1 /* 2 * Operations on the network namespace 3 */ 4 #ifndef __NET_NET_NAMESPACE_H 5 #define __NET_NET_NAMESPACE_H 6 7 #include <linux/atomic.h> 8 #include <linux/refcount.h> 9 #include <linux/workqueue.h> 10 #include <linux/list.h> 11 #include <linux/sysctl.h> 12 13 #include <net/flow.h> 14 #include <net/netns/core.h> 15 #include <net/netns/mib.h> 16 #include <net/netns/unix.h> 17 #include <net/netns/packet.h> 18 #include <net/netns/ipv4.h> 19 #include <net/netns/ipv6.h> 20 #include <net/netns/ieee802154_6lowpan.h> 21 #include <net/netns/sctp.h> 22 #include <net/netns/dccp.h> 23 #include <net/netns/netfilter.h> 24 #include <net/netns/x_tables.h> 25 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 26 #include <net/netns/conntrack.h> 27 #endif 28 #include <net/netns/nftables.h> 29 #include <net/netns/xfrm.h> 30 #include <net/netns/mpls.h> 31 #include <net/netns/can.h> 32 #include <linux/ns_common.h> 33 #include <linux/idr.h> 34 #include <linux/skbuff.h> 35 36 struct user_namespace; 37 struct proc_dir_entry; 38 struct net_device; 39 struct sock; 40 struct ctl_table_header; 41 struct net_generic; 42 struct sock; 43 struct netns_ipvs; 44 45 46 #define NETDEV_HASHBITS 8 47 #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) 48 49 struct net { 50 refcount_t passive; /* To decided when the network 51 * namespace should be freed. 52 */ 53 atomic_t count; /* To decided when the network 54 * namespace should be shut down. 55 */ 56 spinlock_t rules_mod_lock; 57 58 atomic64_t cookie_gen; 59 60 struct list_head list; /* list of network namespaces */ 61 struct list_head cleanup_list; /* namespaces on death row */ 62 struct list_head exit_list; /* Use only net_mutex */ 63 64 struct user_namespace *user_ns; /* Owning user namespace */ 65 struct ucounts *ucounts; 66 spinlock_t nsid_lock; 67 struct idr netns_ids; 68 69 struct ns_common ns; 70 71 struct proc_dir_entry *proc_net; 72 struct proc_dir_entry *proc_net_stat; 73 74 #ifdef CONFIG_SYSCTL 75 struct ctl_table_set sysctls; 76 #endif 77 78 struct sock *rtnl; /* rtnetlink socket */ 79 struct sock *genl_sock; 80 81 struct list_head dev_base_head; 82 struct hlist_head *dev_name_head; 83 struct hlist_head *dev_index_head; 84 unsigned int dev_base_seq; /* protected by rtnl_mutex */ 85 int ifindex; 86 unsigned int dev_unreg_count; 87 88 /* core fib_rules */ 89 struct list_head rules_ops; 90 91 struct list_head fib_notifier_ops; /* protected by net_mutex */ 92 93 struct net_device *loopback_dev; /* The loopback */ 94 struct netns_core core; 95 struct netns_mib mib; 96 struct netns_packet packet; 97 struct netns_unix unx; 98 struct netns_ipv4 ipv4; 99 #if IS_ENABLED(CONFIG_IPV6) 100 struct netns_ipv6 ipv6; 101 #endif 102 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 103 struct netns_ieee802154_lowpan ieee802154_lowpan; 104 #endif 105 #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) 106 struct netns_sctp sctp; 107 #endif 108 #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) 109 struct netns_dccp dccp; 110 #endif 111 #ifdef CONFIG_NETFILTER 112 struct netns_nf nf; 113 struct netns_xt xt; 114 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 115 struct netns_ct ct; 116 #endif 117 #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE) 118 struct netns_nftables nft; 119 #endif 120 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) 121 struct netns_nf_frag nf_frag; 122 #endif 123 struct sock *nfnl; 124 struct sock *nfnl_stash; 125 #if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT) 126 struct list_head nfnl_acct_list; 127 #endif 128 #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 129 struct list_head nfct_timeout_list; 130 #endif 131 #endif 132 #ifdef CONFIG_WEXT_CORE 133 struct sk_buff_head wext_nlevents; 134 #endif 135 struct net_generic __rcu *gen; 136 137 /* Note : following structs are cache line aligned */ 138 #ifdef CONFIG_XFRM 139 struct netns_xfrm xfrm; 140 #endif 141 #if IS_ENABLED(CONFIG_IP_VS) 142 struct netns_ipvs *ipvs; 143 #endif 144 #if IS_ENABLED(CONFIG_MPLS) 145 struct netns_mpls mpls; 146 #endif 147 #if IS_ENABLED(CONFIG_CAN) 148 struct netns_can can; 149 #endif 150 struct sock *diag_nlsk; 151 atomic_t fnhe_genid; 152 } __randomize_layout; 153 154 #include <linux/seq_file_net.h> 155 156 /* Init's network namespace */ 157 extern struct net init_net; 158 159 #ifdef CONFIG_NET_NS 160 struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns, 161 struct net *old_net); 162 163 void net_ns_barrier(void); 164 #else /* CONFIG_NET_NS */ 165 #include <linux/sched.h> 166 #include <linux/nsproxy.h> 167 static inline struct net *copy_net_ns(unsigned long flags, 168 struct user_namespace *user_ns, struct net *old_net) 169 { 170 if (flags & CLONE_NEWNET) 171 return ERR_PTR(-EINVAL); 172 return old_net; 173 } 174 175 static inline void net_ns_barrier(void) {} 176 #endif /* CONFIG_NET_NS */ 177 178 179 extern struct list_head net_namespace_list; 180 181 struct net *get_net_ns_by_pid(pid_t pid); 182 struct net *get_net_ns_by_fd(int fd); 183 184 #ifdef CONFIG_SYSCTL 185 void ipx_register_sysctl(void); 186 void ipx_unregister_sysctl(void); 187 #else 188 #define ipx_register_sysctl() 189 #define ipx_unregister_sysctl() 190 #endif 191 192 #ifdef CONFIG_NET_NS 193 void __put_net(struct net *net); 194 195 static inline struct net *get_net(struct net *net) 196 { 197 atomic_inc(&net->count); 198 return net; 199 } 200 201 static inline struct net *maybe_get_net(struct net *net) 202 { 203 /* Used when we know struct net exists but we 204 * aren't guaranteed a previous reference count 205 * exists. If the reference count is zero this 206 * function fails and returns NULL. 207 */ 208 if (!atomic_inc_not_zero(&net->count)) 209 net = NULL; 210 return net; 211 } 212 213 static inline void put_net(struct net *net) 214 { 215 if (atomic_dec_and_test(&net->count)) 216 __put_net(net); 217 } 218 219 static inline 220 int net_eq(const struct net *net1, const struct net *net2) 221 { 222 return net1 == net2; 223 } 224 225 void net_drop_ns(void *); 226 227 #else 228 229 static inline struct net *get_net(struct net *net) 230 { 231 return net; 232 } 233 234 static inline void put_net(struct net *net) 235 { 236 } 237 238 static inline struct net *maybe_get_net(struct net *net) 239 { 240 return net; 241 } 242 243 static inline 244 int net_eq(const struct net *net1, const struct net *net2) 245 { 246 return 1; 247 } 248 249 #define net_drop_ns NULL 250 #endif 251 252 253 typedef struct { 254 #ifdef CONFIG_NET_NS 255 struct net *net; 256 #endif 257 } possible_net_t; 258 259 static inline void write_pnet(possible_net_t *pnet, struct net *net) 260 { 261 #ifdef CONFIG_NET_NS 262 pnet->net = net; 263 #endif 264 } 265 266 static inline struct net *read_pnet(const possible_net_t *pnet) 267 { 268 #ifdef CONFIG_NET_NS 269 return pnet->net; 270 #else 271 return &init_net; 272 #endif 273 } 274 275 #define for_each_net(VAR) \ 276 list_for_each_entry(VAR, &net_namespace_list, list) 277 278 #define for_each_net_rcu(VAR) \ 279 list_for_each_entry_rcu(VAR, &net_namespace_list, list) 280 281 #ifdef CONFIG_NET_NS 282 #define __net_init 283 #define __net_exit 284 #define __net_initdata 285 #define __net_initconst 286 #else 287 #define __net_init __init 288 #define __net_exit __ref 289 #define __net_initdata __initdata 290 #define __net_initconst __initconst 291 #endif 292 293 int peernet2id_alloc(struct net *net, struct net *peer); 294 int peernet2id(struct net *net, struct net *peer); 295 bool peernet_has_id(struct net *net, struct net *peer); 296 struct net *get_net_ns_by_id(struct net *net, int id); 297 298 struct pernet_operations { 299 struct list_head list; 300 int (*init)(struct net *net); 301 void (*exit)(struct net *net); 302 void (*exit_batch)(struct list_head *net_exit_list); 303 unsigned int *id; 304 size_t size; 305 }; 306 307 /* 308 * Use these carefully. If you implement a network device and it 309 * needs per network namespace operations use device pernet operations, 310 * otherwise use pernet subsys operations. 311 * 312 * Network interfaces need to be removed from a dying netns _before_ 313 * subsys notifiers can be called, as most of the network code cleanup 314 * (which is done from subsys notifiers) runs with the assumption that 315 * dev_remove_pack has been called so no new packets will arrive during 316 * and after the cleanup functions have been called. dev_remove_pack 317 * is not per namespace so instead the guarantee of no more packets 318 * arriving in a network namespace is provided by ensuring that all 319 * network devices and all sockets have left the network namespace 320 * before the cleanup methods are called. 321 * 322 * For the longest time the ipv4 icmp code was registered as a pernet 323 * device which caused kernel oops, and panics during network 324 * namespace cleanup. So please don't get this wrong. 325 */ 326 int register_pernet_subsys(struct pernet_operations *); 327 void unregister_pernet_subsys(struct pernet_operations *); 328 int register_pernet_device(struct pernet_operations *); 329 void unregister_pernet_device(struct pernet_operations *); 330 331 struct ctl_table; 332 struct ctl_table_header; 333 334 #ifdef CONFIG_SYSCTL 335 int net_sysctl_init(void); 336 struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, 337 struct ctl_table *table); 338 void unregister_net_sysctl_table(struct ctl_table_header *header); 339 #else 340 static inline int net_sysctl_init(void) { return 0; } 341 static inline struct ctl_table_header *register_net_sysctl(struct net *net, 342 const char *path, struct ctl_table *table) 343 { 344 return NULL; 345 } 346 static inline void unregister_net_sysctl_table(struct ctl_table_header *header) 347 { 348 } 349 #endif 350 351 static inline int rt_genid_ipv4(struct net *net) 352 { 353 return atomic_read(&net->ipv4.rt_genid); 354 } 355 356 static inline void rt_genid_bump_ipv4(struct net *net) 357 { 358 atomic_inc(&net->ipv4.rt_genid); 359 } 360 361 extern void (*__fib6_flush_trees)(struct net *net); 362 static inline void rt_genid_bump_ipv6(struct net *net) 363 { 364 if (__fib6_flush_trees) 365 __fib6_flush_trees(net); 366 } 367 368 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 369 static inline struct netns_ieee802154_lowpan * 370 net_ieee802154_lowpan(struct net *net) 371 { 372 return &net->ieee802154_lowpan; 373 } 374 #endif 375 376 /* For callers who don't really care about whether it's IPv4 or IPv6 */ 377 static inline void rt_genid_bump_all(struct net *net) 378 { 379 rt_genid_bump_ipv4(net); 380 rt_genid_bump_ipv6(net); 381 } 382 383 static inline int fnhe_genid(struct net *net) 384 { 385 return atomic_read(&net->fnhe_genid); 386 } 387 388 static inline void fnhe_genid_bump(struct net *net) 389 { 390 atomic_inc(&net->fnhe_genid); 391 } 392 393 #endif /* __NET_NET_NAMESPACE_H */ 394