1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Operations on the network namespace
4 */
5#ifndef __NET_NET_NAMESPACE_H
6#define __NET_NET_NAMESPACE_H
7
8#include <linux/atomic.h>
9#include <linux/refcount.h>
10#include <linux/workqueue.h>
11#include <linux/list.h>
12#include <linux/sysctl.h>
13#include <linux/uidgid.h>
14
15#include <net/flow.h>
16#include <net/netns/core.h>
17#include <net/netns/mib.h>
18#include <net/netns/unix.h>
19#include <net/netns/packet.h>
20#include <net/netns/ipv4.h>
21#include <net/netns/ipv6.h>
22#include <net/netns/nexthop.h>
23#include <net/netns/ieee802154_6lowpan.h>
24#include <net/netns/sctp.h>
25#include <net/netns/netfilter.h>
26#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
27#include <net/netns/conntrack.h>
28#endif
29#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
30#include <net/netns/flow_table.h>
31#endif
32#include <net/netns/nftables.h>
33#include <net/netns/xfrm.h>
34#include <net/netns/mpls.h>
35#include <net/netns/can.h>
36#include <net/netns/xdp.h>
37#include <net/netns/smc.h>
38#include <net/netns/bpf.h>
39#include <net/netns/mctp.h>
40#include <net/net_trackers.h>
41#include <linux/ns_common.h>
42#include <linux/idr.h>
43#include <linux/skbuff.h>
44#include <linux/notifier.h>
45
46struct user_namespace;
47struct proc_dir_entry;
48struct net_device;
49struct sock;
50struct ctl_table_header;
51struct net_generic;
52struct uevent_sock;
53struct netns_ipvs;
54struct bpf_prog;
55
56
57#define NETDEV_HASHBITS 8
58#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
59
60struct net {
61 /* First cache line can be often dirtied.
62 * Do not place here read-mostly fields.
63 */
64 refcount_t passive; /* To decide when the network
65 * namespace should be freed.
66 */
67 spinlock_t rules_mod_lock;
68
69 atomic_t dev_unreg_count;
70
71 unsigned int dev_base_seq; /* protected by rtnl_mutex */
72 int ifindex;
73
74 spinlock_t nsid_lock;
75 atomic_t fnhe_genid;
76
77 struct list_head list; /* list of network namespaces */
78 struct list_head exit_list; /* To linked to call pernet exit
79 * methods on dead net (
80 * pernet_ops_rwsem read locked),
81 * or to unregister pernet ops
82 * (pernet_ops_rwsem write locked).
83 */
84 struct llist_node cleanup_list; /* namespaces on death row */
85
86#ifdef CONFIG_KEYS
87 struct key_tag *key_domain; /* Key domain of operation tag */
88#endif
89 struct user_namespace *user_ns; /* Owning user namespace */
90 struct ucounts *ucounts;
91 struct idr netns_ids;
92
93 struct ns_common ns;
94 struct ref_tracker_dir refcnt_tracker;
95
96 struct list_head dev_base_head;
97 struct proc_dir_entry *proc_net;
98 struct proc_dir_entry *proc_net_stat;
99
100#ifdef CONFIG_SYSCTL
101 struct ctl_table_set sysctls;
102#endif
103
104 struct sock *rtnl; /* rtnetlink socket */
105 struct sock *genl_sock;
106
107 struct uevent_sock *uevent_sock; /* uevent socket */
108
109 struct hlist_head *dev_name_head;
110 struct hlist_head *dev_index_head;
111 struct raw_notifier_head netdev_chain;
112
113 /* Note that @hash_mix can be read millions times per second,
114 * it is critical that it is on a read_mostly cache line.
115 */
116 u32 hash_mix;
117
118 struct net_device *loopback_dev; /* The loopback */
119
120 /* core fib_rules */
121 struct list_head rules_ops;
122
123 struct netns_core core;
124 struct netns_mib mib;
125 struct netns_packet packet;
126#if IS_ENABLED(CONFIG_UNIX)
127 struct netns_unix unx;
128#endif
129 struct netns_nexthop nexthop;
130 struct netns_ipv4 ipv4;
131#if IS_ENABLED(CONFIG_IPV6)
132 struct netns_ipv6 ipv6;
133#endif
134#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
135 struct netns_ieee802154_lowpan ieee802154_lowpan;
136#endif
137#if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE)
138 struct netns_sctp sctp;
139#endif
140#ifdef CONFIG_NETFILTER
141 struct netns_nf nf;
142#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
143 struct netns_ct ct;
144#endif
145#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
146 struct netns_nftables nft;
147#endif
148#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
149 struct netns_ft ft;
150#endif
151#endif
152#ifdef CONFIG_WEXT_CORE
153 struct sk_buff_head wext_nlevents;
154#endif
155 struct net_generic __rcu *gen;
156
157 /* Used to store attached BPF programs */
158 struct netns_bpf bpf;
159
160 /* Note : following structs are cache line aligned */
161#ifdef CONFIG_XFRM
162 struct netns_xfrm xfrm;
163#endif
164
165 u64 net_cookie; /* written once */
166
167#if IS_ENABLED(CONFIG_IP_VS)
168 struct netns_ipvs *ipvs;
169#endif
170#if IS_ENABLED(CONFIG_MPLS)
171 struct netns_mpls mpls;
172#endif
173#if IS_ENABLED(CONFIG_CAN)
174 struct netns_can can;
175#endif
176#ifdef CONFIG_XDP_SOCKETS
177 struct netns_xdp xdp;
178#endif
179#if IS_ENABLED(CONFIG_MCTP)
180 struct netns_mctp mctp;
181#endif
182#if IS_ENABLED(CONFIG_CRYPTO_USER)
183 struct sock *crypto_nlsk;
184#endif
185 struct sock *diag_nlsk;
186#if IS_ENABLED(CONFIG_SMC)
187 struct netns_smc smc;
188#endif
189} __randomize_layout;
190
191#include <linux/seq_file_net.h>
192
193/* Init's network namespace */
194extern struct net init_net;
195
196#ifdef CONFIG_NET_NS
197struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns,
198 struct net *old_net);
199
200void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid);
201
202void net_ns_barrier(void);
203
204struct ns_common *get_net_ns(struct ns_common *ns);
205struct net *get_net_ns_by_fd(int fd);
206#else /* CONFIG_NET_NS */
207#include <linux/sched.h>
208#include <linux/nsproxy.h>
209static inline struct net *copy_net_ns(unsigned long flags,
210 struct user_namespace *user_ns, struct net *old_net)
211{
212 if (flags & CLONE_NEWNET)
213 return ERR_PTR(-EINVAL);
214 return old_net;
215}
216
217static inline void net_ns_get_ownership(const struct net *net,
218 kuid_t *uid, kgid_t *gid)
219{
220 *uid = GLOBAL_ROOT_UID;
221 *gid = GLOBAL_ROOT_GID;
222}
223
224static inline void net_ns_barrier(void) {}
225
226static inline struct ns_common *get_net_ns(struct ns_common *ns)
227{
228 return ERR_PTR(-EINVAL);
229}
230
231static inline struct net *get_net_ns_by_fd(int fd)
232{
233 return ERR_PTR(-EINVAL);
234}
235#endif /* CONFIG_NET_NS */
236
237
238extern struct list_head net_namespace_list;
239
240struct net *get_net_ns_by_pid(pid_t pid);
241
242#ifdef CONFIG_SYSCTL
243void ipx_register_sysctl(void);
244void ipx_unregister_sysctl(void);
245#else
246#define ipx_register_sysctl()
247#define ipx_unregister_sysctl()
248#endif
249
250#ifdef CONFIG_NET_NS
251void __put_net(struct net *net);
252
253/* Try using get_net_track() instead */
254static inline struct net *get_net(struct net *net)
255{
256 refcount_inc(&net->ns.count);
257 return net;
258}
259
260static inline struct net *maybe_get_net(struct net *net)
261{
262 /* Used when we know struct net exists but we
263 * aren't guaranteed a previous reference count
264 * exists. If the reference count is zero this
265 * function fails and returns NULL.
266 */
267 if (!refcount_inc_not_zero(&net->ns.count))
268 net = NULL;
269 return net;
270}
271
272/* Try using put_net_track() instead */
273static inline void put_net(struct net *net)
274{
275 if (refcount_dec_and_test(&net->ns.count))
276 __put_net(net);
277}
278
279static inline
280int net_eq(const struct net *net1, const struct net *net2)
281{
282 return net1 == net2;
283}
284
285static inline int check_net(const struct net *net)
286{
287 return refcount_read(&net->ns.count) != 0;
288}
289
290void net_drop_ns(void *);
291
292#else
293
294static inline struct net *get_net(struct net *net)
295{
296 return net;
297}
298
299static inline void put_net(struct net *net)
300{
301}
302
303static inline struct net *maybe_get_net(struct net *net)
304{
305 return net;
306}
307
308static inline
309int net_eq(const struct net *net1, const struct net *net2)
310{
311 return 1;
312}
313
314static inline int check_net(const struct net *net)
315{
316 return 1;
317}
318
319#define net_drop_ns NULL
320#endif
321
322
323static inline void netns_tracker_alloc(struct net *net,
324 netns_tracker *tracker, gfp_t gfp)
325{
326#ifdef CONFIG_NET_NS_REFCNT_TRACKER
327 ref_tracker_alloc(&net->refcnt_tracker, tracker, gfp);
328#endif
329}
330
331static inline void netns_tracker_free(struct net *net,
332 netns_tracker *tracker)
333{
334#ifdef CONFIG_NET_NS_REFCNT_TRACKER
335 ref_tracker_free(&net->refcnt_tracker, tracker);
336#endif
337}
338
339static inline struct net *get_net_track(struct net *net,
340 netns_tracker *tracker, gfp_t gfp)
341{
342 get_net(net);
343 netns_tracker_alloc(net, tracker, gfp);
344 return net;
345}
346
347static inline void put_net_track(struct net *net, netns_tracker *tracker)
348{
349 netns_tracker_free(net, tracker);
350 put_net(net);
351}
352
353typedef struct {
354#ifdef CONFIG_NET_NS
355 struct net *net;
356#endif
357} possible_net_t;
358
359static inline void write_pnet(possible_net_t *pnet, struct net *net)
360{
361#ifdef CONFIG_NET_NS
362 pnet->net = net;
363#endif
364}
365
366static inline struct net *read_pnet(const possible_net_t *pnet)
367{
368#ifdef CONFIG_NET_NS
369 return pnet->net;
370#else
371 return &init_net;
372#endif
373}
374
375/* Protected by net_rwsem */
376#define for_each_net(VAR) \
377 list_for_each_entry(VAR, &net_namespace_list, list)
378#define for_each_net_continue_reverse(VAR) \
379 list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list)
380#define for_each_net_rcu(VAR) \
381 list_for_each_entry_rcu(VAR, &net_namespace_list, list)
382
383#ifdef CONFIG_NET_NS
384#define __net_init
385#define __net_exit
386#define __net_initdata
387#define __net_initconst
388#else
389#define __net_init __init
390#define __net_exit __ref
391#define __net_initdata __initdata
392#define __net_initconst __initconst
393#endif
394
395int peernet2id_alloc(struct net *net, struct net *peer, gfp_t gfp);
396int peernet2id(const struct net *net, struct net *peer);
397bool peernet_has_id(const struct net *net, struct net *peer);
398struct net *get_net_ns_by_id(const struct net *net, int id);
399
400struct pernet_operations {
401 struct list_head list;
402 /*
403 * Below methods are called without any exclusive locks.
404 * More than one net may be constructed and destructed
405 * in parallel on several cpus. Every pernet_operations
406 * have to keep in mind all other pernet_operations and
407 * to introduce a locking, if they share common resources.
408 *
409 * The only time they are called with exclusive lock is
410 * from register_pernet_subsys(), unregister_pernet_subsys()
411 * register_pernet_device() and unregister_pernet_device().
412 *
413 * Exit methods using blocking RCU primitives, such as
414 * synchronize_rcu(), should be implemented via exit_batch.
415 * Then, destruction of a group of net requires single
416 * synchronize_rcu() related to these pernet_operations,
417 * instead of separate synchronize_rcu() for every net.
418 * Please, avoid synchronize_rcu() at all, where it's possible.
419 *
420 * Note that a combination of pre_exit() and exit() can
421 * be used, since a synchronize_rcu() is guaranteed between
422 * the calls.
423 */
424 int (*init)(struct net *net);
425 void (*pre_exit)(struct net *net);
426 void (*exit)(struct net *net);
427 void (*exit_batch)(struct list_head *net_exit_list);
428 unsigned int *id;
429 size_t size;
430};
431
432/*
433 * Use these carefully. If you implement a network device and it
434 * needs per network namespace operations use device pernet operations,
435 * otherwise use pernet subsys operations.
436 *
437 * Network interfaces need to be removed from a dying netns _before_
438 * subsys notifiers can be called, as most of the network code cleanup
439 * (which is done from subsys notifiers) runs with the assumption that
440 * dev_remove_pack has been called so no new packets will arrive during
441 * and after the cleanup functions have been called. dev_remove_pack
442 * is not per namespace so instead the guarantee of no more packets
443 * arriving in a network namespace is provided by ensuring that all
444 * network devices and all sockets have left the network namespace
445 * before the cleanup methods are called.
446 *
447 * For the longest time the ipv4 icmp code was registered as a pernet
448 * device which caused kernel oops, and panics during network
449 * namespace cleanup. So please don't get this wrong.
450 */
451int register_pernet_subsys(struct pernet_operations *);
452void unregister_pernet_subsys(struct pernet_operations *);
453int register_pernet_device(struct pernet_operations *);
454void unregister_pernet_device(struct pernet_operations *);
455
456struct ctl_table;
457
458#ifdef CONFIG_SYSCTL
459int net_sysctl_init(void);
460struct ctl_table_header *register_net_sysctl(struct net *net, const char *path,
461 struct ctl_table *table);
462void unregister_net_sysctl_table(struct ctl_table_header *header);
463#else
464static inline int net_sysctl_init(void) { return 0; }
465static inline struct ctl_table_header *register_net_sysctl(struct net *net,
466 const char *path, struct ctl_table *table)
467{
468 return NULL;
469}
470static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
471{
472}
473#endif
474
475static inline int rt_genid_ipv4(const struct net *net)
476{
477 return atomic_read(&net->ipv4.rt_genid);
478}
479
480#if IS_ENABLED(CONFIG_IPV6)
481static inline int rt_genid_ipv6(const struct net *net)
482{
483 return atomic_read(&net->ipv6.fib6_sernum);
484}
485#endif
486
487static inline void rt_genid_bump_ipv4(struct net *net)
488{
489 atomic_inc(&net->ipv4.rt_genid);
490}
491
492extern void (*__fib6_flush_trees)(struct net *net);
493static inline void rt_genid_bump_ipv6(struct net *net)
494{
495 if (__fib6_flush_trees)
496 __fib6_flush_trees(net);
497}
498
499#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
500static inline struct netns_ieee802154_lowpan *
501net_ieee802154_lowpan(struct net *net)
502{
503 return &net->ieee802154_lowpan;
504}
505#endif
506
507/* For callers who don't really care about whether it's IPv4 or IPv6 */
508static inline void rt_genid_bump_all(struct net *net)
509{
510 rt_genid_bump_ipv4(net);
511 rt_genid_bump_ipv6(net);
512}
513
514static inline int fnhe_genid(const struct net *net)
515{
516 return atomic_read(&net->fnhe_genid);
517}
518
519static inline void fnhe_genid_bump(struct net *net)
520{
521 atomic_inc(&net->fnhe_genid);
522}
523
524#ifdef CONFIG_NET
525void net_ns_init(void);
526#else
527static inline void net_ns_init(void) {}
528#endif
529
530#endif /* __NET_NET_NAMESPACE_H */
531

source code of linux/include/net/net_namespace.h