1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Operations on the network namespace 4 */ 5 #ifndef __NET_NET_NAMESPACE_H 6 #define __NET_NET_NAMESPACE_H 7 8 #include <linux/atomic.h> 9 #include <linux/refcount.h> 10 #include <linux/workqueue.h> 11 #include <linux/list.h> 12 #include <linux/sysctl.h> 13 #include <linux/uidgid.h> 14 15 #include <net/flow.h> 16 #include <net/netns/core.h> 17 #include <net/netns/mib.h> 18 #include <net/netns/unix.h> 19 #include <net/netns/packet.h> 20 #include <net/netns/ipv4.h> 21 #include <net/netns/ipv6.h> 22 #include <net/netns/nexthop.h> 23 #include <net/netns/ieee802154_6lowpan.h> 24 #include <net/netns/sctp.h> 25 #include <net/netns/netfilter.h> 26 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 27 #include <net/netns/conntrack.h> 28 #endif 29 #if IS_ENABLED(CONFIG_NF_FLOW_TABLE) 30 #include <net/netns/flow_table.h> 31 #endif 32 #include <net/netns/nftables.h> 33 #include <net/netns/xfrm.h> 34 #include <net/netns/mpls.h> 35 #include <net/netns/can.h> 36 #include <net/netns/xdp.h> 37 #include <net/netns/smc.h> 38 #include <net/netns/bpf.h> 39 #include <net/netns/mctp.h> 40 #include <net/netns/vsock.h> 41 #include <net/net_trackers.h> 42 #include <linux/ns_common.h> 43 #include <linux/idr.h> 44 #include <linux/skbuff.h> 45 #include <linux/notifier.h> 46 #include <linux/xarray.h> 47 48 struct user_namespace; 49 struct proc_dir_entry; 50 struct net_device; 51 struct sock; 52 struct ctl_table_header; 53 struct net_generic; 54 struct uevent_sock; 55 struct netns_ipvs; 56 struct bpf_prog; 57 58 59 #define NETDEV_HASHBITS 8 60 #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) 61 62 struct net { 63 /* First cache line can be often dirtied. 64 * Do not place here read-mostly fields. 65 */ 66 refcount_t passive; /* To decide when the network 67 * namespace should be freed. 68 */ 69 spinlock_t rules_mod_lock; 70 71 unsigned int dev_base_seq; /* protected by rtnl_mutex */ 72 u32 ifindex; 73 74 spinlock_t nsid_lock; 75 atomic_t fnhe_genid; 76 77 struct list_head list; /* list of network namespaces */ 78 struct list_head exit_list; /* To linked to call pernet exit 79 * methods on dead net ( 80 * pernet_ops_rwsem read locked), 81 * or to unregister pernet ops 82 * (pernet_ops_rwsem write locked). 83 */ 84 struct llist_node defer_free_list; 85 struct llist_node cleanup_list; /* namespaces on death row */ 86 87 struct list_head ptype_all; 88 struct list_head ptype_specific; 89 90 #ifdef CONFIG_KEYS 91 struct key_tag *key_domain; /* Key domain of operation tag */ 92 #endif 93 struct user_namespace *user_ns; /* Owning user namespace */ 94 struct ucounts *ucounts; 95 struct idr netns_ids; 96 97 struct ns_common ns; 98 struct ref_tracker_dir refcnt_tracker; 99 struct ref_tracker_dir notrefcnt_tracker; /* tracker for objects not 100 * refcounted against netns 101 */ 102 struct list_head dev_base_head; 103 struct proc_dir_entry *proc_net; 104 struct proc_dir_entry *proc_net_stat; 105 106 #ifdef CONFIG_SYSCTL 107 struct ctl_table_set sysctls; 108 #endif 109 110 struct sock *rtnl; /* rtnetlink socket */ 111 struct sock *genl_sock; 112 113 struct uevent_sock *uevent_sock; /* uevent socket */ 114 115 struct hlist_head *dev_name_head; 116 struct hlist_head *dev_index_head; 117 struct xarray dev_by_index; 118 struct raw_notifier_head netdev_chain; 119 120 /* Note that @hash_mix can be read millions times per second, 121 * it is critical that it is on a read_mostly cache line. 122 */ 123 u32 hash_mix; 124 125 struct net_device *loopback_dev; /* The loopback */ 126 127 /* core fib_rules */ 128 struct list_head rules_ops; 129 130 struct netns_core core; 131 struct netns_mib mib; 132 struct netns_packet packet; 133 #if IS_ENABLED(CONFIG_UNIX) 134 struct netns_unix unx; 135 #endif 136 struct netns_nexthop nexthop; 137 struct netns_ipv4 ipv4; 138 #if IS_ENABLED(CONFIG_IPV6) 139 struct netns_ipv6 ipv6; 140 #endif 141 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 142 struct netns_ieee802154_lowpan ieee802154_lowpan; 143 #endif 144 #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) 145 struct netns_sctp sctp; 146 #endif 147 #ifdef CONFIG_NETFILTER 148 struct netns_nf nf; 149 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 150 struct netns_ct ct; 151 #endif 152 #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE) 153 struct netns_nftables nft; 154 #endif 155 #if IS_ENABLED(CONFIG_NF_FLOW_TABLE) 156 struct netns_ft ft; 157 #endif 158 #endif 159 #ifdef CONFIG_WEXT_CORE 160 struct sk_buff_head wext_nlevents; 161 #endif 162 struct net_generic __rcu *gen; 163 164 /* Used to store attached BPF programs */ 165 struct netns_bpf bpf; 166 167 /* Note : following structs are cache line aligned */ 168 #ifdef CONFIG_XFRM 169 struct netns_xfrm xfrm; 170 #endif 171 172 u64 net_cookie; /* written once */ 173 174 #if IS_ENABLED(CONFIG_IP_VS) 175 struct netns_ipvs *ipvs; 176 #endif 177 #if IS_ENABLED(CONFIG_MPLS) 178 struct netns_mpls mpls; 179 #endif 180 #if IS_ENABLED(CONFIG_CAN) 181 struct netns_can can; 182 #endif 183 #ifdef CONFIG_XDP_SOCKETS 184 struct netns_xdp xdp; 185 #endif 186 #if IS_ENABLED(CONFIG_MCTP) 187 struct netns_mctp mctp; 188 #endif 189 #if IS_ENABLED(CONFIG_CRYPTO_USER) 190 struct sock *crypto_nlsk; 191 #endif 192 struct sock *diag_nlsk; 193 #if IS_ENABLED(CONFIG_SMC) 194 struct netns_smc smc; 195 #endif 196 #ifdef CONFIG_DEBUG_NET_SMALL_RTNL 197 /* Move to a better place when the config guard is removed. */ 198 struct mutex rtnl_mutex; 199 #endif 200 #if IS_ENABLED(CONFIG_VSOCKETS) 201 struct netns_vsock vsock; 202 #endif 203 } __randomize_layout; 204 205 #include <linux/seq_file_net.h> 206 207 /* Init's network namespace */ 208 extern struct net init_net; 209 210 #ifdef CONFIG_NET_NS 211 struct net *copy_net_ns(u64 flags, struct user_namespace *user_ns, 212 struct net *old_net); 213 214 void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid); 215 216 void net_ns_barrier(void); 217 218 struct ns_common *get_net_ns(struct ns_common *ns); 219 struct net *get_net_ns_by_fd(int fd); 220 extern struct task_struct *cleanup_net_task; 221 222 #else /* CONFIG_NET_NS */ 223 #include <linux/sched.h> 224 #include <linux/nsproxy.h> 225 static inline struct net *copy_net_ns(u64 flags, 226 struct user_namespace *user_ns, struct net *old_net) 227 { 228 if (flags & CLONE_NEWNET) 229 return ERR_PTR(-EINVAL); 230 return old_net; 231 } 232 233 static inline void net_ns_get_ownership(const struct net *net, 234 kuid_t *uid, kgid_t *gid) 235 { 236 *uid = GLOBAL_ROOT_UID; 237 *gid = GLOBAL_ROOT_GID; 238 } 239 240 static inline void net_ns_barrier(void) {} 241 242 static inline struct ns_common *get_net_ns(struct ns_common *ns) 243 { 244 return ERR_PTR(-EINVAL); 245 } 246 247 static inline struct net *get_net_ns_by_fd(int fd) 248 { 249 return ERR_PTR(-EINVAL); 250 } 251 #endif /* CONFIG_NET_NS */ 252 253 254 extern struct list_head net_namespace_list; 255 256 struct net *get_net_ns_by_pid(pid_t pid); 257 258 #ifdef CONFIG_SYSCTL 259 void ipx_register_sysctl(void); 260 void ipx_unregister_sysctl(void); 261 #else 262 #define ipx_register_sysctl() 263 #define ipx_unregister_sysctl() 264 #endif 265 266 #ifdef CONFIG_NET_NS 267 void __put_net(struct net *net); 268 269 static inline struct net *to_net_ns(struct ns_common *ns) 270 { 271 return container_of(ns, struct net, ns); 272 } 273 274 /* Try using get_net_track() instead */ 275 static inline struct net *get_net(struct net *net) 276 { 277 ns_ref_inc(net); 278 return net; 279 } 280 281 static inline struct net *maybe_get_net(struct net *net) 282 { 283 /* Used when we know struct net exists but we 284 * aren't guaranteed a previous reference count 285 * exists. If the reference count is zero this 286 * function fails and returns NULL. 287 */ 288 if (!ns_ref_get(net)) 289 net = NULL; 290 return net; 291 } 292 293 /* Try using put_net_track() instead */ 294 static inline void put_net(struct net *net) 295 { 296 if (ns_ref_put(net)) 297 __put_net(net); 298 } 299 300 static inline 301 int net_eq(const struct net *net1, const struct net *net2) 302 { 303 return net1 == net2; 304 } 305 306 static inline int check_net(const struct net *net) 307 { 308 return ns_ref_read(net) != 0; 309 } 310 311 void net_drop_ns(void *); 312 void net_passive_dec(struct net *net); 313 314 #else 315 316 static inline struct net *get_net(struct net *net) 317 { 318 return net; 319 } 320 321 static inline void put_net(struct net *net) 322 { 323 } 324 325 static inline struct net *maybe_get_net(struct net *net) 326 { 327 return net; 328 } 329 330 static inline 331 int net_eq(const struct net *net1, const struct net *net2) 332 { 333 return 1; 334 } 335 336 static inline int check_net(const struct net *net) 337 { 338 return 1; 339 } 340 341 #define net_drop_ns NULL 342 343 static inline void net_passive_dec(struct net *net) 344 { 345 refcount_dec(&net->passive); 346 } 347 #endif 348 349 static inline void net_passive_inc(struct net *net) 350 { 351 refcount_inc(&net->passive); 352 } 353 354 /* Returns true if the netns initialization is completed successfully */ 355 static inline bool net_initialized(const struct net *net) 356 { 357 return READ_ONCE(net->list.next); 358 } 359 360 static inline void __netns_tracker_alloc(struct net *net, 361 netns_tracker *tracker, 362 bool refcounted, 363 gfp_t gfp) 364 { 365 #ifdef CONFIG_NET_NS_REFCNT_TRACKER 366 ref_tracker_alloc(refcounted ? &net->refcnt_tracker : 367 &net->notrefcnt_tracker, 368 tracker, gfp); 369 #endif 370 } 371 372 static inline void netns_tracker_alloc(struct net *net, netns_tracker *tracker, 373 gfp_t gfp) 374 { 375 __netns_tracker_alloc(net, tracker, true, gfp); 376 } 377 378 static inline void __netns_tracker_free(struct net *net, 379 netns_tracker *tracker, 380 bool refcounted) 381 { 382 #ifdef CONFIG_NET_NS_REFCNT_TRACKER 383 ref_tracker_free(refcounted ? &net->refcnt_tracker : 384 &net->notrefcnt_tracker, tracker); 385 #endif 386 } 387 388 static inline struct net *get_net_track(struct net *net, 389 netns_tracker *tracker, gfp_t gfp) 390 { 391 get_net(net); 392 netns_tracker_alloc(net, tracker, gfp); 393 return net; 394 } 395 396 static inline void put_net_track(struct net *net, netns_tracker *tracker) 397 { 398 __netns_tracker_free(net, tracker, true); 399 put_net(net); 400 } 401 402 typedef struct { 403 #ifdef CONFIG_NET_NS 404 struct net __rcu *net; 405 #endif 406 } possible_net_t; 407 408 static inline void write_pnet(possible_net_t *pnet, struct net *net) 409 { 410 #ifdef CONFIG_NET_NS 411 rcu_assign_pointer(pnet->net, net); 412 #endif 413 } 414 415 static inline struct net *read_pnet(const possible_net_t *pnet) 416 { 417 #ifdef CONFIG_NET_NS 418 return rcu_dereference_protected(pnet->net, true); 419 #else 420 return &init_net; 421 #endif 422 } 423 424 static inline struct net *read_pnet_rcu(const possible_net_t *pnet) 425 { 426 #ifdef CONFIG_NET_NS 427 return rcu_dereference(pnet->net); 428 #else 429 return &init_net; 430 #endif 431 } 432 433 /* Protected by net_rwsem */ 434 #define for_each_net(VAR) \ 435 list_for_each_entry(VAR, &net_namespace_list, list) 436 #define for_each_net_continue_reverse(VAR) \ 437 list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list) 438 #define for_each_net_rcu(VAR) \ 439 list_for_each_entry_rcu(VAR, &net_namespace_list, list) 440 441 #ifdef CONFIG_NET_NS 442 #define __net_init 443 #define __net_exit 444 #define __net_initdata 445 #define __net_initconst 446 #else 447 #define __net_init __init 448 #define __net_exit __ref 449 #define __net_initdata __initdata 450 #define __net_initconst __initconst 451 #endif 452 453 int peernet2id_alloc(struct net *net, struct net *peer, gfp_t gfp); 454 int peernet2id(const struct net *net, struct net *peer); 455 bool peernet_has_id(const struct net *net, struct net *peer); 456 struct net *get_net_ns_by_id(const struct net *net, int id); 457 458 struct pernet_operations { 459 struct list_head list; 460 /* 461 * Below methods are called without any exclusive locks. 462 * More than one net may be constructed and destructed 463 * in parallel on several cpus. Every pernet_operations 464 * have to keep in mind all other pernet_operations and 465 * to introduce a locking, if they share common resources. 466 * 467 * The only time they are called with exclusive lock is 468 * from register_pernet_subsys(), unregister_pernet_subsys() 469 * register_pernet_device() and unregister_pernet_device(). 470 * 471 * Exit methods using blocking RCU primitives, such as 472 * synchronize_rcu(), should be implemented via exit_batch. 473 * Then, destruction of a group of net requires single 474 * synchronize_rcu() related to these pernet_operations, 475 * instead of separate synchronize_rcu() for every net. 476 * Please, avoid synchronize_rcu() at all, where it's possible. 477 * 478 * Note that a combination of pre_exit() and exit() can 479 * be used, since a synchronize_rcu() is guaranteed between 480 * the calls. 481 */ 482 int (*init)(struct net *net); 483 void (*pre_exit)(struct net *net); 484 void (*exit)(struct net *net); 485 void (*exit_batch)(struct list_head *net_exit_list); 486 /* Following method is called with RTNL held. */ 487 void (*exit_rtnl)(struct net *net, 488 struct list_head *dev_kill_list); 489 unsigned int * const id; 490 const size_t size; 491 }; 492 493 /* 494 * Use these carefully. If you implement a network device and it 495 * needs per network namespace operations use device pernet operations, 496 * otherwise use pernet subsys operations. 497 * 498 * Network interfaces need to be removed from a dying netns _before_ 499 * subsys notifiers can be called, as most of the network code cleanup 500 * (which is done from subsys notifiers) runs with the assumption that 501 * dev_remove_pack has been called so no new packets will arrive during 502 * and after the cleanup functions have been called. dev_remove_pack 503 * is not per namespace so instead the guarantee of no more packets 504 * arriving in a network namespace is provided by ensuring that all 505 * network devices and all sockets have left the network namespace 506 * before the cleanup methods are called. 507 * 508 * For the longest time the ipv4 icmp code was registered as a pernet 509 * device which caused kernel oops, and panics during network 510 * namespace cleanup. So please don't get this wrong. 511 */ 512 int register_pernet_subsys(struct pernet_operations *); 513 void unregister_pernet_subsys(struct pernet_operations *); 514 int register_pernet_device(struct pernet_operations *); 515 void unregister_pernet_device(struct pernet_operations *); 516 517 struct ctl_table; 518 519 #define register_net_sysctl(net, path, table) \ 520 register_net_sysctl_sz(net, path, table, ARRAY_SIZE(table)) 521 #ifdef CONFIG_SYSCTL 522 int net_sysctl_init(void); 523 struct ctl_table_header *register_net_sysctl_sz(struct net *net, const char *path, 524 struct ctl_table *table, size_t table_size); 525 void unregister_net_sysctl_table(struct ctl_table_header *header); 526 #else 527 static inline int net_sysctl_init(void) { return 0; } 528 static inline struct ctl_table_header *register_net_sysctl_sz(struct net *net, 529 const char *path, struct ctl_table *table, size_t table_size) 530 { 531 return NULL; 532 } 533 static inline void unregister_net_sysctl_table(struct ctl_table_header *header) 534 { 535 } 536 #endif 537 538 static inline int rt_genid_ipv4(const struct net *net) 539 { 540 return atomic_read(&net->ipv4.rt_genid); 541 } 542 543 #if IS_ENABLED(CONFIG_IPV6) 544 static inline int rt_genid_ipv6(const struct net *net) 545 { 546 return atomic_read(&net->ipv6.fib6_sernum); 547 } 548 #endif 549 550 static inline void rt_genid_bump_ipv4(struct net *net) 551 { 552 atomic_inc(&net->ipv4.rt_genid); 553 } 554 555 extern void (*__fib6_flush_trees)(struct net *net); 556 static inline void rt_genid_bump_ipv6(struct net *net) 557 { 558 if (__fib6_flush_trees) 559 __fib6_flush_trees(net); 560 } 561 562 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 563 static inline struct netns_ieee802154_lowpan * 564 net_ieee802154_lowpan(struct net *net) 565 { 566 return &net->ieee802154_lowpan; 567 } 568 #endif 569 570 /* For callers who don't really care about whether it's IPv4 or IPv6 */ 571 static inline void rt_genid_bump_all(struct net *net) 572 { 573 rt_genid_bump_ipv4(net); 574 rt_genid_bump_ipv6(net); 575 } 576 577 static inline int fnhe_genid(const struct net *net) 578 { 579 return atomic_read(&net->fnhe_genid); 580 } 581 582 static inline void fnhe_genid_bump(struct net *net) 583 { 584 atomic_inc(&net->fnhe_genid); 585 } 586 587 #ifdef CONFIG_NET 588 void net_ns_init(void); 589 #else 590 static inline void net_ns_init(void) {} 591 #endif 592 593 #endif /* __NET_NET_NAMESPACE_H */ 594