LXR linux/include/net/net

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * Operations on the network namespace
   4 */
   5#ifndef __NET_NET_NAMESPACE_H
   6#define __NET_NET_NAMESPACE_H
   7
   8#include <linux/atomic.h>
   9#include <linux/refcount.h>
  10#include <linux/workqueue.h>
  11#include <linux/list.h>
  12#include <linux/sysctl.h>
  13#include <linux/uidgid.h>
  14
  15#include <net/flow.h>
  16#include <net/netns/core.h>
  17#include <net/netns/mib.h>
  18#include <net/netns/unix.h>
  19#include <net/netns/packet.h>
  20#include <net/netns/ipv4.h>
  21#include <net/netns/ipv6.h>
  22#include <net/netns/nexthop.h>
  23#include <net/netns/ieee802154_6lowpan.h>
  24#include <net/netns/sctp.h>
  25#include <net/netns/dccp.h>
  26#include <net/netns/netfilter.h>
  27#include <net/netns/x_tables.h>
  28#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
  29#include <net/netns/conntrack.h>
  30#endif
  31#include <net/netns/nftables.h>
  32#include <net/netns/xfrm.h>
  33#include <net/netns/mpls.h>
  34#include <net/netns/can.h>
  35#include <net/netns/xdp.h>
  36#include <linux/ns_common.h>
  37#include <linux/idr.h>
  38#include <linux/skbuff.h>
  39
  40struct user_namespace;
  41struct proc_dir_entry;
  42struct net_device;
  43struct sock;
  44struct ctl_table_header;
  45struct net_generic;
  46struct uevent_sock;
  47struct netns_ipvs;
  48struct bpf_prog;
  49
  50
  51#define NETDEV_HASHBITS    8
  52#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
  53
  54struct net {
  55        refcount_t              passive;        /* To decide when the network
  56                                                 * namespace should be freed.
  57                                                 */
  58        refcount_t              count;          /* To decided when the network
  59                                                 *  namespace should be shut down.
  60                                                 */
  61        spinlock_t              rules_mod_lock;
  62
  63        u32                     hash_mix;
  64
  65        struct list_head        list;           /* list of network namespaces */
  66        struct list_head        exit_list;      /* To linked to call pernet exit
  67                                                 * methods on dead net (
  68                                                 * pernet_ops_rwsem read locked),
  69                                                 * or to unregister pernet ops
  70                                                 * (pernet_ops_rwsem write locked).
  71                                                 */
  72        struct llist_node       cleanup_list;   /* namespaces on death row */
  73
  74#ifdef CONFIG_KEYS
  75        struct key_tag          *key_domain;    /* Key domain of operation tag */
  76#endif
  77        struct user_namespace   *user_ns;       /* Owning user namespace */
  78        struct ucounts          *ucounts;
  79        spinlock_t              nsid_lock;
  80        struct idr              netns_ids;
  81
  82        struct ns_common        ns;
  83
  84        struct proc_dir_entry   *proc_net;
  85        struct proc_dir_entry   *proc_net_stat;
  86
  87#ifdef CONFIG_SYSCTL
  88        struct ctl_table_set    sysctls;
  89#endif
  90
  91        struct sock             *rtnl;                  /* rtnetlink socket */
  92        struct sock             *genl_sock;
  93
  94        struct uevent_sock      *uevent_sock;           /* uevent socket */
  95
  96        struct list_head        dev_base_head;
  97        struct hlist_head       *dev_name_head;
  98        struct hlist_head       *dev_index_head;
  99        unsigned int            dev_base_seq;   /* protected by rtnl_mutex */
 100        int                     ifindex;
 101        unsigned int            dev_unreg_count;
 102
 103        /* core fib_rules */
 104        struct list_head        rules_ops;
 105
 106        struct list_head        fib_notifier_ops;  /* Populated by
 107                                                    * register_pernet_subsys()
 108                                                    */
 109        struct net_device       *loopback_dev;          /* The loopback */
 110        struct netns_core       core;
 111        struct netns_mib        mib;
 112        struct netns_packet     packet;
 113        struct netns_unix       unx;
 114        struct netns_nexthop    nexthop;
 115        struct netns_ipv4       ipv4;
 116#if IS_ENABLED(CONFIG_IPV6)
 117        struct netns_ipv6       ipv6;
 118#endif
 119#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
 120        struct netns_ieee802154_lowpan  ieee802154_lowpan;
 121#endif
 122#if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE)
 123        struct netns_sctp       sctp;
 124#endif
 125#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
 126        struct netns_dccp       dccp;
 127#endif
 128#ifdef CONFIG_NETFILTER
 129        struct netns_nf         nf;
 130        struct netns_xt         xt;
 131#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 132        struct netns_ct         ct;
 133#endif
 134#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
 135        struct netns_nftables   nft;
 136#endif
 137#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
 138        struct netns_nf_frag    nf_frag;
 139        struct ctl_table_header *nf_frag_frags_hdr;
 140#endif
 141        struct sock             *nfnl;
 142        struct sock             *nfnl_stash;
 143#if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT)
 144        struct list_head        nfnl_acct_list;
 145#endif
 146#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
 147        struct list_head        nfct_timeout_list;
 148#endif
 149#endif
 150#ifdef CONFIG_WEXT_CORE
 151        struct sk_buff_head     wext_nlevents;
 152#endif
 153        struct net_generic __rcu        *gen;
 154
 155        struct bpf_prog __rcu   *flow_dissector_prog;
 156
 157        /* Note : following structs are cache line aligned */
 158#ifdef CONFIG_XFRM
 159        struct netns_xfrm       xfrm;
 160#endif
 161#if IS_ENABLED(CONFIG_IP_VS)
 162        struct netns_ipvs       *ipvs;
 163#endif
 164#if IS_ENABLED(CONFIG_MPLS)
 165        struct netns_mpls       mpls;
 166#endif
 167#if IS_ENABLED(CONFIG_CAN)
 168        struct netns_can        can;
 169#endif
 170#ifdef CONFIG_XDP_SOCKETS
 171        struct netns_xdp        xdp;
 172#endif
 173        struct sock             *diag_nlsk;
 174        atomic_t                fnhe_genid;
 175} __randomize_layout;
 176
 177#include <linux/seq_file_net.h>
 178
 179/* Init's network namespace */
 180extern struct net init_net;
 181
 182#ifdef CONFIG_NET_NS
 183struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns,
 184                        struct net *old_net);
 185
 186void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid);
 187
 188void net_ns_barrier(void);
 189#else /* CONFIG_NET_NS */
 190#include <linux/sched.h>
 191#include <linux/nsproxy.h>
 192static inline struct net *copy_net_ns(unsigned long flags,
 193        struct user_namespace *user_ns, struct net *old_net)
 194{
 195        if (flags & CLONE_NEWNET)
 196                return ERR_PTR(-EINVAL);
 197        return old_net;
 198}
 199
 200static inline void net_ns_get_ownership(const struct net *net,
 201                                        kuid_t *uid, kgid_t *gid)
 202{
 203        *uid = GLOBAL_ROOT_UID;
 204        *gid = GLOBAL_ROOT_GID;
 205}
 206
 207static inline void net_ns_barrier(void) {}
 208#endif /* CONFIG_NET_NS */
 209
 210
 211extern struct list_head net_namespace_list;
 212
 213struct net *get_net_ns_by_pid(pid_t pid);
 214struct net *get_net_ns_by_fd(int fd);
 215
 216#ifdef CONFIG_SYSCTL
 217void ipx_register_sysctl(void);
 218void ipx_unregister_sysctl(void);
 219#else
 220#define ipx_register_sysctl()
 221#define ipx_unregister_sysctl()
 222#endif
 223
 224#ifdef CONFIG_NET_NS
 225void __put_net(struct net *net);
 226
 227static inline struct net *get_net(struct net *net)
 228{
 229        refcount_inc(&net->count);
 230        return net;
 231}
 232
 233static inline struct net *maybe_get_net(struct net *net)
 234{
 235        /* Used when we know struct net exists but we
 236         * aren't guaranteed a previous reference count
 237         * exists.  If the reference count is zero this
 238         * function fails and returns NULL.
 239         */
 240        if (!refcount_inc_not_zero(&net->count))
 241                net = NULL;
 242        return net;
 243}
 244
 245static inline void put_net(struct net *net)
 246{
 247        if (refcount_dec_and_test(&net->count))
 248                __put_net(net);
 249}
 250
 251static inline
 252int net_eq(const struct net *net1, const struct net *net2)
 253{
 254        return net1 == net2;
 255}
 256
 257static inline int check_net(const struct net *net)
 258{
 259        return refcount_read(&net->count) != 0;
 260}
 261
 262void net_drop_ns(void *);
 263
 264#else
 265
 266static inline struct net *get_net(struct net *net)
 267{
 268        return net;
 269}
 270
 271static inline void put_net(struct net *net)
 272{
 273}
 274
 275static inline struct net *maybe_get_net(struct net *net)
 276{
 277        return net;
 278}
 279
 280static inline
 281int net_eq(const struct net *net1, const struct net *net2)
 282{
 283        return 1;
 284}
 285
 286static inline int check_net(const struct net *net)
 287{
 288        return 1;
 289}
 290
 291#define net_drop_ns NULL
 292#endif
 293
 294
 295typedef struct {
 296#ifdef CONFIG_NET_NS
 297        struct net *net;
 298#endif
 299} possible_net_t;
 300
 301static inline void write_pnet(possible_net_t *pnet, struct net *net)
 302{
 303#ifdef CONFIG_NET_NS
 304        pnet->net = net;
 305#endif
 306}
 307
 308static inline struct net *read_pnet(const possible_net_t *pnet)
 309{
 310#ifdef CONFIG_NET_NS
 311        return pnet->net;
 312#else
 313        return &init_net;
 314#endif
 315}
 316
 317/* Protected by net_rwsem */
 318#define for_each_net(VAR)                               \
 319        list_for_each_entry(VAR, &net_namespace_list, list)
 320
 321#define for_each_net_rcu(VAR)                           \
 322        list_for_each_entry_rcu(VAR, &net_namespace_list, list)
 323
 324#ifdef CONFIG_NET_NS
 325#define __net_init
 326#define __net_exit
 327#define __net_initdata
 328#define __net_initconst
 329#else
 330#define __net_init      __init
 331#define __net_exit      __ref
 332#define __net_initdata  __initdata
 333#define __net_initconst __initconst
 334#endif
 335
 336int peernet2id_alloc(struct net *net, struct net *peer);
 337int peernet2id(struct net *net, struct net *peer);
 338bool peernet_has_id(struct net *net, struct net *peer);
 339struct net *get_net_ns_by_id(struct net *net, int id);
 340
 341struct pernet_operations {
 342        struct list_head list;
 343        /*
 344         * Below methods are called without any exclusive locks.
 345         * More than one net may be constructed and destructed
 346         * in parallel on several cpus. Every pernet_operations
 347         * have to keep in mind all other pernet_operations and
 348         * to introduce a locking, if they share common resources.
 349         *
 350         * The only time they are called with exclusive lock is
 351         * from register_pernet_subsys(), unregister_pernet_subsys()
 352         * register_pernet_device() and unregister_pernet_device().
 353         *
 354         * Exit methods using blocking RCU primitives, such as
 355         * synchronize_rcu(), should be implemented via exit_batch.
 356         * Then, destruction of a group of net requires single
 357         * synchronize_rcu() related to these pernet_operations,
 358         * instead of separate synchronize_rcu() for every net.
 359         * Please, avoid synchronize_rcu() at all, where it's possible.
 360         *
 361         * Note that a combination of pre_exit() and exit() can
 362         * be used, since a synchronize_rcu() is guaranteed between
 363         * the calls.
 364         */
 365        int (*init)(struct net *net);
 366        void (*pre_exit)(struct net *net);
 367        void (*exit)(struct net *net);
 368        void (*exit_batch)(struct list_head *net_exit_list);
 369        unsigned int *id;
 370        size_t size;
 371};
 372
 373/*
 374 * Use these carefully.  If you implement a network device and it
 375 * needs per network namespace operations use device pernet operations,
 376 * otherwise use pernet subsys operations.
 377 *
 378 * Network interfaces need to be removed from a dying netns _before_
 379 * subsys notifiers can be called, as most of the network code cleanup
 380 * (which is done from subsys notifiers) runs with the assumption that
 381 * dev_remove_pack has been called so no new packets will arrive during
 382 * and after the cleanup functions have been called.  dev_remove_pack
 383 * is not per namespace so instead the guarantee of no more packets
 384 * arriving in a network namespace is provided by ensuring that all
 385 * network devices and all sockets have left the network namespace
 386 * before the cleanup methods are called.
 387 *
 388 * For the longest time the ipv4 icmp code was registered as a pernet
 389 * device which caused kernel oops, and panics during network
 390 * namespace cleanup.   So please don't get this wrong.
 391 */
 392int register_pernet_subsys(struct pernet_operations *);
 393void unregister_pernet_subsys(struct pernet_operations *);
 394int register_pernet_device(struct pernet_operations *);
 395void unregister_pernet_device(struct pernet_operations *);
 396
 397struct ctl_table;
 398struct ctl_table_header;
 399
 400#ifdef CONFIG_SYSCTL
 401int net_sysctl_init(void);
 402struct ctl_table_header *register_net_sysctl(struct net *net, const char *path,
 403                                             struct ctl_table *table);
 404void unregister_net_sysctl_table(struct ctl_table_header *header);
 405#else
 406static inline int net_sysctl_init(void) { return 0; }
 407static inline struct ctl_table_header *register_net_sysctl(struct net *net,
 408        const char *path, struct ctl_table *table)
 409{
 410        return NULL;
 411}
 412static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
 413{
 414}
 415#endif
 416
 417static inline int rt_genid_ipv4(struct net *net)
 418{
 419        return atomic_read(&net->ipv4.rt_genid);
 420}
 421
 422static inline void rt_genid_bump_ipv4(struct net *net)
 423{
 424        atomic_inc(&net->ipv4.rt_genid);
 425}
 426
 427extern void (*__fib6_flush_trees)(struct net *net);
 428static inline void rt_genid_bump_ipv6(struct net *net)
 429{
 430        if (__fib6_flush_trees)
 431                __fib6_flush_trees(net);
 432}
 433
 434#if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
 435static inline struct netns_ieee802154_lowpan *
 436net_ieee802154_lowpan(struct net *net)
 437{
 438        return &net->ieee802154_lowpan;
 439}
 440#endif
 441
 442/* For callers who don't really care about whether it's IPv4 or IPv6 */
 443static inline void rt_genid_bump_all(struct net *net)
 444{
 445        rt_genid_bump_ipv4(net);
 446        rt_genid_bump_ipv6(net);
 447}
 448
 449static inline int fnhe_genid(struct net *net)
 450{
 451        return atomic_read(&net->fnhe_genid);
 452}
 453
 454static inline void fnhe_genid_bump(struct net *net)
 455{
 456        atomic_inc(&net->fnhe_genid);
 457}
 458
 459#endif /* __NET_NET_NAMESPACE_H */
 460