Line data Source code
1 : /* SPDX-License-Identifier: GPL-2.0 */
2 : /*
3 : * Operations on the network namespace
4 : */
5 : #ifndef __NET_NET_NAMESPACE_H
6 : #define __NET_NET_NAMESPACE_H
7 :
8 : #include <linux/atomic.h>
9 : #include <linux/refcount.h>
10 : #include <linux/workqueue.h>
11 : #include <linux/list.h>
12 : #include <linux/sysctl.h>
13 : #include <linux/uidgid.h>
14 :
15 : #include <net/flow.h>
16 : #include <net/netns/core.h>
17 : #include <net/netns/mib.h>
18 : #include <net/netns/unix.h>
19 : #include <net/netns/packet.h>
20 : #include <net/netns/ipv4.h>
21 : #include <net/netns/ipv6.h>
22 : #include <net/netns/nexthop.h>
23 : #include <net/netns/ieee802154_6lowpan.h>
24 : #include <net/netns/sctp.h>
25 : #include <net/netns/dccp.h>
26 : #include <net/netns/netfilter.h>
27 : #include <net/netns/x_tables.h>
28 : #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
29 : #include <net/netns/conntrack.h>
30 : #endif
31 : #include <net/netns/nftables.h>
32 : #include <net/netns/xfrm.h>
33 : #include <net/netns/mpls.h>
34 : #include <net/netns/can.h>
35 : #include <net/netns/xdp.h>
36 : #include <net/netns/bpf.h>
37 : #include <linux/ns_common.h>
38 : #include <linux/idr.h>
39 : #include <linux/skbuff.h>
40 : #include <linux/notifier.h>
41 :
42 : struct user_namespace;
43 : struct proc_dir_entry;
44 : struct net_device;
45 : struct sock;
46 : struct ctl_table_header;
47 : struct net_generic;
48 : struct uevent_sock;
49 : struct netns_ipvs;
50 : struct bpf_prog;
51 :
52 :
53 : #define NETDEV_HASHBITS 8
54 : #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
55 :
56 : struct net {
57 : /* First cache line can be often dirtied.
58 : * Do not place here read-mostly fields.
59 : */
60 : refcount_t passive; /* To decide when the network
61 : * namespace should be freed.
62 : */
63 : spinlock_t rules_mod_lock;
64 :
65 : unsigned int dev_unreg_count;
66 :
67 : unsigned int dev_base_seq; /* protected by rtnl_mutex */
68 : int ifindex;
69 :
70 : spinlock_t nsid_lock;
71 : atomic_t fnhe_genid;
72 :
73 : struct list_head list; /* list of network namespaces */
74 : struct list_head exit_list; /* To linked to call pernet exit
75 : * methods on dead net (
76 : * pernet_ops_rwsem read locked),
77 : * or to unregister pernet ops
78 : * (pernet_ops_rwsem write locked).
79 : */
80 : struct llist_node cleanup_list; /* namespaces on death row */
81 :
82 : #ifdef CONFIG_KEYS
83 : struct key_tag *key_domain; /* Key domain of operation tag */
84 : #endif
85 : struct user_namespace *user_ns; /* Owning user namespace */
86 : struct ucounts *ucounts;
87 : struct idr netns_ids;
88 :
89 : struct ns_common ns;
90 :
91 : struct list_head dev_base_head;
92 : struct proc_dir_entry *proc_net;
93 : struct proc_dir_entry *proc_net_stat;
94 :
95 : #ifdef CONFIG_SYSCTL
96 : struct ctl_table_set sysctls;
97 : #endif
98 :
99 : struct sock *rtnl; /* rtnetlink socket */
100 : struct sock *genl_sock;
101 :
102 : struct uevent_sock *uevent_sock; /* uevent socket */
103 :
104 : struct hlist_head *dev_name_head;
105 : struct hlist_head *dev_index_head;
106 : struct raw_notifier_head netdev_chain;
107 :
108 : /* Note that @hash_mix can be read millions times per second,
109 : * it is critical that it is on a read_mostly cache line.
110 : */
111 : u32 hash_mix;
112 :
113 : struct net_device *loopback_dev; /* The loopback */
114 :
115 : /* core fib_rules */
116 : struct list_head rules_ops;
117 :
118 : struct netns_core core;
119 : struct netns_mib mib;
120 : struct netns_packet packet;
121 : struct netns_unix unx;
122 : struct netns_nexthop nexthop;
123 : struct netns_ipv4 ipv4;
124 : #if IS_ENABLED(CONFIG_IPV6)
125 : struct netns_ipv6 ipv6;
126 : #endif
127 : #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
128 : struct netns_ieee802154_lowpan ieee802154_lowpan;
129 : #endif
130 : #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE)
131 : struct netns_sctp sctp;
132 : #endif
133 : #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
134 : struct netns_dccp dccp;
135 : #endif
136 : #ifdef CONFIG_NETFILTER
137 : struct netns_nf nf;
138 : struct netns_xt xt;
139 : #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
140 : struct netns_ct ct;
141 : #endif
142 : #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
143 : struct netns_nftables nft;
144 : #endif
145 : #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
146 : struct netns_nf_frag nf_frag;
147 : struct ctl_table_header *nf_frag_frags_hdr;
148 : #endif
149 : struct sock *nfnl;
150 : struct sock *nfnl_stash;
151 : #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
152 : struct list_head nfct_timeout_list;
153 : #endif
154 : #endif
155 : #ifdef CONFIG_WEXT_CORE
156 : struct sk_buff_head wext_nlevents;
157 : #endif
158 : struct net_generic __rcu *gen;
159 :
160 : /* Used to store attached BPF programs */
161 : struct netns_bpf bpf;
162 :
163 : /* Note : following structs are cache line aligned */
164 : #ifdef CONFIG_XFRM
165 : struct netns_xfrm xfrm;
166 : #endif
167 :
168 : u64 net_cookie; /* written once */
169 :
170 : #if IS_ENABLED(CONFIG_IP_VS)
171 : struct netns_ipvs *ipvs;
172 : #endif
173 : #if IS_ENABLED(CONFIG_MPLS)
174 : struct netns_mpls mpls;
175 : #endif
176 : #if IS_ENABLED(CONFIG_CAN)
177 : struct netns_can can;
178 : #endif
179 : #ifdef CONFIG_XDP_SOCKETS
180 : struct netns_xdp xdp;
181 : #endif
182 : #if IS_ENABLED(CONFIG_CRYPTO_USER)
183 : struct sock *crypto_nlsk;
184 : #endif
185 : struct sock *diag_nlsk;
186 : } __randomize_layout;
187 :
188 : #include <linux/seq_file_net.h>
189 :
190 : /* Init's network namespace */
191 : extern struct net init_net;
192 :
193 : #ifdef CONFIG_NET_NS
194 : struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns,
195 : struct net *old_net);
196 :
197 : void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid);
198 :
199 : void net_ns_barrier(void);
200 : #else /* CONFIG_NET_NS */
201 : #include <linux/sched.h>
202 : #include <linux/nsproxy.h>
203 50 : static inline struct net *copy_net_ns(unsigned long flags,
204 : struct user_namespace *user_ns, struct net *old_net)
205 : {
206 50 : if (flags & CLONE_NEWNET)
207 0 : return ERR_PTR(-EINVAL);
208 : return old_net;
209 : }
210 :
211 21 : static inline void net_ns_get_ownership(const struct net *net,
212 : kuid_t *uid, kgid_t *gid)
213 : {
214 21 : *uid = GLOBAL_ROOT_UID;
215 21 : *gid = GLOBAL_ROOT_GID;
216 : }
217 :
218 : static inline void net_ns_barrier(void) {}
219 : #endif /* CONFIG_NET_NS */
220 :
221 :
222 : extern struct list_head net_namespace_list;
223 :
224 : struct net *get_net_ns_by_pid(pid_t pid);
225 : struct net *get_net_ns_by_fd(int fd);
226 :
227 : #ifdef CONFIG_SYSCTL
228 : void ipx_register_sysctl(void);
229 : void ipx_unregister_sysctl(void);
230 : #else
231 : #define ipx_register_sysctl()
232 : #define ipx_unregister_sysctl()
233 : #endif
234 :
235 : #ifdef CONFIG_NET_NS
236 : void __put_net(struct net *net);
237 :
238 : static inline struct net *get_net(struct net *net)
239 : {
240 : refcount_inc(&net->ns.count);
241 : return net;
242 : }
243 :
244 : static inline struct net *maybe_get_net(struct net *net)
245 : {
246 : /* Used when we know struct net exists but we
247 : * aren't guaranteed a previous reference count
248 : * exists. If the reference count is zero this
249 : * function fails and returns NULL.
250 : */
251 : if (!refcount_inc_not_zero(&net->ns.count))
252 : net = NULL;
253 : return net;
254 : }
255 :
256 : static inline void put_net(struct net *net)
257 : {
258 : if (refcount_dec_and_test(&net->ns.count))
259 : __put_net(net);
260 : }
261 :
262 : static inline
263 : int net_eq(const struct net *net1, const struct net *net2)
264 : {
265 : return net1 == net2;
266 : }
267 :
268 : static inline int check_net(const struct net *net)
269 : {
270 : return refcount_read(&net->ns.count) != 0;
271 : }
272 :
273 : void net_drop_ns(void *);
274 :
275 : #else
276 :
277 977 : static inline struct net *get_net(struct net *net)
278 : {
279 977 : return net;
280 : }
281 :
282 157 : static inline void put_net(struct net *net)
283 : {
284 204 : }
285 :
286 0 : static inline struct net *maybe_get_net(struct net *net)
287 : {
288 0 : return net;
289 : }
290 :
291 : static inline
292 2673 : int net_eq(const struct net *net1, const struct net *net2)
293 : {
294 2256 : return 1;
295 : }
296 :
297 : static inline int check_net(const struct net *net)
298 : {
299 : return 1;
300 : }
301 :
302 : #define net_drop_ns NULL
303 : #endif
304 :
305 :
306 : typedef struct {
307 : #ifdef CONFIG_NET_NS
308 : struct net *net;
309 : #endif
310 : } possible_net_t;
311 :
312 1538 : static inline void write_pnet(possible_net_t *pnet, struct net *net)
313 : {
314 : #ifdef CONFIG_NET_NS
315 : pnet->net = net;
316 : #endif
317 1538 : }
318 :
319 24291 : static inline struct net *read_pnet(const possible_net_t *pnet)
320 : {
321 : #ifdef CONFIG_NET_NS
322 : return pnet->net;
323 : #else
324 22943 : return &init_net;
325 : #endif
326 : }
327 :
328 : /* Protected by net_rwsem */
329 : #define for_each_net(VAR) \
330 : list_for_each_entry(VAR, &net_namespace_list, list)
331 : #define for_each_net_continue_reverse(VAR) \
332 : list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list)
333 : #define for_each_net_rcu(VAR) \
334 : list_for_each_entry_rcu(VAR, &net_namespace_list, list)
335 :
336 : #ifdef CONFIG_NET_NS
337 : #define __net_init
338 : #define __net_exit
339 : #define __net_initdata
340 : #define __net_initconst
341 : #else
342 : #define __net_init __init
343 : #define __net_exit __ref
344 : #define __net_initdata __initdata
345 : #define __net_initconst __initconst
346 : #endif
347 :
348 : int peernet2id_alloc(struct net *net, struct net *peer, gfp_t gfp);
349 : int peernet2id(const struct net *net, struct net *peer);
350 : bool peernet_has_id(const struct net *net, struct net *peer);
351 : struct net *get_net_ns_by_id(const struct net *net, int id);
352 :
353 : struct pernet_operations {
354 : struct list_head list;
355 : /*
356 : * Below methods are called without any exclusive locks.
357 : * More than one net may be constructed and destructed
358 : * in parallel on several cpus. Every pernet_operations
359 : * have to keep in mind all other pernet_operations and
360 : * to introduce a locking, if they share common resources.
361 : *
362 : * The only time they are called with exclusive lock is
363 : * from register_pernet_subsys(), unregister_pernet_subsys()
364 : * register_pernet_device() and unregister_pernet_device().
365 : *
366 : * Exit methods using blocking RCU primitives, such as
367 : * synchronize_rcu(), should be implemented via exit_batch.
368 : * Then, destruction of a group of net requires single
369 : * synchronize_rcu() related to these pernet_operations,
370 : * instead of separate synchronize_rcu() for every net.
371 : * Please, avoid synchronize_rcu() at all, where it's possible.
372 : *
373 : * Note that a combination of pre_exit() and exit() can
374 : * be used, since a synchronize_rcu() is guaranteed between
375 : * the calls.
376 : */
377 : int (*init)(struct net *net);
378 : void (*pre_exit)(struct net *net);
379 : void (*exit)(struct net *net);
380 : void (*exit_batch)(struct list_head *net_exit_list);
381 : unsigned int *id;
382 : size_t size;
383 : };
384 :
385 : /*
386 : * Use these carefully. If you implement a network device and it
387 : * needs per network namespace operations use device pernet operations,
388 : * otherwise use pernet subsys operations.
389 : *
390 : * Network interfaces need to be removed from a dying netns _before_
391 : * subsys notifiers can be called, as most of the network code cleanup
392 : * (which is done from subsys notifiers) runs with the assumption that
393 : * dev_remove_pack has been called so no new packets will arrive during
394 : * and after the cleanup functions have been called. dev_remove_pack
395 : * is not per namespace so instead the guarantee of no more packets
396 : * arriving in a network namespace is provided by ensuring that all
397 : * network devices and all sockets have left the network namespace
398 : * before the cleanup methods are called.
399 : *
400 : * For the longest time the ipv4 icmp code was registered as a pernet
401 : * device which caused kernel oops, and panics during network
402 : * namespace cleanup. So please don't get this wrong.
403 : */
404 : int register_pernet_subsys(struct pernet_operations *);
405 : void unregister_pernet_subsys(struct pernet_operations *);
406 : int register_pernet_device(struct pernet_operations *);
407 : void unregister_pernet_device(struct pernet_operations *);
408 :
409 : struct ctl_table;
410 : struct ctl_table_header;
411 :
412 : #ifdef CONFIG_SYSCTL
413 : int net_sysctl_init(void);
414 : struct ctl_table_header *register_net_sysctl(struct net *net, const char *path,
415 : struct ctl_table *table);
416 : void unregister_net_sysctl_table(struct ctl_table_header *header);
417 : #else
418 : static inline int net_sysctl_init(void) { return 0; }
419 : static inline struct ctl_table_header *register_net_sysctl(struct net *net,
420 : const char *path, struct ctl_table *table)
421 : {
422 : return NULL;
423 : }
424 : static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
425 : {
426 : }
427 : #endif
428 :
429 1308 : static inline int rt_genid_ipv4(const struct net *net)
430 : {
431 1308 : return atomic_read(&net->ipv4.rt_genid);
432 : }
433 :
434 : #if IS_ENABLED(CONFIG_IPV6)
435 : static inline int rt_genid_ipv6(const struct net *net)
436 : {
437 : return atomic_read(&net->ipv6.fib6_sernum);
438 : }
439 : #endif
440 :
441 16 : static inline void rt_genid_bump_ipv4(struct net *net)
442 : {
443 16 : atomic_inc(&net->ipv4.rt_genid);
444 16 : }
445 :
446 : extern void (*__fib6_flush_trees)(struct net *net);
447 : static inline void rt_genid_bump_ipv6(struct net *net)
448 : {
449 : if (__fib6_flush_trees)
450 : __fib6_flush_trees(net);
451 : }
452 :
453 : #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
454 : static inline struct netns_ieee802154_lowpan *
455 : net_ieee802154_lowpan(struct net *net)
456 : {
457 : return &net->ieee802154_lowpan;
458 : }
459 : #endif
460 :
461 : /* For callers who don't really care about whether it's IPv4 or IPv6 */
462 : static inline void rt_genid_bump_all(struct net *net)
463 : {
464 : rt_genid_bump_ipv4(net);
465 : rt_genid_bump_ipv6(net);
466 : }
467 :
468 9 : static inline int fnhe_genid(const struct net *net)
469 : {
470 9 : return atomic_read(&net->fnhe_genid);
471 : }
472 :
473 0 : static inline void fnhe_genid_bump(struct net *net)
474 : {
475 0 : atomic_inc(&net->fnhe_genid);
476 0 : }
477 :
478 : #endif /* __NET_NET_NAMESPACE_H */
|
