace

 }

 // New creates a new instance of network controller.

@@ -40,7 +40,7 @@ func (c *Controller) enabledIptablesVersions() []iptables.IPVersion {

 // getDefaultOSLSandbox returns the controller's default [osl.Sandbox]. It

 // creates the sandbox if it does not yet exist.

-func (c *Controller) getDefaultOSLSandbox(key string) (osl.Sandbox, error) {

+func (c *Controller) getDefaultOSLSandbox(key string) (*osl.Namespace, error) {

 	var err error

 	c.defOsSboxOnce.Do(func() {

 		c.defOsSbox, err = osl.NewSandbox(key, false, false)

@@ -47,7 +47,7 @@ type subnet struct {

 type network struct {

 	id        string

-	sbox      osl.Sandbox

+	sbox      *osl.Namespace

 	endpoints endpointTable

 	driver    *driver

 	joinCnt   int

@@ -463,9 +463,9 @@ func (n *network) setupSubnetSandbox(s *subnet, brName, vxlanName string) error

 	return nil

 }

-func setDefaultVLAN(sbox osl.Sandbox) error {

+func setDefaultVLAN(ns *osl.Namespace) error {

 	var brName string

-	for _, i := range sbox.Interfaces() {

+	for _, i := range ns.Interfaces() {

 		if i.Bridge() {

 			brName = i.DstName()

 		}

@@ -474,7 +474,7 @@ func setDefaultVLAN(sbox osl.Sandbox) error {

 	// IFLA_BR_VLAN_DEFAULT_PVID was added in Linux v4.4 (see torvalds/linux@0f963b7), so we can't use netlink for

 	// setting this until Docker drops support for CentOS/RHEL 7 (kernel 3.10, eol date: 2024-06-30).

 	var innerErr error

-	err := sbox.InvokeFunc(func() {

+	err := ns.InvokeFunc(func() {

 		// Contrary to what the sysfs(5) man page says, the entries of /sys/class/net

 		// represent the networking devices visible in the network namespace of the

 		// process which mounted the sysfs filesystem, irrespective of the network

@@ -603,7 +603,7 @@ func (d *driver) network(nid string) *network {

 	return n

 }

-func (n *network) sandbox() osl.Sandbox {

+func (n *network) sandbox() *osl.Namespace {

 	n.Lock()

 	defer n.Unlock()

 	return n.sbox

@@ -30,7 +30,7 @@ type Interface struct {

 	llAddrs     []*net.IPNet

 	routes      []*net.IPNet

 	bridge      bool

-	ns          *networkNamespace

+	ns          *Namespace

 }

 // SrcName returns the name of the interface in the origin network namespace.

@@ -159,7 +159,7 @@ func (i *Interface) Statistics() (*types.InterfaceStatistics, error) {

 	}, nil

 }

-func (n *networkNamespace) findDst(srcName string, isBridge bool) string {

+func (n *Namespace) findDst(srcName string, isBridge bool) string {

 	n.Lock()

 	defer n.Unlock()

@@ -179,7 +179,7 @@ func (n *networkNamespace) findDst(srcName string, isBridge bool) string {

 // interface according to the specified settings. The caller is expected

 // to only provide a prefix for DstName. The AddInterface api will auto-generate

 // an appropriate suffix for the DstName to disambiguate.

-func (n *networkNamespace) AddInterface(srcName, dstPrefix string, options ...IfaceOption) error {

+func (n *Namespace) AddInterface(srcName, dstPrefix string, options ...IfaceOption) error {

 	i := &Interface{

 		srcName: srcName,

 		dstName: dstPrefix,

@@ -28,7 +28,7 @@ const defaultPrefix = "/var/run/docker"

 func init() {

 	// Lock main() to the initial thread to exclude the goroutines spawned

-	// by func (*networkNamespace) InvokeFunc() or func setIPv6() below from

+	// by func (*Namespace) InvokeFunc() or func setIPv6() below from

 	// being scheduled onto that thread. Changes to the network namespace of

 	// the initial thread alter /proc/self/ns/net, which would break any

 	// code which (incorrectly) assumes that that file is the network

@@ -177,9 +177,9 @@ func GenerateKey(containerID string) string {

 	return basePath() + "/" + containerID[:maxLen]

 }

-// NewSandbox provides a new sandbox instance created in an os specific way

-// provided a key which uniquely identifies the sandbox

-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {

+// NewSandbox provides a new Namespace instance created in an os specific way

+// provided a key which uniquely identifies the sandbox.

+func NewSandbox(key string, osCreate, isRestore bool) (*Namespace, error) {

 	if !isRestore {

 		err := createNetworkNamespace(key, osCreate)

 		if err != nil {

@@ -189,7 +189,7 @@ func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {

 		once.Do(createBasePath)

 	}

-	n := &networkNamespace{path: key, isDefault: !osCreate, nextIfIndex: make(map[string]int)}

+	n := &Namespace{path: key, isDefault: !osCreate, nextIfIndex: make(map[string]int)}

 	sboxNs, err := netns.GetFromPath(n.path)

 	if err != nil {

@@ -230,7 +230,7 @@ func mountNetworkNamespace(basePath string, lnPath string) error {

 }

 // GetSandboxForExternalKey returns sandbox object for the supplied path

-func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) {

+func GetSandboxForExternalKey(basePath string, key string) (*Namespace, error) {

 	if err := createNamespaceFile(key); err != nil {

 		return nil, err

 	}

@@ -238,7 +238,7 @@ func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) {

 	if err := mountNetworkNamespace(basePath, key); err != nil {

 		return nil, err

 	}

-	n := &networkNamespace{path: key, nextIfIndex: make(map[string]int)}

+	n := &Namespace{path: key, nextIfIndex: make(map[string]int)}

 	sboxNs, err := netns.GetFromPath(n.path)

 	if err != nil {

@@ -313,11 +313,11 @@ func createNamespaceFile(path string) (err error) {

 	return err

 }

-// networkNamespace represents a network sandbox. It represents a Linux network

+// Namespace represents a network sandbox. It represents a Linux network

 // namespace, and moves an interface into it when called on method AddInterface

 // or sets the gateway etc. It holds a list of Interfaces, routes etc., and more

 // can be added dynamically.

-type networkNamespace struct {

+type Namespace struct {

 	path         string

 	iFaces       []*Interface

 	gw           net.IP

@@ -335,13 +335,13 @@ type networkNamespace struct {

 // method. Note that this doesn't include network interfaces added in any

 // other way (such as the default loopback interface which is automatically

 // created on creation of a sandbox).

-func (n *networkNamespace) Interfaces() []*Interface {

+func (n *Namespace) Interfaces() []*Interface {

 	ifaces := make([]*Interface, len(n.iFaces))

 	copy(ifaces, n.iFaces)

 	return ifaces

 }

-func (n *networkNamespace) loopbackUp() error {

+func (n *Namespace) loopbackUp() error {

 	iface, err := n.nlHandle.LinkByName("lo")

 	if err != nil {

 		return err

@@ -350,12 +350,12 @@ func (n *networkNamespace) loopbackUp() error {

 }

 // GetLoopbackIfaceName returns the name of the loopback interface

-func (n *networkNamespace) GetLoopbackIfaceName() string {

+func (n *Namespace) GetLoopbackIfaceName() string {

 	return "lo"

 }

 // AddAliasIP adds the passed IP address to the named interface

-func (n *networkNamespace) AddAliasIP(ifName string, ip *net.IPNet) error {

+func (n *Namespace) AddAliasIP(ifName string, ip *net.IPNet) error {

 	iface, err := n.nlHandle.LinkByName(ifName)

 	if err != nil {

 		return err

@@ -364,7 +364,7 @@ func (n *networkNamespace) AddAliasIP(ifName string, ip *net.IPNet) error {

 }

 // RemoveAliasIP removes the passed IP address from the named interface

-func (n *networkNamespace) RemoveAliasIP(ifName string, ip *net.IPNet) error {

+func (n *Namespace) RemoveAliasIP(ifName string, ip *net.IPNet) error {

 	iface, err := n.nlHandle.LinkByName(ifName)

 	if err != nil {

 		return err

@@ -374,7 +374,7 @@ func (n *networkNamespace) RemoveAliasIP(ifName string, ip *net.IPNet) error {

 // DisableARPForVIP disables ARP replies and requests for VIP addresses

 // on a particular interface.

-func (n *networkNamespace) DisableARPForVIP(srcName string) (Err error) {

+func (n *Namespace) DisableARPForVIP(srcName string) (Err error) {

 	dstName := ""

 	for _, i := range n.Interfaces() {

 		if i.SrcName() == srcName {

@@ -405,7 +405,7 @@ func (n *networkNamespace) DisableARPForVIP(srcName string) (Err error) {

 }

 // InvokeFunc invoke a function in the network namespace.

-func (n *networkNamespace) InvokeFunc(f func()) error {

+func (n *Namespace) InvokeFunc(f func()) error {

 	path := n.nsPath()

 	newNS, err := netns.GetFromPath(path)

 	if err != nil {

@@ -449,7 +449,7 @@ func (n *networkNamespace) InvokeFunc(f func()) error {

 	return <-done

 }

-func (n *networkNamespace) nsPath() string {

+func (n *Namespace) nsPath() string {

 	n.Lock()

 	defer n.Unlock()

@@ -457,12 +457,12 @@ func (n *networkNamespace) nsPath() string {

 }

 // Key returns the path where the network namespace is mounted.

-func (n *networkNamespace) Key() string {

+func (n *Namespace) Key() string {

 	return n.path

 }

 // Destroy destroys the sandbox.

-func (n *networkNamespace) Destroy() error {

+func (n *Namespace) Destroy() error {

 	if n.nlHandle != nil {

 		n.nlHandle.Close()

 	}

@@ -478,7 +478,7 @@ func (n *networkNamespace) Destroy() error {

 }

 // Restore restores the network namespace.

-func (n *networkNamespace) Restore(ifsopt map[Iface][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error {

+func (n *Namespace) Restore(ifsopt map[Iface][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error {

 	// restore interfaces

 	for name, opts := range ifsopt {

 		i := &Interface{

@@ -580,7 +580,7 @@ func (n *networkNamespace) Restore(ifsopt map[Iface][]IfaceOption, routes []*typ

 }

 // Checks whether IPv6 needs to be enabled/disabled on the loopback interface

-func (n *networkNamespace) checkLoV6() {

+func (n *Namespace) checkLoV6() {

 	var (

 		enable = false

 		action = "disable"

@@ -608,7 +608,7 @@ func (n *networkNamespace) checkLoV6() {

 }

 // ApplyOSTweaks applies operating system specific knobs on the sandbox.

-func (n *networkNamespace) ApplyOSTweaks(types []SandboxType) {

+func (n *Namespace) ApplyOSTweaks(types []SandboxType) {

 	for _, t := range types {

 		switch t {

 		case SandboxTypeLoadBalancer, SandboxTypeIngress:

@@ -2,12 +2,16 @@

 package osl

+type Namespace struct{}

+

+func (n *Namespace) Destroy() error { return nil }

+

 // GC triggers garbage collection of namespace path right away

 // and waits for it.

 func GC() {

 }

 // GetSandboxForExternalKey returns sandbox object for the supplied path

-func GetSandboxForExternalKey(path string, key string) (Sandbox, error) {

+func GetSandboxForExternalKey(path string, key string) (*Namespace, error) {

 	return nil, nil

 }

@@ -6,13 +6,17 @@ func GenerateKey(containerID string) string {

 	return containerID

 }

+type Namespace struct{}

+

+func (n *Namespace) Destroy() error { return nil }

+

 // NewSandbox provides a new sandbox instance created in an os specific way

 // provided a key which uniquely identifies the sandbox

-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {

+func NewSandbox(key string, osCreate, isRestore bool) (*Namespace, error) {

 	return nil, nil

 }

-func GetSandboxForExternalKey(path string, key string) (Sandbox, error) {

+func GetSandboxForExternalKey(path string, key string) (*Namespace, error) {

 	return nil, nil

 }

@@ -29,7 +29,7 @@ type neigh struct {

 	family   int

 }

-func (n *networkNamespace) findNeighbor(dstIP net.IP, dstMac net.HardwareAddr) *neigh {

+func (n *Namespace) findNeighbor(dstIP net.IP, dstMac net.HardwareAddr) *neigh {

 	n.Lock()

 	defer n.Unlock()

@@ -43,7 +43,7 @@ func (n *networkNamespace) findNeighbor(dstIP net.IP, dstMac net.HardwareAddr) *

 }

 // DeleteNeighbor deletes neighbor entry from the sandbox.

-func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error {

+func (n *Namespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error {

 	var (

 		iface netlink.Link

 		err   error

@@ -121,7 +121,7 @@ func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr,

 }

 // AddNeighbor adds a neighbor entry into the sandbox.

-func (n *networkNamespace) AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, options ...NeighOption) error {

+func (n *Namespace) AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, options ...NeighOption) error {

 	var (

 		iface                  netlink.Link

 		err                    error

@@ -9,7 +9,7 @@ import (

 )

 // Gateway returns the IPv4 gateway for the sandbox.

-func (n *networkNamespace) Gateway() net.IP {

+func (n *Namespace) Gateway() net.IP {

 	n.Lock()

 	defer n.Unlock()

@@ -17,7 +17,7 @@ func (n *networkNamespace) Gateway() net.IP {

 }

 // GatewayIPv6 returns the IPv6 gateway for the sandbox.

-func (n *networkNamespace) GatewayIPv6() net.IP {

+func (n *Namespace) GatewayIPv6() net.IP {

 	n.Lock()

 	defer n.Unlock()

@@ -27,7 +27,7 @@ func (n *networkNamespace) GatewayIPv6() net.IP {

 // StaticRoutes returns additional static routes for the sandbox. Note that

 // directly connected routes are stored on the particular interface they

 // refer to.

-func (n *networkNamespace) StaticRoutes() []*types.StaticRoute {

+func (n *Namespace) StaticRoutes() []*types.StaticRoute {

 	n.Lock()

 	defer n.Unlock()

@@ -40,20 +40,20 @@ func (n *networkNamespace) StaticRoutes() []*types.StaticRoute {

 	return routes

 }

-func (n *networkNamespace) setGateway(gw net.IP) {

+func (n *Namespace) setGateway(gw net.IP) {

 	n.Lock()

 	n.gw = gw

 	n.Unlock()

 }

-func (n *networkNamespace) setGatewayIPv6(gwv6 net.IP) {

+func (n *Namespace) setGatewayIPv6(gwv6 net.IP) {

 	n.Lock()

 	n.gwv6 = gwv6

 	n.Unlock()

 }

 // SetGateway sets the default IPv4 gateway for the sandbox.

-func (n *networkNamespace) SetGateway(gw net.IP) error {

+func (n *Namespace) SetGateway(gw net.IP) error {

 	// Silently return if the gateway is empty

 	if len(gw) == 0 {

 		return nil

@@ -68,7 +68,7 @@ func (n *networkNamespace) SetGateway(gw net.IP) error {

 }

 // UnsetGateway the previously set default IPv4 gateway in the sandbox.

-func (n *networkNamespace) UnsetGateway() error {

+func (n *Namespace) UnsetGateway() error {

 	gw := n.Gateway()

 	// Silently return if the gateway is empty

@@ -84,7 +84,7 @@ func (n *networkNamespace) UnsetGateway() error {

 	return err

 }

-func (n *networkNamespace) programGateway(gw net.IP, isAdd bool) error {

+func (n *Namespace) programGateway(gw net.IP, isAdd bool) error {

 	gwRoutes, err := n.nlHandle.RouteGet(gw)

 	if err != nil {

 		return fmt.Errorf("route for the gateway %s could not be found: %v", gw, err)

@@ -118,7 +118,7 @@ func (n *networkNamespace) programGateway(gw net.IP, isAdd bool) error {

 }

 // Program a route in to the namespace routing table.

-func (n *networkNamespace) programRoute(path string, dest *net.IPNet, nh net.IP) error {

+func (n *Namespace) programRoute(path string, dest *net.IPNet, nh net.IP) error {

 	gwRoutes, err := n.nlHandle.RouteGet(nh)

 	if err != nil {

 		return fmt.Errorf("route for the next hop %s could not be found: %v", nh, err)

@@ -133,7 +133,7 @@ func (n *networkNamespace) programRoute(path string, dest *net.IPNet, nh net.IP)

 }

 // Delete a route from the namespace routing table.

-func (n *networkNamespace) removeRoute(path string, dest *net.IPNet, nh net.IP) error {

+func (n *Namespace) removeRoute(path string, dest *net.IPNet, nh net.IP) error {

 	gwRoutes, err := n.nlHandle.RouteGet(nh)

 	if err != nil {

 		return fmt.Errorf("route for the next hop could not be found: %v", err)

@@ -148,7 +148,7 @@ func (n *networkNamespace) removeRoute(path string, dest *net.IPNet, nh net.IP)

 }

 // SetGatewayIPv6 sets the default IPv6 gateway for the sandbox.

-func (n *networkNamespace) SetGatewayIPv6(gwv6 net.IP) error {

+func (n *Namespace) SetGatewayIPv6(gwv6 net.IP) error {

 	// Silently return if the gateway is empty

 	if len(gwv6) == 0 {

 		return nil

@@ -163,7 +163,7 @@ func (n *networkNamespace) SetGatewayIPv6(gwv6 net.IP) error {

 }

 // UnsetGatewayIPv6 unsets the previously set default IPv6 gateway in the sandbox.

-func (n *networkNamespace) UnsetGatewayIPv6() error {

+func (n *Namespace) UnsetGatewayIPv6() error {

 	gwv6 := n.GatewayIPv6()

 	// Silently return if the gateway is empty

@@ -182,7 +182,7 @@ func (n *networkNamespace) UnsetGatewayIPv6() error {

 }

 // AddStaticRoute adds a static route to the sandbox.

-func (n *networkNamespace) AddStaticRoute(r *types.StaticRoute) error {

+func (n *Namespace) AddStaticRoute(r *types.StaticRoute) error {

 	err := n.programRoute(n.nsPath(), r.Destination, r.NextHop)

 	if err == nil {

 		n.Lock()

@@ -193,7 +193,7 @@ func (n *networkNamespace) AddStaticRoute(r *types.StaticRoute) error {

 }

 // RemoveStaticRoute removes a static route from the sandbox.

-func (n *networkNamespace) RemoveStaticRoute(r *types.StaticRoute) error {

+func (n *Namespace) RemoveStaticRoute(r *types.StaticRoute) error {

 	err := n.removeRoute(n.nsPath(), r.Destination, r.NextHop)

 	if err == nil {

 		n.Lock()

@@ -1,12 +1,6 @@

 // Package osl describes structures and interfaces which abstract os entities

 package osl

-import (

-	"net"

-

-	"github.com/docker/docker/libnetwork/types"

-)

-

 // SandboxType specify the time of the sandbox, this can be used to apply special configs

 type SandboxType int

@@ -26,90 +20,3 @@ type IfaceOption func(i *Interface) error

 // NeighOption is a function option type to set neighbor options.

 type NeighOption func(nh *neigh)

-

-// Sandbox represents a network sandbox, identified by a specific key.  It

-// holds a list of Interfaces, routes etc, and more can be added dynamically.

-type Sandbox interface {

-	// Key returns the path where the network namespace is mounted.

-	Key() string

-

-	// AddInterface adds an existing Interface to this sandbox. The operation will rename

-	// from the Interface SrcName to DstName as it moves, and reconfigure the

-	// interface according to the specified settings. The caller is expected

-	// to only provide a prefix for DstName. The AddInterface api will auto-generate

-	// an appropriate suffix for the DstName to disambiguate.

-	AddInterface(SrcName string, DstPrefix string, options ...IfaceOption) error

-

-	// SetGateway sets the default IPv4 gateway for the sandbox.

-	SetGateway(gw net.IP) error

-

-	// SetGatewayIPv6 sets the default IPv6 gateway for the sandbox.

-	SetGatewayIPv6(gw net.IP) error

-

-	// UnsetGateway the previously set default IPv4 gateway in the sandbox.

-	UnsetGateway() error

-

-	// UnsetGatewayIPv6 unsets the previously set default IPv6 gateway in the sandbox.

-	UnsetGatewayIPv6() error

-

-	// GetLoopbackIfaceName returns the name of the loopback interface

-	GetLoopbackIfaceName() string

-

-	// AddAliasIP adds the passed IP address to the named interface

-	AddAliasIP(ifName string, ip *net.IPNet) error

-

-	// RemoveAliasIP removes the passed IP address from the named interface

-	RemoveAliasIP(ifName string, ip *net.IPNet) error

-

-	// DisableARPForVIP disables ARP replies and requests for VIP addresses

-	// on a particular interface.

-	DisableARPForVIP(ifName string) error

-

-	// AddStaticRoute adds a static route to the sandbox.

-	AddStaticRoute(*types.StaticRoute) error

-

-	// RemoveStaticRoute removes a static route from the sandbox.

-	RemoveStaticRoute(*types.StaticRoute) error

-

-	// AddNeighbor adds a neighbor entry into the sandbox.

-	AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, option ...NeighOption) error

-

-	// DeleteNeighbor deletes neighbor entry from the sandbox.

-	DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error

-

-	// InvokeFunc invoke a function in the network namespace.

-	InvokeFunc(func()) error

-

-	// Destroy destroys the sandbox.

-	Destroy() error

-

-	// Restore restores the sandbox.

-	Restore(ifsopt map[Iface][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error

-

-	// ApplyOSTweaks applies operating system specific knobs on the sandbox.

-	ApplyOSTweaks([]SandboxType)

-

-	Info

-}

-

-// Info represents all possible information that

-// the driver wants to place in the sandbox which includes

-// interfaces, routes and gateway

-type Info interface {

-	// Interfaces returns the collection of Interface previously added with the AddInterface

-	// method. Note that this doesn't include network interfaces added in any

-	// other way (such as the default loopback interface which is automatically

-	// created on creation of a sandbox).

-	Interfaces() []*Interface

-

-	// Gateway returns the IPv4 gateway for the sandbox.

-	Gateway() net.IP

-

-	// GatewayIPv6 returns the IPv6 gateway for the sandbox.

-	GatewayIPv6() net.IP

-

-	// StaticRoutes returns additional static routes for the sandbox. Note that

-	// directly connected routes are stored on the particular interface they

-	// refer to.

-	StaticRoutes() []*types.StaticRoute

-}

@@ -13,12 +13,12 @@ func GenerateKey(containerID string) string {

 // NewSandbox provides a new sandbox instance created in an os specific way

 // provided a key which uniquely identifies the sandbox

-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {

+func NewSandbox(key string, osCreate, isRestore bool) (*Namespace, error) {

 	return nil, nil

 }

 // GetSandboxForExternalKey returns sandbox object for the supplied path

-func GetSandboxForExternalKey(path string, key string) (Sandbox, error) {

+func GetSandboxForExternalKey(path string, key string) (*Namespace, error) {

 	return nil, nil

 }

@@ -56,7 +56,7 @@ func newKey(t *testing.T) (string, error) {

 	return name, nil

 }

-func newInfo(t *testing.T, hnd *netlink.Handle) (Sandbox, error) {

+func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) {

 	t.Helper()

 	err := hnd.LinkAdd(&netlink.Veth{

 		LinkAttrs: netlink.LinkAttrs{Name: vethName1, TxQLen: 0},

@@ -113,22 +113,17 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (Sandbox, error) {

 		master:  "testbridge",

 	}

-	return &networkNamespace{

+	return &Namespace{

 		iFaces: []*Interface{intf1, intf2, intf3},

 		gw:     net.ParseIP("192.168.1.1"),

 		gwv6:   net.ParseIP("fe80::1"),

 	}, nil

 }

-func verifySandbox(t *testing.T, s Sandbox, ifaceSuffixes []string) {

-	_, ok := s.(*networkNamespace)

-	if !ok {

-		t.Fatalf("The sandbox interface returned is not of type networkNamespace")

-	}

-

-	sbNs, err := netns.GetFromPath(s.Key())

+func verifySandbox(t *testing.T, ns *Namespace, ifaceSuffixes []string) {

+	sbNs, err := netns.GetFromPath(ns.Key())

 	if err != nil {

-		t.Fatalf("Failed top open network namespace path %q: %v", s.Key(), err)

+		t.Fatalf("Failed top open network namespace path %q: %v", ns.Key(), err)

 	}

 	defer sbNs.Close()

@@ -147,16 +142,16 @@ func verifySandbox(t *testing.T, s Sandbox, ifaceSuffixes []string) {

 	}

 }

-func verifyCleanup(t *testing.T, s Sandbox, wait bool) {

+func verifyCleanup(t *testing.T, ns *Namespace, wait bool) {

 	if wait {

 		time.Sleep(gpmCleanupPeriod * 2)

 	}

-	if _, err := os.Stat(s.Key()); err == nil {

+	if _, err := os.Stat(ns.Key()); err == nil {

 		if wait {

-			t.Fatalf("The sandbox path %s is not getting cleaned up even after twice the cleanup period", s.Key())

+			t.Fatalf("The sandbox path %s is not getting cleaned up even after twice the cleanup period", ns.Key())

 		} else {

-			t.Fatalf("The sandbox path %s is not cleaned up after running gc", s.Key())

+			t.Fatalf("The sandbox path %s is not cleaned up after running gc", ns.Key())

 		}

 	}

 }

@@ -169,16 +164,12 @@ func TestDisableIPv6DAD(t *testing.T) {

 		t.Fatalf("Failed to obtain a key: %v", err)

 	}

-	s, err := NewSandbox(key, true, false)

+	n, err := NewSandbox(key, true, false)

 	if err != nil {

 		t.Fatalf("Failed to create a new sandbox: %v", err)

 	}

-	defer destroyTest(t, s)

+	defer destroyTest(t, n)

-	n, ok := s.(*networkNamespace)

-	if !ok {

-		t.Fatal(ok)

-	}

 	nlh := n.nlHandle

 	ipv6, _ := types.ParseCIDR("2001:db8::44/64")

@@ -214,8 +205,8 @@ func TestDisableIPv6DAD(t *testing.T) {

 	}

 }

-func destroyTest(t *testing.T, s Sandbox) {

-	if err := s.Destroy(); err != nil {

+func destroyTest(t *testing.T, ns *Namespace) {

+	if err := ns.Destroy(); err != nil {

 		t.Log(err)

 	}

 }

@@ -228,16 +219,12 @@ func TestSetInterfaceIP(t *testing.T) {

 		t.Fatalf("Failed to obtain a key: %v", err)

 	}

-	s, err := NewSandbox(key, true, false)

+	n, err := NewSandbox(key, true, false)

 	if err != nil {

 		t.Fatalf("Failed to create a new sandbox: %v", err)

 	}

-	defer destroyTest(t, s)

+	defer destroyTest(t, n)

-	n, ok := s.(*networkNamespace)

-	if !ok {

-		t.Fatal(ok)

-	}

 	nlh := n.nlHandle

 	ipv4, _ := types.ParseCIDR("172.30.0.33/24")

@@ -302,16 +289,12 @@ func TestLiveRestore(t *testing.T) {

 		t.Fatalf("Failed to obtain a key: %v", err)

 	}

-	s, err := NewSandbox(key, true, false)

+	n, err := NewSandbox(key, true, false)

 	if err != nil {

 		t.Fatalf("Failed to create a new sandbox: %v", err)

 	}

-	defer destroyTest(t, s)

+	defer destroyTest(t, n)

-	n, ok := s.(*networkNamespace)

-	if !ok {

-		t.Fatal(ok)

-	}

 	nlh := n.nlHandle

 	ipv4, _ := types.ParseCIDR("172.30.0.33/24")

@@ -368,11 +351,11 @@ func TestLiveRestore(t *testing.T) {

 	}

 	// Create newsandbox with Restore - TRUE

-	s, err = NewSandbox(key, true, true)

+	n2, err := NewSandbox(key, true, true)

 	if err != nil {

 		t.Fatalf("Failed to create a new sandbox: %v", err)

 	}

-	defer destroyTest(t, s)

+	defer destroyTest(t, n2)

 	// Check if the IPV4 & IPV6 entry present

 	// If present , we should get error in below call

@@ -9,7 +9,7 @@ var ErrNotImplemented = errors.New("not implemented")

 // NewSandbox provides a new sandbox instance created in an os specific way

 // provided a key which uniquely identifies the sandbox

-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {

+func NewSandbox(key string, osCreate, isRestore bool) (*Namespace, error) {

 	return nil, ErrNotImplemented

 }

@@ -13,6 +13,6 @@ func newKey(t *testing.T) (string, error) {

 	return "", ErrNotImplemented

 }

-func verifySandbox(t *testing.T, s Sandbox) {

+func verifySandbox(t *testing.T, ns *Namespace) {

 	return

 }

@@ -35,7 +35,7 @@ type Sandbox struct {

 	containerID        string

 	config             containerConfig

 	extDNS             []extDNSEntry

-	osSbox             osl.Sandbox

+	osSbox             *osl.Namespace

 	controller         *Controller

 	resolver           *Resolver

 	resolverOnce       sync.Once

@@ -11,8 +11,8 @@ import (

 	"github.com/docker/docker/libnetwork/types"

 )

-func releaseOSSboxResources(osSbox osl.Sandbox, ep *Endpoint) {

-	for _, i := range osSbox.Interfaces() {

+func releaseOSSboxResources(ns *osl.Namespace, ep *Endpoint) {

+	for _, i := range ns.Interfaces() {

 		// Only remove the interfaces owned by this endpoint from the sandbox.

 		if ep.hasInterface(i.SrcName()) {

 			if err := i.Remove(); err != nil {

@@ -29,7 +29,7 @@ func releaseOSSboxResources(osSbox osl.Sandbox, ep *Endpoint) {

 	if len(vip) > 0 && lbModeIsDSR {

 		ipNet := &net.IPNet{IP: vip, Mask: net.CIDRMask(32, 32)}

-		if err := osSbox.RemoveAliasIP(osSbox.GetLoopbackIfaceName(), ipNet); err != nil {

+		if err := ns.RemoveAliasIP(ns.GetLoopbackIfaceName(), ipNet); err != nil {

 			log.G(context.TODO()).WithError(err).Debugf("failed to remove virtual ip %v to loopback", ipNet)

 		}

 	}

@@ -40,7 +40,7 @@ func releaseOSSboxResources(osSbox osl.Sandbox, ep *Endpoint) {

 	// Remove non-interface routes.

 	for _, r := range joinInfo.StaticRoutes {

-		if err := osSbox.RemoveStaticRoute(r); err != nil {

+		if err := ns.RemoveStaticRoute(r); err != nil {

 			log.G(context.TODO()).Debugf("Remove route failed: %v", err)

 		}

 	}

@@ -4,7 +4,7 @@ package libnetwork

 import "github.com/docker/docker/libnetwork/osl"

-func releaseOSSboxResources(osl.Sandbox, *Endpoint) {}

+func releaseOSSboxResources(*osl.Namespace, *Endpoint) {}

 func (sb *Sandbox) updateGateway(*Endpoint) error {

 	// not implemented on Windows (Sandbox.osSbox is always nil)