net_namespace.h source code [linux/include/net/net_namespace.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	/*
3	* Operations on the network namespace
4	*/
5	#ifndef __NET_NET_NAMESPACE_H
6	#define __NET_NET_NAMESPACE_H
7
8	#include <linux/atomic.h>
9	#include <linux/refcount.h>
10	#include <linux/workqueue.h>
11	#include <linux/list.h>
12	#include <linux/sysctl.h>
13	#include <linux/uidgid.h>
14
15	#include <net/flow.h>
16	#include <net/netns/core.h>
17	#include <net/netns/mib.h>
18	#include <net/netns/unix.h>
19	#include <net/netns/packet.h>
20	#include <net/netns/ipv4.h>
21	#include <net/netns/ipv6.h>
22	#include <net/netns/nexthop.h>
23	#include <net/netns/ieee802154_6lowpan.h>
24	#include <net/netns/sctp.h>
25	#include <net/netns/netfilter.h>
26	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
27	#include <net/netns/conntrack.h>
28	#endif
29	#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
30	#include <net/netns/flow_table.h>
31	#endif
32	#include <net/netns/nftables.h>
33	#include <net/netns/xfrm.h>
34	#include <net/netns/mpls.h>
35	#include <net/netns/can.h>
36	#include <net/netns/xdp.h>
37	#include <net/netns/smc.h>
38	#include <net/netns/bpf.h>
39	#include <net/netns/mctp.h>
40	#include <net/net_trackers.h>
41	#include <linux/ns_common.h>
42	#include <linux/idr.h>
43	#include <linux/skbuff.h>
44	#include <linux/notifier.h>
45	#include <linux/xarray.h>
46
47	struct user_namespace;
48	struct proc_dir_entry;
49	struct net_device;
50	struct sock;
51	struct ctl_table_header;
52	struct net_generic;
53	struct uevent_sock;
54	struct netns_ipvs;
55	struct bpf_prog;
56
57
58	#define NETDEV_HASHBITS 8
59	#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
60
61	struct net {
62	/ First cache line can be often dirtied.*
63	* Do not place here read-mostly fields.
64	*/
65	refcount_t passive; / To decide when the network*
66	* namespace should be freed.
67	*/
68	spinlock_t rules_mod_lock;
69
70	unsigned int dev_base_seq; / protected by rtnl_mutex /
71	u32 ifindex;
72
73	spinlock_t nsid_lock;
74	atomic_t fnhe_genid;
75
76	struct list_head list; / list of network namespaces /
77	struct list_head exit_list; / To linked to call pernet exit*
78	* methods on dead net (
79	* pernet_ops_rwsem read locked),
80	* or to unregister pernet ops
81	* (pernet_ops_rwsem write locked).
82	*/
83	struct llist_node defer_free_list;
84	struct llist_node cleanup_list; / namespaces on death row /
85
86	struct list_head ptype_all;
87	struct list_head ptype_specific;
88
89	#ifdef CONFIG_KEYS
90	struct key_tag key_domain; /* Key domain of operation tag /
91	#endif
92	struct user_namespace user_ns; /* Owning user namespace /
93	struct ucounts *ucounts;
94	struct idr netns_ids;
95
96	struct ns_common ns;
97	struct ref_tracker_dir refcnt_tracker;
98	struct ref_tracker_dir notrefcnt_tracker; / tracker for objects not*
99	* refcounted against netns
100	*/
101	struct list_head dev_base_head;
102	struct proc_dir_entry *proc_net;
103	struct proc_dir_entry *proc_net_stat;
104
105	#ifdef CONFIG_SYSCTL
106	struct ctl_table_set sysctls;
107	#endif
108
109	struct sock rtnl; /* rtnetlink socket /
110	struct sock *genl_sock;
111
112	struct uevent_sock uevent_sock; /* uevent socket /
113
114	struct hlist_head *dev_name_head;
115	struct hlist_head *dev_index_head;
116	struct xarray dev_by_index;
117	struct raw_notifier_head netdev_chain;
118
119	/ Note that @hash_mix can be read millions times per second,*
120	* it is critical that it is on a read_mostly cache line.
121	*/
122	u32 hash_mix;
123
124	struct net_device loopback_dev; /* The loopback /
125
126	/ core fib_rules /
127	struct list_head rules_ops;
128
129	struct netns_core core;
130	struct netns_mib mib;
131	struct netns_packet packet;
132	#if IS_ENABLED(CONFIG_UNIX)
133	struct netns_unix unx;
134	#endif
135	struct netns_nexthop nexthop;
136	struct netns_ipv4 ipv4;
137	#if IS_ENABLED(CONFIG_IPV6)
138	struct netns_ipv6 ipv6;
139	#endif
140	#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
141	struct netns_ieee802154_lowpan ieee802154_lowpan;
142	#endif
143	#if defined(CONFIG_IP_SCTP) \|\| defined(CONFIG_IP_SCTP_MODULE)
144	struct netns_sctp sctp;
145	#endif
146	#ifdef CONFIG_NETFILTER
147	struct netns_nf nf;
148	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
149	struct netns_ct ct;
150	#endif
151	#if defined(CONFIG_NF_TABLES) \|\| defined(CONFIG_NF_TABLES_MODULE)
152	struct netns_nftables nft;
153	#endif
154	#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
155	struct netns_ft ft;
156	#endif
157	#endif
158	#ifdef CONFIG_WEXT_CORE
159	struct sk_buff_head wext_nlevents;
160	#endif
161	struct net_generic __rcu *gen;
162
163	/ Used to store attached BPF programs /
164	struct netns_bpf bpf;
165
166	/ Note : following structs are cache line aligned /
167	#ifdef CONFIG_XFRM
168	struct netns_xfrm xfrm;
169	#endif
170
171	u64 net_cookie; / written once /
172
173	#if IS_ENABLED(CONFIG_IP_VS)
174	struct netns_ipvs *ipvs;
175	#endif
176	#if IS_ENABLED(CONFIG_MPLS)
177	struct netns_mpls mpls;
178	#endif
179	#if IS_ENABLED(CONFIG_CAN)
180	struct netns_can can;
181	#endif
182	#ifdef CONFIG_XDP_SOCKETS
183	struct netns_xdp xdp;
184	#endif
185	#if IS_ENABLED(CONFIG_MCTP)
186	struct netns_mctp mctp;
187	#endif
188	#if IS_ENABLED(CONFIG_CRYPTO_USER)
189	struct sock *crypto_nlsk;
190	#endif
191	struct sock *diag_nlsk;
192	#if IS_ENABLED(CONFIG_SMC)
193	struct netns_smc smc;
194	#endif
195	#ifdef CONFIG_DEBUG_NET_SMALL_RTNL
196	/ Move to a better place when the config guard is removed. /
197	struct mutex rtnl_mutex;
198	#endif
199	} __randomize_layout;
200
201	#include <linux/seq_file_net.h>
202
203	/ Init's network namespace /
204	extern struct net init_net;
205
206	#ifdef CONFIG_NET_NS
207	struct net copy_net_ns(unsigned* long flags, struct user_namespace *user_ns,
208	struct net *old_net);
209
210	void net_ns_get_ownership(const struct net net, kuid_t uid, kgid_t *gid);
211
212	void net_ns_barrier(void);
213
214	struct ns_common get_net_ns(struct* ns_common *ns);
215	struct net get_net_ns_by_fd(int* fd);
216	extern struct task_struct *cleanup_net_task;
217
218	#else /* CONFIG_NET_NS */
219	#include <linux/sched.h>
220	#include <linux/nsproxy.h>
221	static inline struct net copy_net_ns(unsigned* long flags,
222	struct user_namespace user_ns, struct* net *old_net)
223	{
224	if (flags & CLONE_NEWNET)
225	return ERR_PTR(-EINVAL);
226	return old_net;
227	}
228
229	static inline void net_ns_get_ownership(const struct net *net,
230	kuid_t uid, kgid_t gid)
231	{
232	*uid = GLOBAL_ROOT_UID;
233	*gid = GLOBAL_ROOT_GID;
234	}
235
236	static inline void net_ns_barrier(void) {}
237
238	static inline struct ns_common get_net_ns(struct* ns_common *ns)
239	{
240	return ERR_PTR(-EINVAL);
241	}
242
243	static inline struct net get_net_ns_by_fd(int* fd)
244	{
245	return ERR_PTR(-EINVAL);
246	}
247	#endif /* CONFIG_NET_NS */
248
249
250	extern struct list_head net_namespace_list;
251
252	struct net *get_net_ns_by_pid(pid_t pid);
253
254	#ifdef CONFIG_SYSCTL
255	void ipx_register_sysctl(void);
256	void ipx_unregister_sysctl(void);
257	#else
258	#define ipx_register_sysctl()
259	#define ipx_unregister_sysctl()
260	#endif
261
262	#ifdef CONFIG_NET_NS
263	void __put_net(struct net *net);
264
265	/ Try using get_net_track() instead /
266	static inline struct net get_net(struct* net *net)
267	{
268	refcount_inc(r: &net->ns.count);
269	return net;
270	}
271
272	static inline struct net maybe_get_net(struct* net *net)
273	{
274	/ Used when we know struct net exists but we*
275	* aren't guaranteed a previous reference count
276	* exists. If the reference count is zero this
277	* function fails and returns NULL.
278	*/
279	if (!refcount_inc_not_zero(r: &net->ns.count))
280	net = NULL;
281	return net;
282	}
283
284	/ Try using put_net_track() instead /
285	static inline void put_net(struct net *net)
286	{
287	if (refcount_dec_and_test(r: &net->ns.count))
288	__put_net(net);
289	}
290
291	static inline
292	int net_eq(const struct net net1, const* struct net *net2)
293	{
294	return net1 == net2;
295	}
296
297	static inline int check_net(const struct net *net)
298	{
299	return refcount_read(r: &net->ns.count) != `0`;
300	}
301
302	void net_drop_ns(void *);
303	void net_passive_dec(struct net *net);
304
305	#else
306
307	static inline struct net get_net(struct* net *net)
308	{
309	return net;
310	}
311
312	static inline void put_net(struct net *net)
313	{
314	}
315
316	static inline struct net maybe_get_net(struct* net *net)
317	{
318	return net;
319	}
320
321	static inline
322	int net_eq(const struct net net1, const* struct net *net2)
323	{
324	return `1`;
325	}
326
327	static inline int check_net(const struct net *net)
328	{
329	return `1`;
330	}
331
332	#define net_drop_ns NULL
333
334	static inline void net_passive_dec(struct net *net)
335	{
336	refcount_dec(&net->passive);
337	}
338	#endif
339
340	static inline void net_passive_inc(struct net *net)
341	{
342	refcount_inc(r: &net->passive);
343	}
344
345	/ Returns true if the netns initialization is completed successfully /
346	static inline bool net_initialized(const struct net *net)
347	{
348	return READ_ONCE(net->list.next);
349	}
350
351	static inline void __netns_tracker_alloc(struct net *net,
352	netns_tracker *tracker,
353	bool refcounted,
354	gfp_t gfp)
355	{
356	#ifdef CONFIG_NET_NS_REFCNT_TRACKER
357	ref_tracker_alloc(dir: refcounted ? &net->refcnt_tracker :
358	&net->notrefcnt_tracker,
359	trackerp: tracker, gfp);
360	#endif
361	}
362
363	static inline void netns_tracker_alloc(struct net net, netns_tracker tracker,
364	gfp_t gfp)
365	{
366	__netns_tracker_alloc(net, tracker, refcounted: true, gfp);
367	}
368
369	static inline void __netns_tracker_free(struct net *net,
370	netns_tracker *tracker,
371	bool refcounted)
372	{
373	#ifdef CONFIG_NET_NS_REFCNT_TRACKER
374	ref_tracker_free(dir: refcounted ? &net->refcnt_tracker :
375	&net->notrefcnt_tracker, trackerp: tracker);
376	#endif
377	}
378
379	static inline struct net get_net_track(struct* net *net,
380	netns_tracker *tracker, gfp_t gfp)
381	{
382	get_net(net);
383	netns_tracker_alloc(net, tracker, gfp);
384	return net;
385	}
386
387	static inline void put_net_track(struct net net, netns_tracker tracker)
388	{
389	__netns_tracker_free(net, tracker, refcounted: true);
390	put_net(net);
391	}
392
393	typedef struct {
394	#ifdef CONFIG_NET_NS
395	struct net __rcu *net;
396	#endif
397	} possible_net_t;
398
399	static inline void write_pnet(possible_net_t pnet, struct* net *net)
400	{
401	#ifdef CONFIG_NET_NS
402	rcu_assign_pointer(pnet->net, net);
403	#endif
404	}
405
406	static inline struct net read_pnet(const* possible_net_t *pnet)
407	{
408	#ifdef CONFIG_NET_NS
409	return rcu_dereference_protected(pnet->net, true);
410	#else
411	return &init_net;
412	#endif
413	}
414
415	static inline struct net read_pnet_rcu(const* possible_net_t *pnet)
416	{
417	#ifdef CONFIG_NET_NS
418	return rcu_dereference(pnet->net);
419	#else
420	return &init_net;
421	#endif
422	}
423
424	/ Protected by net_rwsem /
425	#define for_each_net(VAR) \
426	list_for_each_entry(VAR, &net_namespace_list, list)
427	#define for_each_net_continue_reverse(VAR) \
428	list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list)
429	#define for_each_net_rcu(VAR) \
430	list_for_each_entry_rcu(VAR, &net_namespace_list, list)
431
432	#ifdef CONFIG_NET_NS
433	#define __net_init
434	#define __net_exit
435	#define __net_initdata
436	#define __net_initconst
437	#else
438	#define __net_init __init
439	#define __net_exit __ref
440	#define __net_initdata __initdata
441	#define __net_initconst __initconst
442	#endif
443
444	int peernet2id_alloc(struct net net, struct* net *peer, gfp_t gfp);
445	int peernet2id(const struct net net, struct* net *peer);
446	bool peernet_has_id(const struct net net, struct* net *peer);
447	struct net get_net_ns_by_id(const* struct net net, int* id);
448
449	struct pernet_operations {
450	struct list_head list;
451	/*
452	* Below methods are called without any exclusive locks.
453	* More than one net may be constructed and destructed
454	* in parallel on several cpus. Every pernet_operations
455	* have to keep in mind all other pernet_operations and
456	* to introduce a locking, if they share common resources.
457	*
458	* The only time they are called with exclusive lock is
459	* from register_pernet_subsys(), unregister_pernet_subsys()
460	* register_pernet_device() and unregister_pernet_device().
461	*
462	* Exit methods using blocking RCU primitives, such as
463	* synchronize_rcu(), should be implemented via exit_batch.
464	* Then, destruction of a group of net requires single
465	* synchronize_rcu() related to these pernet_operations,
466	* instead of separate synchronize_rcu() for every net.
467	* Please, avoid synchronize_rcu() at all, where it's possible.
468	*
469	* Note that a combination of pre_exit() and exit() can
470	* be used, since a synchronize_rcu() is guaranteed between
471	* the calls.
472	*/
473	int (init)(struct* net *net);
474	void (pre_exit)(struct* net *net);
475	void (exit)(struct* net *net);
476	void (exit_batch)(struct* list_head *net_exit_list);
477	/ Following method is called with RTNL held. /
478	void (exit_rtnl)(struct* net *net,
479	struct list_head *dev_kill_list);
480	unsigned int * const id;
481	const size_t size;
482	};
483
484	/*
485	* Use these carefully. If you implement a network device and it
486	* needs per network namespace operations use device pernet operations,
487	* otherwise use pernet subsys operations.
488	*
489	* Network interfaces need to be removed from a dying netns _before_
490	* subsys notifiers can be called, as most of the network code cleanup
491	* (which is done from subsys notifiers) runs with the assumption that
492	* dev_remove_pack has been called so no new packets will arrive during
493	* and after the cleanup functions have been called. dev_remove_pack
494	* is not per namespace so instead the guarantee of no more packets
495	* arriving in a network namespace is provided by ensuring that all
496	* network devices and all sockets have left the network namespace
497	* before the cleanup methods are called.
498	*
499	* For the longest time the ipv4 icmp code was registered as a pernet
500	* device which caused kernel oops, and panics during network
501	* namespace cleanup. So please don't get this wrong.
502	*/
503	int register_pernet_subsys(struct pernet_operations *);
504	void unregister_pernet_subsys(struct pernet_operations *);
505	int register_pernet_device(struct pernet_operations *);
506	void unregister_pernet_device(struct pernet_operations *);
507
508	struct ctl_table;
509
510	#define register_net_sysctl(net, path, table) \
511	register_net_sysctl_sz(net, path, table, ARRAY_SIZE(table))
512	#ifdef CONFIG_SYSCTL
513	int net_sysctl_init(void);
514	struct ctl_table_header register_net_sysctl_sz(struct* net net, const* char *path,
515	struct ctl_table *table, size_t table_size);
516	void unregister_net_sysctl_table(struct ctl_table_header *header);
517	#else
518	static inline int net_sysctl_init(void) { return `0`; }
519	static inline struct ctl_table_header register_net_sysctl_sz(struct* net *net,
520	const char path, struct* ctl_table *table, size_t table_size)
521	{
522	return NULL;
523	}
524	static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
525	{
526	}
527	#endif
528
529	static inline int rt_genid_ipv4(const struct net *net)
530	{
531	return atomic_read(v: &net->ipv4.rt_genid);
532	}
533
534	#if IS_ENABLED(CONFIG_IPV6)
535	static inline int rt_genid_ipv6(const struct net *net)
536	{
537	return atomic_read(v: &net->ipv6.fib6_sernum);
538	}
539	#endif
540
541	static inline void rt_genid_bump_ipv4(struct net *net)
542	{
543	atomic_inc(v: &net->ipv4.rt_genid);
544	}
545
546	extern void (__fib6_flush_trees)(struct* net *net);
547	static inline void rt_genid_bump_ipv6(struct net *net)
548	{
549	if (__fib6_flush_trees)
550	__fib6_flush_trees(net);
551	}
552
553	#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
554	static inline struct netns_ieee802154_lowpan *
555	net_ieee802154_lowpan(struct net *net)
556	{
557	return &net->ieee802154_lowpan;
558	}
559	#endif
560
561	/ For callers who don't really care about whether it's IPv4 or IPv6 /
562	static inline void rt_genid_bump_all(struct net *net)
563	{
564	rt_genid_bump_ipv4(net);
565	rt_genid_bump_ipv6(net);
566	}
567
568	static inline int fnhe_genid(const struct net *net)
569	{
570	return atomic_read(v: &net->fnhe_genid);
571	}
572
573	static inline void fnhe_genid_bump(struct net *net)
574	{
575	atomic_inc(v: &net->fnhe_genid);
576	}
577
578	#ifdef CONFIG_NET
579	void net_ns_init(void);
580	#else
581	static inline void net_ns_init(void) {}
582	#endif
583
584	#endif /* __NET_NET_NAMESPACE_H */
585

source code of linux/include/net/net_namespace.h