1/* 2 * Operations on the network namespace 3 */ 4#ifndef __NET_NET_NAMESPACE_H 5#define __NET_NET_NAMESPACE_H 6 7#include <linux/atomic.h> 8#include <linux/workqueue.h> 9#include <linux/list.h> 10#include <linux/sysctl.h> 11 12#include <net/flow.h> 13#include <net/netns/core.h> 14#include <net/netns/mib.h> 15#include <net/netns/unix.h> 16#include <net/netns/packet.h> 17#include <net/netns/ipv4.h> 18#include <net/netns/ipv6.h> 19#include <net/netns/ieee802154_6lowpan.h> 20#include <net/netns/sctp.h> 21#include <net/netns/dccp.h> 22#include <net/netns/netfilter.h> 23#include <net/netns/x_tables.h> 24#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 25#include <net/netns/conntrack.h> 26#endif 27#include <net/netns/nftables.h> 28#include <net/netns/xfrm.h> 29#include <net/netns/mpls.h> 30#include <linux/ns_common.h> 31#include <linux/idr.h> 32#include <linux/skbuff.h> 33 34struct user_namespace; 35struct proc_dir_entry; 36struct net_device; 37struct sock; 38struct ctl_table_header; 39struct net_generic; 40struct sock; 41struct netns_ipvs; 42 43 44#define NETDEV_HASHBITS 8 45#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) 46 47struct net { 48 atomic_t passive; /* To decided when the network 49 * namespace should be freed. 50 */ 51 atomic_t count; /* To decided when the network 52 * namespace should be shut down. 53 */ 54 spinlock_t rules_mod_lock; 55 56 atomic64_t cookie_gen; 57 58 struct list_head list; /* list of network namespaces */ 59 struct list_head cleanup_list; /* namespaces on death row */ 60 struct list_head exit_list; /* Use only net_mutex */ 61 62 struct user_namespace *user_ns; /* Owning user namespace */ 63 spinlock_t nsid_lock; 64 struct idr netns_ids; 65 66 struct ns_common ns; 67 68 struct proc_dir_entry *proc_net; 69 struct proc_dir_entry *proc_net_stat; 70 71#ifdef CONFIG_SYSCTL 72 struct ctl_table_set sysctls; 73#endif 74 75 struct sock *rtnl; /* rtnetlink socket */ 76 struct sock *genl_sock; 77 78 struct list_head dev_base_head; 79 struct hlist_head *dev_name_head; 80 struct hlist_head *dev_index_head; 81 unsigned int dev_base_seq; /* protected by rtnl_mutex */ 82 int ifindex; 83 unsigned int dev_unreg_count; 84 85 /* core fib_rules */ 86 struct list_head rules_ops; 87 88 89 struct net_device *loopback_dev; /* The loopback */ 90 struct netns_core core; 91 struct netns_mib mib; 92 struct netns_packet packet; 93 struct netns_unix unx; 94 struct netns_ipv4 ipv4; 95#if IS_ENABLED(CONFIG_IPV6) 96 struct netns_ipv6 ipv6; 97#endif 98#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 99 struct netns_ieee802154_lowpan ieee802154_lowpan; 100#endif 101#if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) 102 struct netns_sctp sctp; 103#endif 104#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) 105 struct netns_dccp dccp; 106#endif 107#ifdef CONFIG_NETFILTER 108 struct netns_nf nf; 109 struct netns_xt xt; 110#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 111 struct netns_ct ct; 112#endif 113#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE) 114 struct netns_nftables nft; 115#endif 116#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) 117 struct netns_nf_frag nf_frag; 118#endif 119 struct sock *nfnl; 120 struct sock *nfnl_stash; 121#if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT) 122 struct list_head nfnl_acct_list; 123#endif 124#endif 125#ifdef CONFIG_WEXT_CORE 126 struct sk_buff_head wext_nlevents; 127#endif 128 struct net_generic __rcu *gen; 129 130 /* Note : following structs are cache line aligned */ 131#ifdef CONFIG_XFRM 132 struct netns_xfrm xfrm; 133#endif 134#if IS_ENABLED(CONFIG_IP_VS) 135 struct netns_ipvs *ipvs; 136#endif 137#if IS_ENABLED(CONFIG_MPLS) 138 struct netns_mpls mpls; 139#endif 140 struct sock *diag_nlsk; 141 atomic_t fnhe_genid; 142}; 143 144#include <linux/seq_file_net.h> 145 146/* Init's network namespace */ 147extern struct net init_net; 148 149#ifdef CONFIG_NET_NS 150struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns, 151 struct net *old_net); 152 153#else /* CONFIG_NET_NS */ 154#include <linux/sched.h> 155#include <linux/nsproxy.h> 156static inline struct net *copy_net_ns(unsigned long flags, 157 struct user_namespace *user_ns, struct net *old_net) 158{ 159 if (flags & CLONE_NEWNET) 160 return ERR_PTR(-EINVAL); 161 return old_net; 162} 163#endif /* CONFIG_NET_NS */ 164 165 166extern struct list_head net_namespace_list; 167 168struct net *get_net_ns_by_pid(pid_t pid); 169struct net *get_net_ns_by_fd(int pid); 170 171#ifdef CONFIG_SYSCTL 172void ipx_register_sysctl(void); 173void ipx_unregister_sysctl(void); 174#else 175#define ipx_register_sysctl() 176#define ipx_unregister_sysctl() 177#endif 178 179#ifdef CONFIG_NET_NS 180void __put_net(struct net *net); 181 182static inline struct net *get_net(struct net *net) 183{ 184 atomic_inc(&net->count); 185 return net; 186} 187 188static inline struct net *maybe_get_net(struct net *net) 189{ 190 /* Used when we know struct net exists but we 191 * aren't guaranteed a previous reference count 192 * exists. If the reference count is zero this 193 * function fails and returns NULL. 194 */ 195 if (!atomic_inc_not_zero(&net->count)) 196 net = NULL; 197 return net; 198} 199 200static inline void put_net(struct net *net) 201{ 202 if (atomic_dec_and_test(&net->count)) 203 __put_net(net); 204} 205 206static inline 207int net_eq(const struct net *net1, const struct net *net2) 208{ 209 return net1 == net2; 210} 211 212void net_drop_ns(void *); 213 214#else 215 216static inline struct net *get_net(struct net *net) 217{ 218 return net; 219} 220 221static inline void put_net(struct net *net) 222{ 223} 224 225static inline struct net *maybe_get_net(struct net *net) 226{ 227 return net; 228} 229 230static inline 231int net_eq(const struct net *net1, const struct net *net2) 232{ 233 return 1; 234} 235 236#define net_drop_ns NULL 237#endif 238 239 240typedef struct { 241#ifdef CONFIG_NET_NS 242 struct net *net; 243#endif 244} possible_net_t; 245 246static inline void write_pnet(possible_net_t *pnet, struct net *net) 247{ 248#ifdef CONFIG_NET_NS 249 pnet->net = net; 250#endif 251} 252 253static inline struct net *read_pnet(const possible_net_t *pnet) 254{ 255#ifdef CONFIG_NET_NS 256 return pnet->net; 257#else 258 return &init_net; 259#endif 260} 261 262#define for_each_net(VAR) \ 263 list_for_each_entry(VAR, &net_namespace_list, list) 264 265#define for_each_net_rcu(VAR) \ 266 list_for_each_entry_rcu(VAR, &net_namespace_list, list) 267 268#ifdef CONFIG_NET_NS 269#define __net_init 270#define __net_exit 271#define __net_initdata 272#define __net_initconst 273#else 274#define __net_init __init 275#define __net_exit __exit_refok 276#define __net_initdata __initdata 277#define __net_initconst __initconst 278#endif 279 280int peernet2id_alloc(struct net *net, struct net *peer); 281int peernet2id(struct net *net, struct net *peer); 282bool peernet_has_id(struct net *net, struct net *peer); 283struct net *get_net_ns_by_id(struct net *net, int id); 284 285struct pernet_operations { 286 struct list_head list; 287 int (*init)(struct net *net); 288 void (*exit)(struct net *net); 289 void (*exit_batch)(struct list_head *net_exit_list); 290 int *id; 291 size_t size; 292}; 293 294/* 295 * Use these carefully. If you implement a network device and it 296 * needs per network namespace operations use device pernet operations, 297 * otherwise use pernet subsys operations. 298 * 299 * Network interfaces need to be removed from a dying netns _before_ 300 * subsys notifiers can be called, as most of the network code cleanup 301 * (which is done from subsys notifiers) runs with the assumption that 302 * dev_remove_pack has been called so no new packets will arrive during 303 * and after the cleanup functions have been called. dev_remove_pack 304 * is not per namespace so instead the guarantee of no more packets 305 * arriving in a network namespace is provided by ensuring that all 306 * network devices and all sockets have left the network namespace 307 * before the cleanup methods are called. 308 * 309 * For the longest time the ipv4 icmp code was registered as a pernet 310 * device which caused kernel oops, and panics during network 311 * namespace cleanup. So please don't get this wrong. 312 */ 313int register_pernet_subsys(struct pernet_operations *); 314void unregister_pernet_subsys(struct pernet_operations *); 315int register_pernet_device(struct pernet_operations *); 316void unregister_pernet_device(struct pernet_operations *); 317 318struct ctl_table; 319struct ctl_table_header; 320 321#ifdef CONFIG_SYSCTL 322int net_sysctl_init(void); 323struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, 324 struct ctl_table *table); 325void unregister_net_sysctl_table(struct ctl_table_header *header); 326#else 327static inline int net_sysctl_init(void) { return 0; } 328static inline struct ctl_table_header *register_net_sysctl(struct net *net, 329 const char *path, struct ctl_table *table) 330{ 331 return NULL; 332} 333static inline void unregister_net_sysctl_table(struct ctl_table_header *header) 334{ 335} 336#endif 337 338static inline int rt_genid_ipv4(struct net *net) 339{ 340 return atomic_read(&net->ipv4.rt_genid); 341} 342 343static inline void rt_genid_bump_ipv4(struct net *net) 344{ 345 atomic_inc(&net->ipv4.rt_genid); 346} 347 348extern void (*__fib6_flush_trees)(struct net *net); 349static inline void rt_genid_bump_ipv6(struct net *net) 350{ 351 if (__fib6_flush_trees) 352 __fib6_flush_trees(net); 353} 354 355#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 356static inline struct netns_ieee802154_lowpan * 357net_ieee802154_lowpan(struct net *net) 358{ 359 return &net->ieee802154_lowpan; 360} 361#endif 362 363/* For callers who don't really care about whether it's IPv4 or IPv6 */ 364static inline void rt_genid_bump_all(struct net *net) 365{ 366 rt_genid_bump_ipv4(net); 367 rt_genid_bump_ipv6(net); 368} 369 370static inline int fnhe_genid(struct net *net) 371{ 372 return atomic_read(&net->fnhe_genid); 373} 374 375static inline void fnhe_genid_bump(struct net *net) 376{ 377 atomic_inc(&net->fnhe_genid); 378} 379 380#endif /* __NET_NET_NAMESPACE_H */ 381