]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
5f256bec EB |
2 | /* |
3 | * Operations on the network namespace | |
4 | */ | |
5 | #ifndef __NET_NET_NAMESPACE_H | |
6 | #define __NET_NET_NAMESPACE_H | |
7 | ||
60063497 | 8 | #include <linux/atomic.h> |
c122e14d | 9 | #include <linux/refcount.h> |
5f256bec EB |
10 | #include <linux/workqueue.h> |
11 | #include <linux/list.h> | |
bee95250 | 12 | #include <linux/sysctl.h> |
fbdeaed4 | 13 | #include <linux/uidgid.h> |
5f256bec | 14 | |
6a662719 | 15 | #include <net/flow.h> |
8efa6e93 | 16 | #include <net/netns/core.h> |
852566f5 | 17 | #include <net/netns/mib.h> |
a0a53c8b | 18 | #include <net/netns/unix.h> |
2aaef4e4 | 19 | #include <net/netns/packet.h> |
8afd351c | 20 | #include <net/netns/ipv4.h> |
b0f159db | 21 | #include <net/netns/ipv6.h> |
ab84be7e | 22 | #include <net/netns/nexthop.h> |
633fc86f | 23 | #include <net/netns/ieee802154_6lowpan.h> |
4db67e80 | 24 | #include <net/netns/sctp.h> |
67019cc9 | 25 | #include <net/netns/dccp.h> |
f3c1a44a | 26 | #include <net/netns/netfilter.h> |
8d870052 | 27 | #include <net/netns/x_tables.h> |
dfdb8d79 AD |
28 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
29 | #include <net/netns/conntrack.h> | |
30 | #endif | |
99633ab2 | 31 | #include <net/netns/nftables.h> |
d62ddc21 | 32 | #include <net/netns/xfrm.h> |
0189197f | 33 | #include <net/netns/mpls.h> |
8e8cda6d | 34 | #include <net/netns/can.h> |
1d0dc069 | 35 | #include <net/netns/xdp.h> |
435d5f4b | 36 | #include <linux/ns_common.h> |
04c52dec PNA |
37 | #include <linux/idr.h> |
38 | #include <linux/skbuff.h> | |
a30c7b42 | 39 | #include <linux/notifier.h> |
a0a53c8b | 40 | |
038e7332 | 41 | struct user_namespace; |
457c4cbc | 42 | struct proc_dir_entry; |
2774c7ab | 43 | struct net_device; |
97c53cac | 44 | struct sock; |
1597fbc0 | 45 | struct ctl_table_header; |
dec827d1 | 46 | struct net_generic; |
94e5e308 | 47 | struct uevent_sock; |
2553d064 | 48 | struct netns_ipvs; |
d58e468b | 49 | struct bpf_prog; |
1597fbc0 | 50 | |
7c28bd0b ED |
51 | |
52 | #define NETDEV_HASHBITS 8 | |
53 | #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) | |
54 | ||
5f256bec | 55 | struct net { |
2a06b898 ED |
56 | /* First cache line can be often dirtied. |
57 | * Do not place here read-mostly fields. | |
58 | */ | |
aad12c23 | 59 | refcount_t passive; /* To decide when the network |
a685e089 AV |
60 | * namespace should be freed. |
61 | */ | |
273c28bc | 62 | refcount_t count; /* To decided when the network |
a685e089 | 63 | * namespace should be shut down. |
5f256bec | 64 | */ |
8e602ce2 ED |
65 | spinlock_t rules_mod_lock; |
66 | ||
2a06b898 ED |
67 | unsigned int dev_unreg_count; |
68 | ||
69 | unsigned int dev_base_seq; /* protected by rtnl_mutex */ | |
70 | int ifindex; | |
71 | ||
72 | spinlock_t nsid_lock; | |
73 | atomic_t fnhe_genid; | |
33cf7c90 | 74 | |
5f256bec | 75 | struct list_head list; /* list of network namespaces */ |
19efbd93 | 76 | struct list_head exit_list; /* To linked to call pernet exit |
4420bf21 KT |
77 | * methods on dead net ( |
78 | * pernet_ops_rwsem read locked), | |
79 | * or to unregister pernet ops | |
80 | * (pernet_ops_rwsem write locked). | |
19efbd93 | 81 | */ |
65b7b5b9 KT |
82 | struct llist_node cleanup_list; /* namespaces on death row */ |
83 | ||
9b242610 DH |
84 | #ifdef CONFIG_KEYS |
85 | struct key_tag *key_domain; /* Key domain of operation tag */ | |
86 | #endif | |
038e7332 | 87 | struct user_namespace *user_ns; /* Owning user namespace */ |
70328660 | 88 | struct ucounts *ucounts; |
0c7aecd4 | 89 | struct idr netns_ids; |
038e7332 | 90 | |
435d5f4b | 91 | struct ns_common ns; |
98f842e6 | 92 | |
2a06b898 | 93 | struct list_head dev_base_head; |
457c4cbc EB |
94 | struct proc_dir_entry *proc_net; |
95 | struct proc_dir_entry *proc_net_stat; | |
881d966b | 96 | |
73455092 AV |
97 | #ifdef CONFIG_SYSCTL |
98 | struct ctl_table_set sysctls; | |
99 | #endif | |
95bdfccb | 100 | |
8e602ce2 ED |
101 | struct sock *rtnl; /* rtnetlink socket */ |
102 | struct sock *genl_sock; | |
2774c7ab | 103 | |
94e5e308 CB |
104 | struct uevent_sock *uevent_sock; /* uevent socket */ |
105 | ||
881d966b EB |
106 | struct hlist_head *dev_name_head; |
107 | struct hlist_head *dev_index_head; | |
a30c7b42 JP |
108 | struct raw_notifier_head netdev_chain; |
109 | ||
2a06b898 ED |
110 | /* Note that @hash_mix can be read millions times per second, |
111 | * it is critical that it is on a read_mostly cache line. | |
112 | */ | |
113 | u32 hash_mix; | |
114 | ||
115 | struct net_device *loopback_dev; /* The loopback */ | |
97c53cac | 116 | |
5fd30ee7 DL |
117 | /* core fib_rules */ |
118 | struct list_head rules_ops; | |
5fd30ee7 | 119 | |
8efa6e93 | 120 | struct netns_core core; |
852566f5 | 121 | struct netns_mib mib; |
2aaef4e4 | 122 | struct netns_packet packet; |
a0a53c8b | 123 | struct netns_unix unx; |
ab84be7e | 124 | struct netns_nexthop nexthop; |
8afd351c | 125 | struct netns_ipv4 ipv4; |
dfd56b8b | 126 | #if IS_ENABLED(CONFIG_IPV6) |
b0f159db DL |
127 | struct netns_ipv6 ipv6; |
128 | #endif | |
633fc86f AA |
129 | #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) |
130 | struct netns_ieee802154_lowpan ieee802154_lowpan; | |
131 | #endif | |
4db67e80 EB |
132 | #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) |
133 | struct netns_sctp sctp; | |
134 | #endif | |
67019cc9 PE |
135 | #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) |
136 | struct netns_dccp dccp; | |
137 | #endif | |
8d870052 | 138 | #ifdef CONFIG_NETFILTER |
f3c1a44a | 139 | struct netns_nf nf; |
8d870052 | 140 | struct netns_xt xt; |
dfdb8d79 AD |
141 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
142 | struct netns_ct ct; | |
c038a767 | 143 | #endif |
99633ab2 PNA |
144 | #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE) |
145 | struct netns_nftables nft; | |
146 | #endif | |
c038a767 AW |
147 | #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) |
148 | struct netns_nf_frag nf_frag; | |
9ce7bc03 | 149 | struct ctl_table_header *nf_frag_frags_hdr; |
dfdb8d79 | 150 | #endif |
cd8c20b6 AD |
151 | struct sock *nfnl; |
152 | struct sock *nfnl_stash; | |
3499abb2 AS |
153 | #if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT) |
154 | struct list_head nfnl_acct_list; | |
155 | #endif | |
19576c94 PN |
156 | #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) |
157 | struct list_head nfct_timeout_list; | |
158 | #endif | |
d62ddc21 | 159 | #endif |
3d23e349 | 160 | #ifdef CONFIG_WEXT_CORE |
b333b3d2 | 161 | struct sk_buff_head wext_nlevents; |
8d870052 | 162 | #endif |
1c87733d | 163 | struct net_generic __rcu *gen; |
8e602ce2 | 164 | |
d58e468b PP |
165 | struct bpf_prog __rcu *flow_dissector_prog; |
166 | ||
8e602ce2 ED |
167 | /* Note : following structs are cache line aligned */ |
168 | #ifdef CONFIG_XFRM | |
169 | struct netns_xfrm xfrm; | |
170 | #endif | |
f318903c DB |
171 | |
172 | atomic64_t net_cookie; /* written once */ | |
173 | ||
8b4d14d8 | 174 | #if IS_ENABLED(CONFIG_IP_VS) |
61b1ab45 | 175 | struct netns_ipvs *ipvs; |
0189197f EB |
176 | #endif |
177 | #if IS_ENABLED(CONFIG_MPLS) | |
178 | struct netns_mpls mpls; | |
8e8cda6d MK |
179 | #endif |
180 | #if IS_ENABLED(CONFIG_CAN) | |
181 | struct netns_can can; | |
1d0dc069 BT |
182 | #endif |
183 | #ifdef CONFIG_XDP_SOCKETS | |
184 | struct netns_xdp xdp; | |
91b05a7e OM |
185 | #endif |
186 | #if IS_ENABLED(CONFIG_CRYPTO_USER) | |
187 | struct sock *crypto_nlsk; | |
8b4d14d8 | 188 | #endif |
51d7cccf | 189 | struct sock *diag_nlsk; |
3859a271 | 190 | } __randomize_layout; |
5f256bec | 191 | |
c0f39322 DL |
192 | #include <linux/seq_file_net.h> |
193 | ||
4fabcd71 | 194 | /* Init's network namespace */ |
5f256bec | 195 | extern struct net init_net; |
a4aa834a | 196 | |
d727abcb | 197 | #ifdef CONFIG_NET_NS |
e67e16ea JP |
198 | struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns, |
199 | struct net *old_net); | |
225c0a01 | 200 | |
fbdeaed4 TH |
201 | void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid); |
202 | ||
7866cc57 | 203 | void net_ns_barrier(void); |
d727abcb EB |
204 | #else /* CONFIG_NET_NS */ |
205 | #include <linux/sched.h> | |
206 | #include <linux/nsproxy.h> | |
038e7332 EB |
207 | static inline struct net *copy_net_ns(unsigned long flags, |
208 | struct user_namespace *user_ns, struct net *old_net) | |
9dd776b6 | 209 | { |
d727abcb EB |
210 | if (flags & CLONE_NEWNET) |
211 | return ERR_PTR(-EINVAL); | |
212 | return old_net; | |
9dd776b6 | 213 | } |
7866cc57 | 214 | |
fbdeaed4 TH |
215 | static inline void net_ns_get_ownership(const struct net *net, |
216 | kuid_t *uid, kgid_t *gid) | |
217 | { | |
218 | *uid = GLOBAL_ROOT_UID; | |
219 | *gid = GLOBAL_ROOT_GID; | |
220 | } | |
221 | ||
7866cc57 | 222 | static inline void net_ns_barrier(void) {} |
d727abcb | 223 | #endif /* CONFIG_NET_NS */ |
225c0a01 DL |
224 | |
225 | ||
226 | extern struct list_head net_namespace_list; | |
9dd776b6 | 227 | |
e67e16ea | 228 | struct net *get_net_ns_by_pid(pid_t pid); |
0f5258cd | 229 | struct net *get_net_ns_by_fd(int fd); |
30ffee84 | 230 | |
5a95cbb8 DB |
231 | u64 net_gen_cookie(struct net *net); |
232 | ||
535d3ae9 RK |
233 | #ifdef CONFIG_SYSCTL |
234 | void ipx_register_sysctl(void); | |
235 | void ipx_unregister_sysctl(void); | |
236 | #else | |
237 | #define ipx_register_sysctl() | |
238 | #define ipx_unregister_sysctl() | |
239 | #endif | |
240 | ||
d4655795 | 241 | #ifdef CONFIG_NET_NS |
e67e16ea | 242 | void __put_net(struct net *net); |
5f256bec EB |
243 | |
244 | static inline struct net *get_net(struct net *net) | |
245 | { | |
273c28bc | 246 | refcount_inc(&net->count); |
5f256bec EB |
247 | return net; |
248 | } | |
249 | ||
077130c0 EB |
250 | static inline struct net *maybe_get_net(struct net *net) |
251 | { | |
252 | /* Used when we know struct net exists but we | |
253 | * aren't guaranteed a previous reference count | |
254 | * exists. If the reference count is zero this | |
255 | * function fails and returns NULL. | |
256 | */ | |
273c28bc | 257 | if (!refcount_inc_not_zero(&net->count)) |
077130c0 EB |
258 | net = NULL; |
259 | return net; | |
260 | } | |
261 | ||
5f256bec EB |
262 | static inline void put_net(struct net *net) |
263 | { | |
273c28bc | 264 | if (refcount_dec_and_test(&net->count)) |
5f256bec EB |
265 | __put_net(net); |
266 | } | |
267 | ||
878628fb YH |
268 | static inline |
269 | int net_eq(const struct net *net1, const struct net *net2) | |
270 | { | |
271 | return net1 == net2; | |
272 | } | |
a685e089 | 273 | |
4ee806d5 DS |
274 | static inline int check_net(const struct net *net) |
275 | { | |
3e3ab9cc | 276 | return refcount_read(&net->count) != 0; |
4ee806d5 DS |
277 | } |
278 | ||
e67e16ea | 279 | void net_drop_ns(void *); |
a685e089 | 280 | |
d4655795 | 281 | #else |
b9f75f45 | 282 | |
d4655795 PE |
283 | static inline struct net *get_net(struct net *net) |
284 | { | |
285 | return net; | |
286 | } | |
287 | ||
288 | static inline void put_net(struct net *net) | |
289 | { | |
290 | } | |
291 | ||
5d1e4468 DL |
292 | static inline struct net *maybe_get_net(struct net *net) |
293 | { | |
294 | return net; | |
295 | } | |
296 | ||
297 | static inline | |
298 | int net_eq(const struct net *net1, const struct net *net2) | |
299 | { | |
300 | return 1; | |
301 | } | |
a685e089 | 302 | |
4ee806d5 DS |
303 | static inline int check_net(const struct net *net) |
304 | { | |
305 | return 1; | |
306 | } | |
307 | ||
a685e089 | 308 | #define net_drop_ns NULL |
5d1e4468 DL |
309 | #endif |
310 | ||
311 | ||
0c5c9fb5 | 312 | typedef struct { |
8f424b5f | 313 | #ifdef CONFIG_NET_NS |
0c5c9fb5 EB |
314 | struct net *net; |
315 | #endif | |
316 | } possible_net_t; | |
8f424b5f | 317 | |
0c5c9fb5 | 318 | static inline void write_pnet(possible_net_t *pnet, struct net *net) |
8f424b5f | 319 | { |
0c5c9fb5 EB |
320 | #ifdef CONFIG_NET_NS |
321 | pnet->net = net; | |
322 | #endif | |
8f424b5f ED |
323 | } |
324 | ||
0c5c9fb5 | 325 | static inline struct net *read_pnet(const possible_net_t *pnet) |
8f424b5f | 326 | { |
0c5c9fb5 EB |
327 | #ifdef CONFIG_NET_NS |
328 | return pnet->net; | |
8f424b5f | 329 | #else |
0c5c9fb5 | 330 | return &init_net; |
8f424b5f | 331 | #endif |
0c5c9fb5 | 332 | } |
5d1e4468 | 333 | |
f0b07bb1 | 334 | /* Protected by net_rwsem */ |
5f256bec EB |
335 | #define for_each_net(VAR) \ |
336 | list_for_each_entry(VAR, &net_namespace_list, list) | |
afa0df59 JP |
337 | #define for_each_net_continue_reverse(VAR) \ |
338 | list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list) | |
11a28d37 JB |
339 | #define for_each_net_rcu(VAR) \ |
340 | list_for_each_entry_rcu(VAR, &net_namespace_list, list) | |
341 | ||
4665079c PE |
342 | #ifdef CONFIG_NET_NS |
343 | #define __net_init | |
344 | #define __net_exit | |
022cbae6 | 345 | #define __net_initdata |
04a6f82c | 346 | #define __net_initconst |
4665079c PE |
347 | #else |
348 | #define __net_init __init | |
bd721ea7 | 349 | #define __net_exit __ref |
022cbae6 | 350 | #define __net_initdata __initdata |
04a6f82c | 351 | #define __net_initconst __initconst |
4665079c | 352 | #endif |
5f256bec | 353 | |
d4e4fdf9 | 354 | int peernet2id_alloc(struct net *net, struct net *peer, gfp_t gfp); |
56f200c7 GN |
355 | int peernet2id(const struct net *net, struct net *peer); |
356 | bool peernet_has_id(const struct net *net, struct net *peer); | |
357 | struct net *get_net_ns_by_id(const struct net *net, int id); | |
0c7aecd4 | 358 | |
5f256bec EB |
359 | struct pernet_operations { |
360 | struct list_head list; | |
6056415d KT |
361 | /* |
362 | * Below methods are called without any exclusive locks. | |
363 | * More than one net may be constructed and destructed | |
364 | * in parallel on several cpus. Every pernet_operations | |
365 | * have to keep in mind all other pernet_operations and | |
366 | * to introduce a locking, if they share common resources. | |
367 | * | |
8518e9bb KT |
368 | * The only time they are called with exclusive lock is |
369 | * from register_pernet_subsys(), unregister_pernet_subsys() | |
370 | * register_pernet_device() and unregister_pernet_device(). | |
371 | * | |
6056415d KT |
372 | * Exit methods using blocking RCU primitives, such as |
373 | * synchronize_rcu(), should be implemented via exit_batch. | |
374 | * Then, destruction of a group of net requires single | |
375 | * synchronize_rcu() related to these pernet_operations, | |
376 | * instead of separate synchronize_rcu() for every net. | |
377 | * Please, avoid synchronize_rcu() at all, where it's possible. | |
d7d99872 ED |
378 | * |
379 | * Note that a combination of pre_exit() and exit() can | |
380 | * be used, since a synchronize_rcu() is guaranteed between | |
381 | * the calls. | |
6056415d | 382 | */ |
5f256bec | 383 | int (*init)(struct net *net); |
d7d99872 | 384 | void (*pre_exit)(struct net *net); |
5f256bec | 385 | void (*exit)(struct net *net); |
72ad937a | 386 | void (*exit_batch)(struct list_head *net_exit_list); |
c7d03a00 | 387 | unsigned int *id; |
f875bae0 | 388 | size_t size; |
5f256bec EB |
389 | }; |
390 | ||
17edde52 EB |
391 | /* |
392 | * Use these carefully. If you implement a network device and it | |
393 | * needs per network namespace operations use device pernet operations, | |
394 | * otherwise use pernet subsys operations. | |
395 | * | |
4edf547b JB |
396 | * Network interfaces need to be removed from a dying netns _before_ |
397 | * subsys notifiers can be called, as most of the network code cleanup | |
398 | * (which is done from subsys notifiers) runs with the assumption that | |
399 | * dev_remove_pack has been called so no new packets will arrive during | |
400 | * and after the cleanup functions have been called. dev_remove_pack | |
401 | * is not per namespace so instead the guarantee of no more packets | |
402 | * arriving in a network namespace is provided by ensuring that all | |
403 | * network devices and all sockets have left the network namespace | |
404 | * before the cleanup methods are called. | |
17edde52 EB |
405 | * |
406 | * For the longest time the ipv4 icmp code was registered as a pernet | |
407 | * device which caused kernel oops, and panics during network | |
408 | * namespace cleanup. So please don't get this wrong. | |
409 | */ | |
e67e16ea JP |
410 | int register_pernet_subsys(struct pernet_operations *); |
411 | void unregister_pernet_subsys(struct pernet_operations *); | |
412 | int register_pernet_device(struct pernet_operations *); | |
413 | void unregister_pernet_device(struct pernet_operations *); | |
f875bae0 | 414 | |
95bdfccb EB |
415 | struct ctl_table; |
416 | struct ctl_table_header; | |
d62c612e | 417 | |
2ca794e5 | 418 | #ifdef CONFIG_SYSCTL |
e67e16ea JP |
419 | int net_sysctl_init(void); |
420 | struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, | |
421 | struct ctl_table *table); | |
422 | void unregister_net_sysctl_table(struct ctl_table_header *header); | |
48c74958 EB |
423 | #else |
424 | static inline int net_sysctl_init(void) { return 0; } | |
425 | static inline struct ctl_table_header *register_net_sysctl(struct net *net, | |
426 | const char *path, struct ctl_table *table) | |
427 | { | |
428 | return NULL; | |
429 | } | |
430 | static inline void unregister_net_sysctl_table(struct ctl_table_header *header) | |
431 | { | |
432 | } | |
433 | #endif | |
434 | ||
56f200c7 | 435 | static inline int rt_genid_ipv4(const struct net *net) |
b42664f8 | 436 | { |
ca4c3fc2 | 437 | return atomic_read(&net->ipv4.rt_genid); |
b42664f8 ND |
438 | } |
439 | ||
8f34e53b DA |
440 | #if IS_ENABLED(CONFIG_IPV6) |
441 | static inline int rt_genid_ipv6(const struct net *net) | |
442 | { | |
443 | return atomic_read(&net->ipv6.fib6_sernum); | |
444 | } | |
445 | #endif | |
446 | ||
ca4c3fc2 | 447 | static inline void rt_genid_bump_ipv4(struct net *net) |
b42664f8 | 448 | { |
ca4c3fc2 | 449 | atomic_inc(&net->ipv4.rt_genid); |
450 | } | |
451 | ||
705f1c86 | 452 | extern void (*__fib6_flush_trees)(struct net *net); |
ca4c3fc2 | 453 | static inline void rt_genid_bump_ipv6(struct net *net) |
454 | { | |
705f1c86 HFS |
455 | if (__fib6_flush_trees) |
456 | __fib6_flush_trees(net); | |
ca4c3fc2 | 457 | } |
ca4c3fc2 | 458 | |
599018a7 LR |
459 | #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) |
460 | static inline struct netns_ieee802154_lowpan * | |
461 | net_ieee802154_lowpan(struct net *net) | |
462 | { | |
463 | return &net->ieee802154_lowpan; | |
464 | } | |
599018a7 LR |
465 | #endif |
466 | ||
ca4c3fc2 | 467 | /* For callers who don't really care about whether it's IPv4 or IPv6 */ |
468 | static inline void rt_genid_bump_all(struct net *net) | |
469 | { | |
470 | rt_genid_bump_ipv4(net); | |
471 | rt_genid_bump_ipv6(net); | |
b42664f8 | 472 | } |
95bdfccb | 473 | |
56f200c7 | 474 | static inline int fnhe_genid(const struct net *net) |
5aad1de5 TT |
475 | { |
476 | return atomic_read(&net->fnhe_genid); | |
477 | } | |
478 | ||
479 | static inline void fnhe_genid_bump(struct net *net) | |
480 | { | |
481 | atomic_inc(&net->fnhe_genid); | |
482 | } | |
483 | ||
5f256bec | 484 | #endif /* __NET_NET_NAMESPACE_H */ |