LXR linux/include/net/net

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * Operations on the network namespace
   4 */
   5#ifndef __NET_NET_NAMESPACE_H
   6#define __NET_NET_NAMESPACE_H
   7
   8#include <linux/atomic.h>
   9#include <linux/refcount.h>
  10#include <linux/workqueue.h>
  11#include <linux/list.h>
  12#include <linux/sysctl.h>
  13
  14#include <net/flow.h>
  15#include <net/netns/core.h>
  16#include <net/netns/mib.h>
  17#include <net/netns/unix.h>
  18#include <net/netns/packet.h>
  19#include <net/netns/ipv4.h>
  20#include <net/netns/ipv6.h>
  21#include <net/netns/ieee802154_6lowpan.h>
  22#include <net/netns/sctp.h>
  23#include <net/netns/dccp.h>
  24#include <net/netns/netfilter.h>
  25#include <net/netns/x_tables.h>
  26#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
  27#include <net/netns/conntrack.h>
  28#endif
  29#include <net/netns/nftables.h>
  30#include <net/netns/xfrm.h>
  31#include <net/netns/mpls.h>
  32#include <net/netns/can.h>
  33#include <linux/ns_common.h>
  34#include <linux/idr.h>
  35#include <linux/skbuff.h>
  36
  37struct user_namespace;
  38struct proc_dir_entry;
  39struct net_device;
  40struct sock;
  41struct ctl_table_header;
  42struct net_generic;
  43struct uevent_sock;
  44struct netns_ipvs;
  45
  46
  47#define NETDEV_HASHBITS    8
  48#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
  49
  50struct net {
  51        refcount_t              passive;        /* To decided when the network
  52                                                 * namespace should be freed.
  53                                                 */
  54        refcount_t              count;          /* To decided when the network
  55                                                 *  namespace should be shut down.
  56                                                 */
  57        spinlock_t              rules_mod_lock;
  58
  59        atomic64_t              cookie_gen;
  60
  61        struct list_head        list;           /* list of network namespaces */
  62        struct list_head        exit_list;      /* To linked to call pernet exit
  63                                                 * methods on dead net (
  64                                                 * pernet_ops_rwsem read locked),
  65                                                 * or to unregister pernet ops
  66                                                 * (pernet_ops_rwsem write locked).
  67                                                 */
  68        struct llist_node       cleanup_list;   /* namespaces on death row */
  69
  70        struct user_namespace   *user_ns;       /* Owning user namespace */
  71        struct ucounts          *ucounts;
  72        spinlock_t              nsid_lock;
  73        struct idr              netns_ids;
  74
  75        struct ns_common        ns;
  76
  77        struct proc_dir_entry   *proc_net;
  78        struct proc_dir_entry   *proc_net_stat;
  79
  80#ifdef CONFIG_SYSCTL
  81        struct ctl_table_set    sysctls;
  82#endif
  83
  84        struct sock             *rtnl;                  /* rtnetlink socket */
  85        struct sock             *genl_sock;
  86
  87        struct uevent_sock      *uevent_sock;           /* uevent socket */
  88
  89        struct list_head        dev_base_head;
  90        struct hlist_head       *dev_name_head;
  91        struct hlist_head       *dev_index_head;
  92        unsigned int            dev_base_seq;   /* protected by rtnl_mutex */
  93        int                     ifindex;
  94        unsigned int            dev_unreg_count;
  95
  96        /* core fib_rules */
  97        struct list_head        rules_ops;
  98
  99        struct list_head        fib_notifier_ops;  /* Populated by
 100                                                    * register_pernet_subsys()
 101                                                    */
 102        struct net_device       *loopback_dev;          /* The loopback */
 103        struct netns_core       core;
 104        struct netns_mib        mib;
 105        struct netns_packet     packet;
 106        struct netns_unix       unx;
 107        struct netns_ipv4       ipv4;
 108#if IS_ENABLED(CONFIG_IPV6)
 109        struct netns_ipv6       ipv6;
 110#endif
 111#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
 112        struct netns_ieee802154_lowpan  ieee802154_lowpan;
 113#endif
 114#if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE)
 115        struct netns_sctp       sctp;
 116#endif
 117#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
 118        struct netns_dccp       dccp;
 119#endif
 120#ifdef CONFIG_NETFILTER
 121        struct netns_nf         nf;
 122        struct netns_xt         xt;
 123#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 124        struct netns_ct         ct;
 125#endif
 126#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
 127        struct netns_nftables   nft;
 128#endif
 129#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
 130        struct netns_nf_frag    nf_frag;
 131        struct ctl_table_header *nf_frag_frags_hdr;
 132#endif
 133        struct sock             *nfnl;
 134        struct sock             *nfnl_stash;
 135#if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT)
 136        struct list_head        nfnl_acct_list;
 137#endif
 138#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
 139        struct list_head        nfct_timeout_list;
 140#endif
 141#endif
 142#ifdef CONFIG_WEXT_CORE
 143        struct sk_buff_head     wext_nlevents;
 144#endif
 145        struct net_generic __rcu        *gen;
 146
 147        /* Note : following structs are cache line aligned */
 148#ifdef CONFIG_XFRM
 149        struct netns_xfrm       xfrm;
 150#endif
 151#if IS_ENABLED(CONFIG_IP_VS)
 152        struct netns_ipvs       *ipvs;
 153#endif
 154#if IS_ENABLED(CONFIG_MPLS)
 155        struct netns_mpls       mpls;
 156#endif
 157#if IS_ENABLED(CONFIG_CAN)
 158        struct netns_can        can;
 159#endif
 160        struct sock             *diag_nlsk;
 161        atomic_t                fnhe_genid;
 162} __randomize_layout;
 163
 164#include <linux/seq_file_net.h>
 165
 166/* Init's network namespace */
 167extern struct net init_net;
 168
 169#ifdef CONFIG_NET_NS
 170struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns,
 171                        struct net *old_net);
 172
 173void net_ns_barrier(void);
 174#else /* CONFIG_NET_NS */
 175#include <linux/sched.h>
 176#include <linux/nsproxy.h>
 177static inline struct net *copy_net_ns(unsigned long flags,
 178        struct user_namespace *user_ns, struct net *old_net)
 179{
 180        if (flags & CLONE_NEWNET)
 181                return ERR_PTR(-EINVAL);
 182        return old_net;
 183}
 184
 185static inline void net_ns_barrier(void) {}
 186#endif /* CONFIG_NET_NS */
 187
 188
 189extern struct list_head net_namespace_list;
 190
 191struct net *get_net_ns_by_pid(pid_t pid);
 192struct net *get_net_ns_by_fd(int fd);
 193
 194#ifdef CONFIG_SYSCTL
 195void ipx_register_sysctl(void);
 196void ipx_unregister_sysctl(void);
 197#else
 198#define ipx_register_sysctl()
 199#define ipx_unregister_sysctl()
 200#endif
 201
 202#ifdef CONFIG_NET_NS
 203void __put_net(struct net *net);
 204
 205static inline struct net *get_net(struct net *net)
 206{
 207        refcount_inc(&net->count);
 208        return net;
 209}
 210
 211static inline struct net *maybe_get_net(struct net *net)
 212{
 213        /* Used when we know struct net exists but we
 214         * aren't guaranteed a previous reference count
 215         * exists.  If the reference count is zero this
 216         * function fails and returns NULL.
 217         */
 218        if (!refcount_inc_not_zero(&net->count))
 219                net = NULL;
 220        return net;
 221}
 222
 223static inline void put_net(struct net *net)
 224{
 225        if (refcount_dec_and_test(&net->count))
 226                __put_net(net);
 227}
 228
 229static inline
 230int net_eq(const struct net *net1, const struct net *net2)
 231{
 232        return net1 == net2;
 233}
 234
 235static inline int check_net(const struct net *net)
 236{
 237        return refcount_read(&net->count) != 0;
 238}
 239
 240void net_drop_ns(void *);
 241
 242#else
 243
 244static inline struct net *get_net(struct net *net)
 245{
 246        return net;
 247}
 248
 249static inline void put_net(struct net *net)
 250{
 251}
 252
 253static inline struct net *maybe_get_net(struct net *net)
 254{
 255        return net;
 256}
 257
 258static inline
 259int net_eq(const struct net *net1, const struct net *net2)
 260{
 261        return 1;
 262}
 263
 264static inline int check_net(const struct net *net)
 265{
 266        return 1;
 267}
 268
 269#define net_drop_ns NULL
 270#endif
 271
 272
 273typedef struct {
 274#ifdef CONFIG_NET_NS
 275        struct net *net;
 276#endif
 277} possible_net_t;
 278
 279static inline void write_pnet(possible_net_t *pnet, struct net *net)
 280{
 281#ifdef CONFIG_NET_NS
 282        pnet->net = net;
 283#endif
 284}
 285
 286static inline struct net *read_pnet(const possible_net_t *pnet)
 287{
 288#ifdef CONFIG_NET_NS
 289        return pnet->net;
 290#else
 291        return &init_net;
 292#endif
 293}
 294
 295/* Protected by net_rwsem */
 296#define for_each_net(VAR)                               \
 297        list_for_each_entry(VAR, &net_namespace_list, list)
 298
 299#define for_each_net_rcu(VAR)                           \
 300        list_for_each_entry_rcu(VAR, &net_namespace_list, list)
 301
 302#ifdef CONFIG_NET_NS
 303#define __net_init
 304#define __net_exit
 305#define __net_initdata
 306#define __net_initconst
 307#else
 308#define __net_init      __init
 309#define __net_exit      __ref
 310#define __net_initdata  __initdata
 311#define __net_initconst __initconst
 312#endif
 313
 314int peernet2id_alloc(struct net *net, struct net *peer);
 315int peernet2id(struct net *net, struct net *peer);
 316bool peernet_has_id(struct net *net, struct net *peer);
 317struct net *get_net_ns_by_id(struct net *net, int id);
 318
 319struct pernet_operations {
 320        struct list_head list;
 321        /*
 322         * Below methods are called without any exclusive locks.
 323         * More than one net may be constructed and destructed
 324         * in parallel on several cpus. Every pernet_operations
 325         * have to keep in mind all other pernet_operations and
 326         * to introduce a locking, if they share common resources.
 327         *
 328         * The only time they are called with exclusive lock is
 329         * from register_pernet_subsys(), unregister_pernet_subsys()
 330         * register_pernet_device() and unregister_pernet_device().
 331         *
 332         * Exit methods using blocking RCU primitives, such as
 333         * synchronize_rcu(), should be implemented via exit_batch.
 334         * Then, destruction of a group of net requires single
 335         * synchronize_rcu() related to these pernet_operations,
 336         * instead of separate synchronize_rcu() for every net.
 337         * Please, avoid synchronize_rcu() at all, where it's possible.
 338         */
 339        int (*init)(struct net *net);
 340        void (*exit)(struct net *net);
 341        void (*exit_batch)(struct list_head *net_exit_list);
 342        unsigned int *id;
 343        size_t size;
 344};
 345
 346/*
 347 * Use these carefully.  If you implement a network device and it
 348 * needs per network namespace operations use device pernet operations,
 349 * otherwise use pernet subsys operations.
 350 *
 351 * Network interfaces need to be removed from a dying netns _before_
 352 * subsys notifiers can be called, as most of the network code cleanup
 353 * (which is done from subsys notifiers) runs with the assumption that
 354 * dev_remove_pack has been called so no new packets will arrive during
 355 * and after the cleanup functions have been called.  dev_remove_pack
 356 * is not per namespace so instead the guarantee of no more packets
 357 * arriving in a network namespace is provided by ensuring that all
 358 * network devices and all sockets have left the network namespace
 359 * before the cleanup methods are called.
 360 *
 361 * For the longest time the ipv4 icmp code was registered as a pernet
 362 * device which caused kernel oops, and panics during network
 363 * namespace cleanup.   So please don't get this wrong.
 364 */
 365int register_pernet_subsys(struct pernet_operations *);
 366void unregister_pernet_subsys(struct pernet_operations *);
 367int register_pernet_device(struct pernet_operations *);
 368void unregister_pernet_device(struct pernet_operations *);
 369
 370struct ctl_table;
 371struct ctl_table_header;
 372
 373#ifdef CONFIG_SYSCTL
 374int net_sysctl_init(void);
 375struct ctl_table_header *register_net_sysctl(struct net *net, const char *path,
 376                                             struct ctl_table *table);
 377void unregister_net_sysctl_table(struct ctl_table_header *header);
 378#else
 379static inline int net_sysctl_init(void) { return 0; }
 380static inline struct ctl_table_header *register_net_sysctl(struct net *net,
 381        const char *path, struct ctl_table *table)
 382{
 383        return NULL;
 384}
 385static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
 386{
 387}
 388#endif
 389
 390static inline int rt_genid_ipv4(struct net *net)
 391{
 392        return atomic_read(&net->ipv4.rt_genid);
 393}
 394
 395static inline void rt_genid_bump_ipv4(struct net *net)
 396{
 397        atomic_inc(&net->ipv4.rt_genid);
 398}
 399
 400extern void (*__fib6_flush_trees)(struct net *net);
 401static inline void rt_genid_bump_ipv6(struct net *net)
 402{
 403        if (__fib6_flush_trees)
 404                __fib6_flush_trees(net);
 405}
 406
 407#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
 408static inline struct netns_ieee802154_lowpan *
 409net_ieee802154_lowpan(struct net *net)
 410{
 411        return &net->ieee802154_lowpan;
 412}
 413#endif
 414
 415/* For callers who don't really care about whether it's IPv4 or IPv6 */
 416static inline void rt_genid_bump_all(struct net *net)
 417{
 418        rt_genid_bump_ipv4(net);
 419        rt_genid_bump_ipv6(net);
 420}
 421
 422static inline int fnhe_genid(struct net *net)
 423{
 424        return atomic_read(&net->fnhe_genid);
 425}
 426
 427static inline void fnhe_genid_bump(struct net *net)
 428{
 429        atomic_inc(&net->fnhe_genid);
 430}
 431
 432#endif /* __NET_NET_NAMESPACE_H */
 433