15f256becSEric W. Biederman /* 25f256becSEric W. Biederman * Operations on the network namespace 35f256becSEric W. Biederman */ 45f256becSEric W. Biederman #ifndef __NET_NET_NAMESPACE_H 55f256becSEric W. Biederman #define __NET_NET_NAMESPACE_H 65f256becSEric W. Biederman 760063497SArun Sharma #include <linux/atomic.h> 85f256becSEric W. Biederman #include <linux/workqueue.h> 95f256becSEric W. Biederman #include <linux/list.h> 10bee95250SDavid S. Miller #include <linux/sysctl.h> 115f256becSEric W. Biederman 128efa6e93SPavel Emelyanov #include <net/netns/core.h> 13852566f5SPavel Emelyanov #include <net/netns/mib.h> 14a0a53c8bSDenis V. Lunev #include <net/netns/unix.h> 152aaef4e4SDenis V. Lunev #include <net/netns/packet.h> 168afd351cSPavel Emelyanov #include <net/netns/ipv4.h> 17b0f159dbSDaniel Lezcano #include <net/netns/ipv6.h> 184db67e80SEric W. Biederman #include <net/netns/sctp.h> 1967019cc9SPavel Emelyanov #include <net/netns/dccp.h> 20f3c1a44aSGao feng #include <net/netns/netfilter.h> 218d870052SAlexey Dobriyan #include <net/netns/x_tables.h> 22dfdb8d79SAlexey Dobriyan #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 23dfdb8d79SAlexey Dobriyan #include <net/netns/conntrack.h> 24dfdb8d79SAlexey Dobriyan #endif 25d62ddc21SAlexey Dobriyan #include <net/netns/xfrm.h> 26a0a53c8bSDenis V. Lunev 27038e7332SEric W. Biederman struct user_namespace; 28457c4cbcSEric W. Biederman struct proc_dir_entry; 292774c7abSEric W. Biederman struct net_device; 3097c53cacSDenis V. Lunev struct sock; 311597fbc0SPavel Emelyanov struct ctl_table_header; 32dec827d1SPavel Emelyanov struct net_generic; 33134e6375SJohannes Berg struct sock; 342553d064SJulian Anastasov struct netns_ipvs; 351597fbc0SPavel Emelyanov 367c28bd0bSEric Dumazet 377c28bd0bSEric Dumazet #define NETDEV_HASHBITS 8 387c28bd0bSEric Dumazet #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) 397c28bd0bSEric Dumazet 405f256becSEric W. Biederman struct net { 41a685e089SAl Viro atomic_t passive; /* To decided when the network 425f256becSEric W. Biederman * namespace should be freed. 435f256becSEric W. Biederman */ 44a685e089SAl Viro atomic_t count; /* To decided when the network 45a685e089SAl Viro * namespace should be shut down. 46a685e089SAl Viro */ 475d1e4468SDenis V. Lunev #ifdef NETNS_REFCNT_DEBUG 485f256becSEric W. Biederman atomic_t use_count; /* To track references we 495f256becSEric W. Biederman * destroy on demand 505f256becSEric W. Biederman */ 515d1e4468SDenis V. Lunev #endif 528e602ce2SEric Dumazet spinlock_t rules_mod_lock; 538e602ce2SEric Dumazet 545f256becSEric W. Biederman struct list_head list; /* list of network namespaces */ 552b035b39SEric W. Biederman struct list_head cleanup_list; /* namespaces on death row */ 5672ad937aSEric W. Biederman struct list_head exit_list; /* Use only net_mutex */ 57457c4cbcSEric W. Biederman 58038e7332SEric W. Biederman struct user_namespace *user_ns; /* Owning user namespace */ 59038e7332SEric W. Biederman 6098f842e6SEric W. Biederman unsigned int proc_inum; 6198f842e6SEric W. Biederman 62457c4cbcSEric W. Biederman struct proc_dir_entry *proc_net; 63457c4cbcSEric W. Biederman struct proc_dir_entry *proc_net_stat; 64881d966bSEric W. Biederman 6573455092SAl Viro #ifdef CONFIG_SYSCTL 6673455092SAl Viro struct ctl_table_set sysctls; 6773455092SAl Viro #endif 6895bdfccbSEric W. Biederman 698e602ce2SEric Dumazet struct sock *rtnl; /* rtnetlink socket */ 708e602ce2SEric Dumazet struct sock *genl_sock; 712774c7abSEric W. Biederman 72881d966bSEric W. Biederman struct list_head dev_base_head; 73881d966bSEric W. Biederman struct hlist_head *dev_name_head; 74881d966bSEric W. Biederman struct hlist_head *dev_index_head; 754e985adaSThomas Graf unsigned int dev_base_seq; /* protected by rtnl_mutex */ 76aa79e66eSPavel Emelyanov int ifindex; 7797c53cacSDenis V. Lunev 785fd30ee7SDenis V. Lunev /* core fib_rules */ 795fd30ee7SDenis V. Lunev struct list_head rules_ops; 805fd30ee7SDenis V. Lunev 81d12d01d6SDenis V. Lunev 828e602ce2SEric Dumazet struct net_device *loopback_dev; /* The loopback */ 838efa6e93SPavel Emelyanov struct netns_core core; 84852566f5SPavel Emelyanov struct netns_mib mib; 852aaef4e4SDenis V. Lunev struct netns_packet packet; 86a0a53c8bSDenis V. Lunev struct netns_unix unx; 878afd351cSPavel Emelyanov struct netns_ipv4 ipv4; 88dfd56b8bSEric Dumazet #if IS_ENABLED(CONFIG_IPV6) 89b0f159dbSDaniel Lezcano struct netns_ipv6 ipv6; 90b0f159dbSDaniel Lezcano #endif 914db67e80SEric W. Biederman #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) 924db67e80SEric W. Biederman struct netns_sctp sctp; 934db67e80SEric W. Biederman #endif 9467019cc9SPavel Emelyanov #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) 9567019cc9SPavel Emelyanov struct netns_dccp dccp; 9667019cc9SPavel Emelyanov #endif 978d870052SAlexey Dobriyan #ifdef CONFIG_NETFILTER 98f3c1a44aSGao feng struct netns_nf nf; 998d870052SAlexey Dobriyan struct netns_xt xt; 100dfdb8d79SAlexey Dobriyan #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 101dfdb8d79SAlexey Dobriyan struct netns_ct ct; 102dfdb8d79SAlexey Dobriyan #endif 103c038a767SAmerigo Wang #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) 104c038a767SAmerigo Wang struct netns_nf_frag nf_frag; 105c038a767SAmerigo Wang #endif 106cd8c20b6SAlexey Dobriyan struct sock *nfnl; 107cd8c20b6SAlexey Dobriyan struct sock *nfnl_stash; 1088d870052SAlexey Dobriyan #endif 1093d23e349SJohannes Berg #ifdef CONFIG_WEXT_CORE 110b333b3d2SJohannes Berg struct sk_buff_head wext_nlevents; 111b333b3d2SJohannes Berg #endif 1121c87733dSEric Dumazet struct net_generic __rcu *gen; 1138e602ce2SEric Dumazet 1148e602ce2SEric Dumazet /* Note : following structs are cache line aligned */ 1158e602ce2SEric Dumazet #ifdef CONFIG_XFRM 1168e602ce2SEric Dumazet struct netns_xfrm xfrm; 1178e602ce2SEric Dumazet #endif 11861b1ab45SHans Schillstrom struct netns_ipvs *ipvs; 11951d7cccfSAndrey Vagin struct sock *diag_nlsk; 120b42664f8SNicolas Dichtel atomic_t rt_genid; 1215aad1de5STimo Teräs atomic_t fnhe_genid; 1225f256becSEric W. Biederman }; 1235f256becSEric W. Biederman 1241fb9489bSPavel Emelyanov /* 1251fb9489bSPavel Emelyanov * ifindex generation is per-net namespace, and loopback is 1261fb9489bSPavel Emelyanov * always the 1st device in ns (see net_dev_init), thus any 1271fb9489bSPavel Emelyanov * loopback device should get ifindex 1 1281fb9489bSPavel Emelyanov */ 1291fb9489bSPavel Emelyanov 1301fb9489bSPavel Emelyanov #define LOOPBACK_IFINDEX 1 131225c0a01SDenis V. Lunev 132c0f39322SDenis V. Lunev #include <linux/seq_file_net.h> 133c0f39322SDenis V. Lunev 1344fabcd71SDaniel Lezcano /* Init's network namespace */ 1355f256becSEric W. Biederman extern struct net init_net; 136a4aa834aSDenis V. Lunev 137d727abcbSEric W. Biederman #ifdef CONFIG_NET_NS 138038e7332SEric W. Biederman extern struct net *copy_net_ns(unsigned long flags, 139038e7332SEric W. Biederman struct user_namespace *user_ns, struct net *old_net); 140225c0a01SDenis V. Lunev 141d727abcbSEric W. Biederman #else /* CONFIG_NET_NS */ 142d727abcbSEric W. Biederman #include <linux/sched.h> 143d727abcbSEric W. Biederman #include <linux/nsproxy.h> 144038e7332SEric W. Biederman static inline struct net *copy_net_ns(unsigned long flags, 145038e7332SEric W. Biederman struct user_namespace *user_ns, struct net *old_net) 1469dd776b6SEric W. Biederman { 147d727abcbSEric W. Biederman if (flags & CLONE_NEWNET) 148d727abcbSEric W. Biederman return ERR_PTR(-EINVAL); 149d727abcbSEric W. Biederman return old_net; 1509dd776b6SEric W. Biederman } 151d727abcbSEric W. Biederman #endif /* CONFIG_NET_NS */ 152225c0a01SDenis V. Lunev 153225c0a01SDenis V. Lunev 154225c0a01SDenis V. Lunev extern struct list_head net_namespace_list; 1559dd776b6SEric W. Biederman 15630ffee84SJohannes Berg extern struct net *get_net_ns_by_pid(pid_t pid); 157f0630529SEric W. Biederman extern struct net *get_net_ns_by_fd(int pid); 15830ffee84SJohannes Berg 159d4655795SPavel Emelyanov #ifdef CONFIG_NET_NS 1605f256becSEric W. Biederman extern void __put_net(struct net *net); 1615f256becSEric W. Biederman 1625f256becSEric W. Biederman static inline struct net *get_net(struct net *net) 1635f256becSEric W. Biederman { 1645f256becSEric W. Biederman atomic_inc(&net->count); 1655f256becSEric W. Biederman return net; 1665f256becSEric W. Biederman } 1675f256becSEric W. Biederman 168077130c0SEric W. Biederman static inline struct net *maybe_get_net(struct net *net) 169077130c0SEric W. Biederman { 170077130c0SEric W. Biederman /* Used when we know struct net exists but we 171077130c0SEric W. Biederman * aren't guaranteed a previous reference count 172077130c0SEric W. Biederman * exists. If the reference count is zero this 173077130c0SEric W. Biederman * function fails and returns NULL. 174077130c0SEric W. Biederman */ 175077130c0SEric W. Biederman if (!atomic_inc_not_zero(&net->count)) 176077130c0SEric W. Biederman net = NULL; 177077130c0SEric W. Biederman return net; 178077130c0SEric W. Biederman } 179077130c0SEric W. Biederman 1805f256becSEric W. Biederman static inline void put_net(struct net *net) 1815f256becSEric W. Biederman { 1825f256becSEric W. Biederman if (atomic_dec_and_test(&net->count)) 1835f256becSEric W. Biederman __put_net(net); 1845f256becSEric W. Biederman } 1855f256becSEric W. Biederman 186878628fbSYOSHIFUJI Hideaki static inline 187878628fbSYOSHIFUJI Hideaki int net_eq(const struct net *net1, const struct net *net2) 188878628fbSYOSHIFUJI Hideaki { 189878628fbSYOSHIFUJI Hideaki return net1 == net2; 190878628fbSYOSHIFUJI Hideaki } 191a685e089SAl Viro 192a685e089SAl Viro extern void net_drop_ns(void *); 193a685e089SAl Viro 194d4655795SPavel Emelyanov #else 195b9f75f45SEric W. Biederman 196d4655795SPavel Emelyanov static inline struct net *get_net(struct net *net) 197d4655795SPavel Emelyanov { 198d4655795SPavel Emelyanov return net; 199d4655795SPavel Emelyanov } 200d4655795SPavel Emelyanov 201d4655795SPavel Emelyanov static inline void put_net(struct net *net) 202d4655795SPavel Emelyanov { 203d4655795SPavel Emelyanov } 204d4655795SPavel Emelyanov 205d4655795SPavel Emelyanov static inline struct net *maybe_get_net(struct net *net) 206d4655795SPavel Emelyanov { 207d4655795SPavel Emelyanov return net; 208d4655795SPavel Emelyanov } 209878628fbSYOSHIFUJI Hideaki 210878628fbSYOSHIFUJI Hideaki static inline 211878628fbSYOSHIFUJI Hideaki int net_eq(const struct net *net1, const struct net *net2) 212878628fbSYOSHIFUJI Hideaki { 213878628fbSYOSHIFUJI Hideaki return 1; 214878628fbSYOSHIFUJI Hideaki } 215a685e089SAl Viro 216a685e089SAl Viro #define net_drop_ns NULL 217d4655795SPavel Emelyanov #endif 2185f256becSEric W. Biederman 2195d1e4468SDenis V. Lunev 2205d1e4468SDenis V. Lunev #ifdef NETNS_REFCNT_DEBUG 2215d1e4468SDenis V. Lunev static inline struct net *hold_net(struct net *net) 2225d1e4468SDenis V. Lunev { 2235d1e4468SDenis V. Lunev if (net) 2245d1e4468SDenis V. Lunev atomic_inc(&net->use_count); 2255d1e4468SDenis V. Lunev return net; 2265d1e4468SDenis V. Lunev } 2275d1e4468SDenis V. Lunev 2285d1e4468SDenis V. Lunev static inline void release_net(struct net *net) 2295d1e4468SDenis V. Lunev { 2305d1e4468SDenis V. Lunev if (net) 2315d1e4468SDenis V. Lunev atomic_dec(&net->use_count); 2325d1e4468SDenis V. Lunev } 2335d1e4468SDenis V. Lunev #else 2345d1e4468SDenis V. Lunev static inline struct net *hold_net(struct net *net) 2355d1e4468SDenis V. Lunev { 2365d1e4468SDenis V. Lunev return net; 2375d1e4468SDenis V. Lunev } 2385d1e4468SDenis V. Lunev 2395d1e4468SDenis V. Lunev static inline void release_net(struct net *net) 2405d1e4468SDenis V. Lunev { 2415d1e4468SDenis V. Lunev } 2425d1e4468SDenis V. Lunev #endif 2435d1e4468SDenis V. Lunev 2448f424b5fSEric Dumazet #ifdef CONFIG_NET_NS 2458f424b5fSEric Dumazet 2468f424b5fSEric Dumazet static inline void write_pnet(struct net **pnet, struct net *net) 2478f424b5fSEric Dumazet { 2488f424b5fSEric Dumazet *pnet = net; 2498f424b5fSEric Dumazet } 2508f424b5fSEric Dumazet 2518f424b5fSEric Dumazet static inline struct net *read_pnet(struct net * const *pnet) 2528f424b5fSEric Dumazet { 2538f424b5fSEric Dumazet return *pnet; 2548f424b5fSEric Dumazet } 2558f424b5fSEric Dumazet 2568f424b5fSEric Dumazet #else 2578f424b5fSEric Dumazet 2588f424b5fSEric Dumazet #define write_pnet(pnet, net) do { (void)(net);} while (0) 2598f424b5fSEric Dumazet #define read_pnet(pnet) (&init_net) 2608f424b5fSEric Dumazet 2618f424b5fSEric Dumazet #endif 2625d1e4468SDenis V. Lunev 2635f256becSEric W. Biederman #define for_each_net(VAR) \ 2645f256becSEric W. Biederman list_for_each_entry(VAR, &net_namespace_list, list) 2655f256becSEric W. Biederman 26611a28d37SJohannes Berg #define for_each_net_rcu(VAR) \ 26711a28d37SJohannes Berg list_for_each_entry_rcu(VAR, &net_namespace_list, list) 26811a28d37SJohannes Berg 2694665079cSPavel Emelyanov #ifdef CONFIG_NET_NS 2704665079cSPavel Emelyanov #define __net_init 2714665079cSPavel Emelyanov #define __net_exit 272022cbae6SDenis V. Lunev #define __net_initdata 27304a6f82cSAndi Kleen #define __net_initconst 2744665079cSPavel Emelyanov #else 2754665079cSPavel Emelyanov #define __net_init __init 2764665079cSPavel Emelyanov #define __net_exit __exit_refok 277022cbae6SDenis V. Lunev #define __net_initdata __initdata 27804a6f82cSAndi Kleen #define __net_initconst __initconst 2794665079cSPavel Emelyanov #endif 2805f256becSEric W. Biederman 2815f256becSEric W. Biederman struct pernet_operations { 2825f256becSEric W. Biederman struct list_head list; 2835f256becSEric W. Biederman int (*init)(struct net *net); 2845f256becSEric W. Biederman void (*exit)(struct net *net); 28572ad937aSEric W. Biederman void (*exit_batch)(struct list_head *net_exit_list); 286f875bae0SEric W. Biederman int *id; 287f875bae0SEric W. Biederman size_t size; 2885f256becSEric W. Biederman }; 2895f256becSEric W. Biederman 29017edde52SEric W. Biederman /* 29117edde52SEric W. Biederman * Use these carefully. If you implement a network device and it 29217edde52SEric W. Biederman * needs per network namespace operations use device pernet operations, 29317edde52SEric W. Biederman * otherwise use pernet subsys operations. 29417edde52SEric W. Biederman * 2954edf547bSJohannes Berg * Network interfaces need to be removed from a dying netns _before_ 2964edf547bSJohannes Berg * subsys notifiers can be called, as most of the network code cleanup 2974edf547bSJohannes Berg * (which is done from subsys notifiers) runs with the assumption that 2984edf547bSJohannes Berg * dev_remove_pack has been called so no new packets will arrive during 2994edf547bSJohannes Berg * and after the cleanup functions have been called. dev_remove_pack 3004edf547bSJohannes Berg * is not per namespace so instead the guarantee of no more packets 3014edf547bSJohannes Berg * arriving in a network namespace is provided by ensuring that all 3024edf547bSJohannes Berg * network devices and all sockets have left the network namespace 3034edf547bSJohannes Berg * before the cleanup methods are called. 30417edde52SEric W. Biederman * 30517edde52SEric W. Biederman * For the longest time the ipv4 icmp code was registered as a pernet 30617edde52SEric W. Biederman * device which caused kernel oops, and panics during network 30717edde52SEric W. Biederman * namespace cleanup. So please don't get this wrong. 30817edde52SEric W. Biederman */ 3095f256becSEric W. Biederman extern int register_pernet_subsys(struct pernet_operations *); 3105f256becSEric W. Biederman extern void unregister_pernet_subsys(struct pernet_operations *); 3115f256becSEric W. Biederman extern int register_pernet_device(struct pernet_operations *); 3125f256becSEric W. Biederman extern void unregister_pernet_device(struct pernet_operations *); 313f875bae0SEric W. Biederman 31495bdfccbSEric W. Biederman struct ctl_table; 31595bdfccbSEric W. Biederman struct ctl_table_header; 316d62c612eSPavel Emelyanov 3172ca794e5SEric W. Biederman #ifdef CONFIG_SYSCTL 3182ca794e5SEric W. Biederman extern int net_sysctl_init(void); 319ab41a2caSEric W. Biederman extern struct ctl_table_header *register_net_sysctl(struct net *net, 320ab41a2caSEric W. Biederman const char *path, struct ctl_table *table); 32195bdfccbSEric W. Biederman extern void unregister_net_sysctl_table(struct ctl_table_header *header); 32248c74958SEric W. Biederman #else 32348c74958SEric W. Biederman static inline int net_sysctl_init(void) { return 0; } 32448c74958SEric W. Biederman static inline struct ctl_table_header *register_net_sysctl(struct net *net, 32548c74958SEric W. Biederman const char *path, struct ctl_table *table) 32648c74958SEric W. Biederman { 32748c74958SEric W. Biederman return NULL; 32848c74958SEric W. Biederman } 32948c74958SEric W. Biederman static inline void unregister_net_sysctl_table(struct ctl_table_header *header) 33048c74958SEric W. Biederman { 33148c74958SEric W. Biederman } 33248c74958SEric W. Biederman #endif 33348c74958SEric W. Biederman 334b42664f8SNicolas Dichtel static inline int rt_genid(struct net *net) 335b42664f8SNicolas Dichtel { 336b42664f8SNicolas Dichtel return atomic_read(&net->rt_genid); 337b42664f8SNicolas Dichtel } 338b42664f8SNicolas Dichtel 339b42664f8SNicolas Dichtel static inline void rt_genid_bump(struct net *net) 340b42664f8SNicolas Dichtel { 341b42664f8SNicolas Dichtel atomic_inc(&net->rt_genid); 342b42664f8SNicolas Dichtel } 34395bdfccbSEric W. Biederman 3445aad1de5STimo Teräs static inline int fnhe_genid(struct net *net) 3455aad1de5STimo Teräs { 3465aad1de5STimo Teräs return atomic_read(&net->fnhe_genid); 3475aad1de5STimo Teräs } 3485aad1de5STimo Teräs 3495aad1de5STimo Teräs static inline void fnhe_genid_bump(struct net *net) 3505aad1de5STimo Teräs { 3515aad1de5STimo Teräs atomic_inc(&net->fnhe_genid); 3525aad1de5STimo Teräs } 3535aad1de5STimo Teräs 3545f256becSEric W. Biederman #endif /* __NET_NET_NAMESPACE_H */ 355