1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Operations on the network namespace 4 */ 5 #ifndef __NET_NET_NAMESPACE_H 6 #define __NET_NET_NAMESPACE_H 7 8 #include <linux/atomic.h> 9 #include <linux/refcount.h> 10 #include <linux/workqueue.h> 11 #include <linux/list.h> 12 #include <linux/sysctl.h> 13 14 #include <net/flow.h> 15 #include <net/netns/core.h> 16 #include <net/netns/mib.h> 17 #include <net/netns/unix.h> 18 #include <net/netns/packet.h> 19 #include <net/netns/ipv4.h> 20 #include <net/netns/ipv6.h> 21 #include <net/netns/ieee802154_6lowpan.h> 22 #include <net/netns/sctp.h> 23 #include <net/netns/dccp.h> 24 #include <net/netns/netfilter.h> 25 #include <net/netns/x_tables.h> 26 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 27 #include <net/netns/conntrack.h> 28 #endif 29 #include <net/netns/nftables.h> 30 #include <net/netns/xfrm.h> 31 #include <net/netns/mpls.h> 32 #include <net/netns/can.h> 33 #include <linux/ns_common.h> 34 #include <linux/idr.h> 35 #include <linux/skbuff.h> 36 37 struct user_namespace; 38 struct proc_dir_entry; 39 struct net_device; 40 struct sock; 41 struct ctl_table_header; 42 struct net_generic; 43 struct sock; 44 struct netns_ipvs; 45 46 47 #define NETDEV_HASHBITS 8 48 #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) 49 50 struct net { 51 refcount_t passive; /* To decided when the network 52 * namespace should be freed. 53 */ 54 refcount_t count; /* To decided when the network 55 * namespace should be shut down. 56 */ 57 spinlock_t rules_mod_lock; 58 59 atomic64_t cookie_gen; 60 61 struct list_head list; /* list of network namespaces */ 62 struct list_head cleanup_list; /* namespaces on death row */ 63 struct list_head exit_list; /* To linked to call pernet exit 64 * methods on dead net (net_sem 65 * read locked), or to unregister 66 * pernet ops (net_sem wr locked). 67 */ 68 struct user_namespace *user_ns; /* Owning user namespace */ 69 struct ucounts *ucounts; 70 spinlock_t nsid_lock; 71 struct idr netns_ids; 72 73 struct ns_common ns; 74 75 struct proc_dir_entry *proc_net; 76 struct proc_dir_entry *proc_net_stat; 77 78 #ifdef CONFIG_SYSCTL 79 struct ctl_table_set sysctls; 80 #endif 81 82 struct sock *rtnl; /* rtnetlink socket */ 83 struct sock *genl_sock; 84 85 struct list_head dev_base_head; 86 struct hlist_head *dev_name_head; 87 struct hlist_head *dev_index_head; 88 unsigned int dev_base_seq; /* protected by rtnl_mutex */ 89 int ifindex; 90 unsigned int dev_unreg_count; 91 92 /* core fib_rules */ 93 struct list_head rules_ops; 94 95 struct list_head fib_notifier_ops; /* protected by net_sem */ 96 97 struct net_device *loopback_dev; /* The loopback */ 98 struct netns_core core; 99 struct netns_mib mib; 100 struct netns_packet packet; 101 struct netns_unix unx; 102 struct netns_ipv4 ipv4; 103 #if IS_ENABLED(CONFIG_IPV6) 104 struct netns_ipv6 ipv6; 105 #endif 106 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 107 struct netns_ieee802154_lowpan ieee802154_lowpan; 108 #endif 109 #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) 110 struct netns_sctp sctp; 111 #endif 112 #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) 113 struct netns_dccp dccp; 114 #endif 115 #ifdef CONFIG_NETFILTER 116 struct netns_nf nf; 117 struct netns_xt xt; 118 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 119 struct netns_ct ct; 120 #endif 121 #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE) 122 struct netns_nftables nft; 123 #endif 124 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) 125 struct netns_nf_frag nf_frag; 126 #endif 127 struct sock *nfnl; 128 struct sock *nfnl_stash; 129 #if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT) 130 struct list_head nfnl_acct_list; 131 #endif 132 #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 133 struct list_head nfct_timeout_list; 134 #endif 135 #endif 136 #ifdef CONFIG_WEXT_CORE 137 struct sk_buff_head wext_nlevents; 138 #endif 139 struct net_generic __rcu *gen; 140 141 /* Note : following structs are cache line aligned */ 142 #ifdef CONFIG_XFRM 143 struct netns_xfrm xfrm; 144 #endif 145 #if IS_ENABLED(CONFIG_IP_VS) 146 struct netns_ipvs *ipvs; 147 #endif 148 #if IS_ENABLED(CONFIG_MPLS) 149 struct netns_mpls mpls; 150 #endif 151 #if IS_ENABLED(CONFIG_CAN) 152 struct netns_can can; 153 #endif 154 struct sock *diag_nlsk; 155 atomic_t fnhe_genid; 156 } __randomize_layout; 157 158 #include <linux/seq_file_net.h> 159 160 /* Init's network namespace */ 161 extern struct net init_net; 162 163 #ifdef CONFIG_NET_NS 164 struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns, 165 struct net *old_net); 166 167 void net_ns_barrier(void); 168 #else /* CONFIG_NET_NS */ 169 #include <linux/sched.h> 170 #include <linux/nsproxy.h> 171 static inline struct net *copy_net_ns(unsigned long flags, 172 struct user_namespace *user_ns, struct net *old_net) 173 { 174 if (flags & CLONE_NEWNET) 175 return ERR_PTR(-EINVAL); 176 return old_net; 177 } 178 179 static inline void net_ns_barrier(void) {} 180 #endif /* CONFIG_NET_NS */ 181 182 183 extern struct list_head net_namespace_list; 184 185 struct net *get_net_ns_by_pid(pid_t pid); 186 struct net *get_net_ns_by_fd(int fd); 187 188 #ifdef CONFIG_SYSCTL 189 void ipx_register_sysctl(void); 190 void ipx_unregister_sysctl(void); 191 #else 192 #define ipx_register_sysctl() 193 #define ipx_unregister_sysctl() 194 #endif 195 196 #ifdef CONFIG_NET_NS 197 void __put_net(struct net *net); 198 199 static inline struct net *get_net(struct net *net) 200 { 201 refcount_inc(&net->count); 202 return net; 203 } 204 205 static inline struct net *maybe_get_net(struct net *net) 206 { 207 /* Used when we know struct net exists but we 208 * aren't guaranteed a previous reference count 209 * exists. If the reference count is zero this 210 * function fails and returns NULL. 211 */ 212 if (!refcount_inc_not_zero(&net->count)) 213 net = NULL; 214 return net; 215 } 216 217 static inline void put_net(struct net *net) 218 { 219 if (refcount_dec_and_test(&net->count)) 220 __put_net(net); 221 } 222 223 static inline 224 int net_eq(const struct net *net1, const struct net *net2) 225 { 226 return net1 == net2; 227 } 228 229 static inline int check_net(const struct net *net) 230 { 231 return refcount_read(&net->count) != 0; 232 } 233 234 void net_drop_ns(void *); 235 236 #else 237 238 static inline struct net *get_net(struct net *net) 239 { 240 return net; 241 } 242 243 static inline void put_net(struct net *net) 244 { 245 } 246 247 static inline struct net *maybe_get_net(struct net *net) 248 { 249 return net; 250 } 251 252 static inline 253 int net_eq(const struct net *net1, const struct net *net2) 254 { 255 return 1; 256 } 257 258 static inline int check_net(const struct net *net) 259 { 260 return 1; 261 } 262 263 #define net_drop_ns NULL 264 #endif 265 266 267 typedef struct { 268 #ifdef CONFIG_NET_NS 269 struct net *net; 270 #endif 271 } possible_net_t; 272 273 static inline void write_pnet(possible_net_t *pnet, struct net *net) 274 { 275 #ifdef CONFIG_NET_NS 276 pnet->net = net; 277 #endif 278 } 279 280 static inline struct net *read_pnet(const possible_net_t *pnet) 281 { 282 #ifdef CONFIG_NET_NS 283 return pnet->net; 284 #else 285 return &init_net; 286 #endif 287 } 288 289 #define for_each_net(VAR) \ 290 list_for_each_entry(VAR, &net_namespace_list, list) 291 292 #define for_each_net_rcu(VAR) \ 293 list_for_each_entry_rcu(VAR, &net_namespace_list, list) 294 295 #ifdef CONFIG_NET_NS 296 #define __net_init 297 #define __net_exit 298 #define __net_initdata 299 #define __net_initconst 300 #else 301 #define __net_init __init 302 #define __net_exit __ref 303 #define __net_initdata __initdata 304 #define __net_initconst __initconst 305 #endif 306 307 int peernet2id_alloc(struct net *net, struct net *peer); 308 int peernet2id(struct net *net, struct net *peer); 309 bool peernet_has_id(struct net *net, struct net *peer); 310 struct net *get_net_ns_by_id(struct net *net, int id); 311 312 struct pernet_operations { 313 struct list_head list; 314 int (*init)(struct net *net); 315 void (*exit)(struct net *net); 316 void (*exit_batch)(struct list_head *net_exit_list); 317 unsigned int *id; 318 size_t size; 319 /* 320 * Indicates above methods are allowed to be executed in parallel 321 * with methods of any other pernet_operations, i.e. they are not 322 * need write locked net_sem. 323 */ 324 bool async; 325 }; 326 327 /* 328 * Use these carefully. If you implement a network device and it 329 * needs per network namespace operations use device pernet operations, 330 * otherwise use pernet subsys operations. 331 * 332 * Network interfaces need to be removed from a dying netns _before_ 333 * subsys notifiers can be called, as most of the network code cleanup 334 * (which is done from subsys notifiers) runs with the assumption that 335 * dev_remove_pack has been called so no new packets will arrive during 336 * and after the cleanup functions have been called. dev_remove_pack 337 * is not per namespace so instead the guarantee of no more packets 338 * arriving in a network namespace is provided by ensuring that all 339 * network devices and all sockets have left the network namespace 340 * before the cleanup methods are called. 341 * 342 * For the longest time the ipv4 icmp code was registered as a pernet 343 * device which caused kernel oops, and panics during network 344 * namespace cleanup. So please don't get this wrong. 345 */ 346 int register_pernet_subsys(struct pernet_operations *); 347 void unregister_pernet_subsys(struct pernet_operations *); 348 int register_pernet_device(struct pernet_operations *); 349 void unregister_pernet_device(struct pernet_operations *); 350 351 struct ctl_table; 352 struct ctl_table_header; 353 354 #ifdef CONFIG_SYSCTL 355 int net_sysctl_init(void); 356 struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, 357 struct ctl_table *table); 358 void unregister_net_sysctl_table(struct ctl_table_header *header); 359 #else 360 static inline int net_sysctl_init(void) { return 0; } 361 static inline struct ctl_table_header *register_net_sysctl(struct net *net, 362 const char *path, struct ctl_table *table) 363 { 364 return NULL; 365 } 366 static inline void unregister_net_sysctl_table(struct ctl_table_header *header) 367 { 368 } 369 #endif 370 371 static inline int rt_genid_ipv4(struct net *net) 372 { 373 return atomic_read(&net->ipv4.rt_genid); 374 } 375 376 static inline void rt_genid_bump_ipv4(struct net *net) 377 { 378 atomic_inc(&net->ipv4.rt_genid); 379 } 380 381 extern void (*__fib6_flush_trees)(struct net *net); 382 static inline void rt_genid_bump_ipv6(struct net *net) 383 { 384 if (__fib6_flush_trees) 385 __fib6_flush_trees(net); 386 } 387 388 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 389 static inline struct netns_ieee802154_lowpan * 390 net_ieee802154_lowpan(struct net *net) 391 { 392 return &net->ieee802154_lowpan; 393 } 394 #endif 395 396 /* For callers who don't really care about whether it's IPv4 or IPv6 */ 397 static inline void rt_genid_bump_all(struct net *net) 398 { 399 rt_genid_bump_ipv4(net); 400 rt_genid_bump_ipv6(net); 401 } 402 403 static inline int fnhe_genid(struct net *net) 404 { 405 return atomic_read(&net->fnhe_genid); 406 } 407 408 static inline void fnhe_genid_bump(struct net *net) 409 { 410 atomic_inc(&net->fnhe_genid); 411 } 412 413 #endif /* __NET_NET_NAMESPACE_H */ 414