net_namespace.h source code [linux/include/net/net_namespace.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	/*
3	* Operations on the network namespace
4	*/
5	#ifndef __NET_NET_NAMESPACE_H
6	#define __NET_NET_NAMESPACE_H
7
8	#include <linux/atomic.h>
9	#include <linux/refcount.h>
10	#include <linux/workqueue.h>
11	#include <linux/list.h>
12	#include <linux/sysctl.h>
13	#include <linux/uidgid.h>
14
15	#include <net/flow.h>
16	#include <net/netns/core.h>
17	#include <net/netns/mib.h>
18	#include <net/netns/unix.h>
19	#include <net/netns/packet.h>
20	#include <net/netns/ipv4.h>
21	#include <net/netns/ipv6.h>
22	#include <net/netns/nexthop.h>
23	#include <net/netns/ieee802154_6lowpan.h>
24	#include <net/netns/sctp.h>
25	#include <net/netns/netfilter.h>
26	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
27	#include <net/netns/conntrack.h>
28	#endif
29	#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
30	#include <net/netns/flow_table.h>
31	#endif
32	#include <net/netns/nftables.h>
33	#include <net/netns/xfrm.h>
34	#include <net/netns/mpls.h>
35	#include <net/netns/can.h>
36	#include <net/netns/xdp.h>
37	#include <net/netns/smc.h>
38	#include <net/netns/bpf.h>
39	#include <net/netns/mctp.h>
40	#include <net/net_trackers.h>
41	#include <linux/ns_common.h>
42	#include <linux/idr.h>
43	#include <linux/skbuff.h>
44	#include <linux/notifier.h>
45
46	struct user_namespace;
47	struct proc_dir_entry;
48	struct net_device;
49	struct sock;
50	struct ctl_table_header;
51	struct net_generic;
52	struct uevent_sock;
53	struct netns_ipvs;
54	struct bpf_prog;
55
56
57	#define NETDEV_HASHBITS 8
58	#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
59
60	struct net {
61	/ First cache line can be often dirtied.*
62	* Do not place here read-mostly fields.
63	*/
64	refcount_t passive; / To decide when the network*
65	* namespace should be freed.
66	*/
67	spinlock_t rules_mod_lock;
68
69	atomic_t dev_unreg_count;
70
71	unsigned int dev_base_seq; / protected by rtnl_mutex /
72	int ifindex;
73
74	spinlock_t nsid_lock;
75	atomic_t fnhe_genid;
76
77	struct list_head list; / list of network namespaces /
78	struct list_head exit_list; / To linked to call pernet exit*
79	* methods on dead net (
80	* pernet_ops_rwsem read locked),
81	* or to unregister pernet ops
82	* (pernet_ops_rwsem write locked).
83	*/
84	struct llist_node cleanup_list; / namespaces on death row /
85
86	#ifdef CONFIG_KEYS
87	struct key_tag key_domain; /* Key domain of operation tag /
88	#endif
89	struct user_namespace user_ns; /* Owning user namespace /
90	struct ucounts *ucounts;
91	struct idr netns_ids;
92
93	struct ns_common ns;
94	struct ref_tracker_dir refcnt_tracker;
95
96	struct list_head dev_base_head;
97	struct proc_dir_entry *proc_net;
98	struct proc_dir_entry *proc_net_stat;
99
100	#ifdef CONFIG_SYSCTL
101	struct ctl_table_set sysctls;
102	#endif
103
104	struct sock rtnl; /* rtnetlink socket /
105	struct sock *genl_sock;
106
107	struct uevent_sock uevent_sock; /* uevent socket /
108
109	struct hlist_head *dev_name_head;
110	struct hlist_head *dev_index_head;
111	struct raw_notifier_head netdev_chain;
112
113	/ Note that @hash_mix can be read millions times per second,*
114	* it is critical that it is on a read_mostly cache line.
115	*/
116	u32 hash_mix;
117
118	struct net_device loopback_dev; /* The loopback /
119
120	/ core fib_rules /
121	struct list_head rules_ops;
122
123	struct netns_core core;
124	struct netns_mib mib;
125	struct netns_packet packet;
126	#if IS_ENABLED(CONFIG_UNIX)
127	struct netns_unix unx;
128	#endif
129	struct netns_nexthop nexthop;
130	struct netns_ipv4 ipv4;
131	#if IS_ENABLED(CONFIG_IPV6)
132	struct netns_ipv6 ipv6;
133	#endif
134	#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
135	struct netns_ieee802154_lowpan ieee802154_lowpan;
136	#endif
137	#if defined(CONFIG_IP_SCTP) \|\| defined(CONFIG_IP_SCTP_MODULE)
138	struct netns_sctp sctp;
139	#endif
140	#ifdef CONFIG_NETFILTER
141	struct netns_nf nf;
142	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
143	struct netns_ct ct;
144	#endif
145	#if defined(CONFIG_NF_TABLES) \|\| defined(CONFIG_NF_TABLES_MODULE)
146	struct netns_nftables nft;
147	#endif
148	#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
149	struct netns_ft ft;
150	#endif
151	#endif
152	#ifdef CONFIG_WEXT_CORE
153	struct sk_buff_head wext_nlevents;
154	#endif
155	struct net_generic __rcu *gen;
156
157	/ Used to store attached BPF programs /
158	struct netns_bpf bpf;
159
160	/ Note : following structs are cache line aligned /
161	#ifdef CONFIG_XFRM
162	struct netns_xfrm xfrm;
163	#endif
164
165	u64 net_cookie; / written once /
166
167	#if IS_ENABLED(CONFIG_IP_VS)
168	struct netns_ipvs *ipvs;
169	#endif
170	#if IS_ENABLED(CONFIG_MPLS)
171	struct netns_mpls mpls;
172	#endif
173	#if IS_ENABLED(CONFIG_CAN)
174	struct netns_can can;
175	#endif
176	#ifdef CONFIG_XDP_SOCKETS
177	struct netns_xdp xdp;
178	#endif
179	#if IS_ENABLED(CONFIG_MCTP)
180	struct netns_mctp mctp;
181	#endif
182	#if IS_ENABLED(CONFIG_CRYPTO_USER)
183	struct sock *crypto_nlsk;
184	#endif
185	struct sock *diag_nlsk;
186	#if IS_ENABLED(CONFIG_SMC)
187	struct netns_smc smc;
188	#endif
189	} __randomize_layout;
190
191	#include <linux/seq_file_net.h>
192
193	/ Init's network namespace /
194	extern struct net init_net;
195
196	#ifdef CONFIG_NET_NS
197	struct net copy_net_ns(unsigned* long flags, struct user_namespace *user_ns,
198	struct net *old_net);
199
200	void net_ns_get_ownership(const struct net net, kuid_t uid, kgid_t *gid);
201
202	void net_ns_barrier(void);
203
204	struct ns_common get_net_ns(struct* ns_common *ns);
205	struct net get_net_ns_by_fd(int* fd);
206	#else /* CONFIG_NET_NS */
207	#include <linux/sched.h>
208	#include <linux/nsproxy.h>
209	static inline struct net copy_net_ns(unsigned* long flags,
210	struct user_namespace user_ns, struct* net *old_net)
211	{
212	if (flags & CLONE_NEWNET)
213	return ERR_PTR(-EINVAL);
214	return old_net;
215	}
216
217	static inline void net_ns_get_ownership(const struct net *net,
218	kuid_t uid, kgid_t gid)
219	{
220	*uid = GLOBAL_ROOT_UID;
221	*gid = GLOBAL_ROOT_GID;
222	}
223
224	static inline void net_ns_barrier(void) {}
225
226	static inline struct ns_common get_net_ns(struct* ns_common *ns)
227	{
228	return ERR_PTR(-EINVAL);
229	}
230
231	static inline struct net get_net_ns_by_fd(int* fd)
232	{
233	return ERR_PTR(-EINVAL);
234	}
235	#endif /* CONFIG_NET_NS */
236
237
238	extern struct list_head net_namespace_list;
239
240	struct net *get_net_ns_by_pid(pid_t pid);
241
242	#ifdef CONFIG_SYSCTL
243	void ipx_register_sysctl(void);
244	void ipx_unregister_sysctl(void);
245	#else
246	#define ipx_register_sysctl()
247	#define ipx_unregister_sysctl()
248	#endif
249
250	#ifdef CONFIG_NET_NS
251	void __put_net(struct net *net);
252
253	/ Try using get_net_track() instead /
254	static inline struct net get_net(struct* net *net)
255	{
256	refcount_inc(&net->ns.count);
257	return net;
258	}
259
260	static inline struct net maybe_get_net(struct* net *net)
261	{
262	/ Used when we know struct net exists but we*
263	* aren't guaranteed a previous reference count
264	* exists. If the reference count is zero this
265	* function fails and returns NULL.
266	*/
267	if (!refcount_inc_not_zero(&net->ns.count))
268	net = NULL;
269	return net;
270	}
271
272	/ Try using put_net_track() instead /
273	static inline void put_net(struct net *net)
274	{
275	if (refcount_dec_and_test(&net->ns.count))
276	__put_net(net);
277	}
278
279	static inline
280	int net_eq(const struct net net1, const* struct net *net2)
281	{
282	return net1 == net2;
283	}
284
285	static inline int check_net(const struct net *net)
286	{
287	return refcount_read(&net->ns.count) != `0`;
288	}
289
290	void net_drop_ns(void *);
291
292	#else
293
294	static inline struct net get_net(struct* net *net)
295	{
296	return net;
297	}
298
299	static inline void put_net(struct net *net)
300	{
301	}
302
303	static inline struct net maybe_get_net(struct* net *net)
304	{
305	return net;
306	}
307
308	static inline
309	int net_eq(const struct net net1, const* struct net *net2)
310	{
311	return `1`;
312	}
313
314	static inline int check_net(const struct net *net)
315	{
316	return `1`;
317	}
318
319	#define net_drop_ns NULL
320	#endif
321
322
323	static inline void netns_tracker_alloc(struct net *net,
324	netns_tracker *tracker, gfp_t gfp)
325	{
326	#ifdef CONFIG_NET_NS_REFCNT_TRACKER
327	ref_tracker_alloc(&net->refcnt_tracker, tracker, gfp);
328	#endif
329	}
330
331	static inline void netns_tracker_free(struct net *net,
332	netns_tracker *tracker)
333	{
334	#ifdef CONFIG_NET_NS_REFCNT_TRACKER
335	ref_tracker_free(&net->refcnt_tracker, tracker);
336	#endif
337	}
338
339	static inline struct net get_net_track(struct* net *net,
340	netns_tracker *tracker, gfp_t gfp)
341	{
342	get_net(net);
343	netns_tracker_alloc(net, tracker, gfp);
344	return net;
345	}
346
347	static inline void put_net_track(struct net net, netns_tracker tracker)
348	{
349	netns_tracker_free(net, tracker);
350	put_net(net);
351	}
352
353	typedef struct {
354	#ifdef CONFIG_NET_NS
355	struct net *net;
356	#endif
357	} possible_net_t;
358
359	static inline void write_pnet(possible_net_t pnet, struct* net *net)
360	{
361	#ifdef CONFIG_NET_NS
362	pnet->net = net;
363	#endif
364	}
365
366	static inline struct net read_pnet(const* possible_net_t *pnet)
367	{
368	#ifdef CONFIG_NET_NS
369	return pnet->net;
370	#else
371	return &init_net;
372	#endif
373	}
374
375	/ Protected by net_rwsem /
376	#define for_each_net(VAR) \
377	list_for_each_entry(VAR, &net_namespace_list, list)
378	#define for_each_net_continue_reverse(VAR) \
379	list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list)
380	#define for_each_net_rcu(VAR) \
381	list_for_each_entry_rcu(VAR, &net_namespace_list, list)
382
383	#ifdef CONFIG_NET_NS
384	#define __net_init
385	#define __net_exit
386	#define __net_initdata
387	#define __net_initconst
388	#else
389	#define __net_init __init
390	#define __net_exit __ref
391	#define __net_initdata __initdata
392	#define __net_initconst __initconst
393	#endif
394
395	int peernet2id_alloc(struct net net, struct* net *peer, gfp_t gfp);
396	int peernet2id(const struct net net, struct* net *peer);
397	bool peernet_has_id(const struct net net, struct* net *peer);
398	struct net get_net_ns_by_id(const* struct net net, int* id);
399
400	struct pernet_operations {
401	struct list_head list;
402	/*
403	* Below methods are called without any exclusive locks.
404	* More than one net may be constructed and destructed
405	* in parallel on several cpus. Every pernet_operations
406	* have to keep in mind all other pernet_operations and
407	* to introduce a locking, if they share common resources.
408	*
409	* The only time they are called with exclusive lock is
410	* from register_pernet_subsys(), unregister_pernet_subsys()
411	* register_pernet_device() and unregister_pernet_device().
412	*
413	* Exit methods using blocking RCU primitives, such as
414	* synchronize_rcu(), should be implemented via exit_batch.
415	* Then, destruction of a group of net requires single
416	* synchronize_rcu() related to these pernet_operations,
417	* instead of separate synchronize_rcu() for every net.
418	* Please, avoid synchronize_rcu() at all, where it's possible.
419	*
420	* Note that a combination of pre_exit() and exit() can
421	* be used, since a synchronize_rcu() is guaranteed between
422	* the calls.
423	*/
424	int (init)(struct* net *net);
425	void (pre_exit)(struct* net *net);
426	void (exit)(struct* net *net);
427	void (exit_batch)(struct* list_head *net_exit_list);
428	unsigned int *id;
429	size_t size;
430	};
431
432	/*
433	* Use these carefully. If you implement a network device and it
434	* needs per network namespace operations use device pernet operations,
435	* otherwise use pernet subsys operations.
436	*
437	* Network interfaces need to be removed from a dying netns _before_
438	* subsys notifiers can be called, as most of the network code cleanup
439	* (which is done from subsys notifiers) runs with the assumption that
440	* dev_remove_pack has been called so no new packets will arrive during
441	* and after the cleanup functions have been called. dev_remove_pack
442	* is not per namespace so instead the guarantee of no more packets
443	* arriving in a network namespace is provided by ensuring that all
444	* network devices and all sockets have left the network namespace
445	* before the cleanup methods are called.
446	*
447	* For the longest time the ipv4 icmp code was registered as a pernet
448	* device which caused kernel oops, and panics during network
449	* namespace cleanup. So please don't get this wrong.
450	*/
451	int register_pernet_subsys(struct pernet_operations *);
452	void unregister_pernet_subsys(struct pernet_operations *);
453	int register_pernet_device(struct pernet_operations *);
454	void unregister_pernet_device(struct pernet_operations *);
455
456	struct ctl_table;
457
458	#ifdef CONFIG_SYSCTL
459	int net_sysctl_init(void);
460	struct ctl_table_header register_net_sysctl(struct* net net, const* char *path,
461	struct ctl_table *table);
462	void unregister_net_sysctl_table(struct ctl_table_header *header);
463	#else
464	static inline int net_sysctl_init(void) { return `0`; }
465	static inline struct ctl_table_header register_net_sysctl(struct* net *net,
466	const char path, struct* ctl_table *table)
467	{
468	return NULL;
469	}
470	static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
471	{
472	}
473	#endif
474
475	static inline int rt_genid_ipv4(const struct net *net)
476	{
477	return atomic_read(&net->ipv4.rt_genid);
478	}
479
480	#if IS_ENABLED(CONFIG_IPV6)
481	static inline int rt_genid_ipv6(const struct net *net)
482	{
483	return atomic_read(&net->ipv6.fib6_sernum);
484	}
485	#endif
486
487	static inline void rt_genid_bump_ipv4(struct net *net)
488	{
489	atomic_inc(&net->ipv4.rt_genid);
490	}
491
492	extern void (__fib6_flush_trees)(struct* net *net);
493	static inline void rt_genid_bump_ipv6(struct net *net)
494	{
495	if (__fib6_flush_trees)
496	__fib6_flush_trees(net);
497	}
498
499	#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
500	static inline struct netns_ieee802154_lowpan *
501	net_ieee802154_lowpan(struct net *net)
502	{
503	return &net->ieee802154_lowpan;
504	}
505	#endif
506
507	/ For callers who don't really care about whether it's IPv4 or IPv6 /
508	static inline void rt_genid_bump_all(struct net *net)
509	{
510	rt_genid_bump_ipv4(net);
511	rt_genid_bump_ipv6(net);
512	}
513
514	static inline int fnhe_genid(const struct net *net)
515	{
516	return atomic_read(&net->fnhe_genid);
517	}
518
519	static inline void fnhe_genid_bump(struct net *net)
520	{
521	atomic_inc(&net->fnhe_genid);
522	}
523
524	#ifdef CONFIG_NET
525	void net_ns_init(void);
526	#else
527	static inline void net_ns_init(void) {}
528	#endif
529
530	#endif /* __NET_NET_NAMESPACE_H */
531

source code of linux/include/net/net_namespace.h