1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Operations on the network namespace 4 */ 5 #ifndef __NET_NET_NAMESPACE_H 6 #define __NET_NET_NAMESPACE_H 7 8 #include <linux/atomic.h> 9 #include <linux/refcount.h> 10 #include <linux/workqueue.h> 11 #include <linux/list.h> 12 #include <linux/sysctl.h> 13 14 #include <net/flow.h> 15 #include <net/netns/core.h> 16 #include <net/netns/mib.h> 17 #include <net/netns/unix.h> 18 #include <net/netns/packet.h> 19 #include <net/netns/ipv4.h> 20 #include <net/netns/ipv6.h> 21 #include <net/netns/ieee802154_6lowpan.h> 22 #include <net/netns/sctp.h> 23 #include <net/netns/dccp.h> 24 #include <net/netns/netfilter.h> 25 #include <net/netns/x_tables.h> 26 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 27 #include <net/netns/conntrack.h> 28 #endif 29 #include <net/netns/nftables.h> 30 #include <net/netns/xfrm.h> 31 #include <net/netns/mpls.h> 32 #include <net/netns/can.h> 33 #include <linux/ns_common.h> 34 #include <linux/idr.h> 35 #include <linux/skbuff.h> 36 37 struct user_namespace; 38 struct proc_dir_entry; 39 struct net_device; 40 struct sock; 41 struct ctl_table_header; 42 struct net_generic; 43 struct sock; 44 struct netns_ipvs; 45 46 47 #define NETDEV_HASHBITS 8 48 #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS) 49 50 struct net { 51 refcount_t passive; /* To decided when the network 52 * namespace should be freed. 53 */ 54 refcount_t count; /* To decided when the network 55 * namespace should be shut down. 56 */ 57 spinlock_t rules_mod_lock; 58 59 atomic64_t cookie_gen; 60 61 struct list_head list; /* list of network namespaces */ 62 struct list_head exit_list; /* To linked to call pernet exit 63 * methods on dead net (net_sem 64 * read locked), or to unregister 65 * pernet ops (net_sem wr locked). 66 */ 67 struct llist_node cleanup_list; /* namespaces on death row */ 68 69 struct user_namespace *user_ns; /* Owning user namespace */ 70 struct ucounts *ucounts; 71 spinlock_t nsid_lock; 72 struct idr netns_ids; 73 74 struct ns_common ns; 75 76 struct proc_dir_entry *proc_net; 77 struct proc_dir_entry *proc_net_stat; 78 79 #ifdef CONFIG_SYSCTL 80 struct ctl_table_set sysctls; 81 #endif 82 83 struct sock *rtnl; /* rtnetlink socket */ 84 struct sock *genl_sock; 85 86 struct list_head dev_base_head; 87 struct hlist_head *dev_name_head; 88 struct hlist_head *dev_index_head; 89 unsigned int dev_base_seq; /* protected by rtnl_mutex */ 90 int ifindex; 91 unsigned int dev_unreg_count; 92 93 /* core fib_rules */ 94 struct list_head rules_ops; 95 96 struct list_head fib_notifier_ops; /* protected by net_sem */ 97 98 struct net_device *loopback_dev; /* The loopback */ 99 struct netns_core core; 100 struct netns_mib mib; 101 struct netns_packet packet; 102 struct netns_unix unx; 103 struct netns_ipv4 ipv4; 104 #if IS_ENABLED(CONFIG_IPV6) 105 struct netns_ipv6 ipv6; 106 #endif 107 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 108 struct netns_ieee802154_lowpan ieee802154_lowpan; 109 #endif 110 #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE) 111 struct netns_sctp sctp; 112 #endif 113 #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) 114 struct netns_dccp dccp; 115 #endif 116 #ifdef CONFIG_NETFILTER 117 struct netns_nf nf; 118 struct netns_xt xt; 119 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 120 struct netns_ct ct; 121 #endif 122 #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE) 123 struct netns_nftables nft; 124 #endif 125 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) 126 struct netns_nf_frag nf_frag; 127 #endif 128 struct sock *nfnl; 129 struct sock *nfnl_stash; 130 #if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT) 131 struct list_head nfnl_acct_list; 132 #endif 133 #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 134 struct list_head nfct_timeout_list; 135 #endif 136 #endif 137 #ifdef CONFIG_WEXT_CORE 138 struct sk_buff_head wext_nlevents; 139 #endif 140 struct net_generic __rcu *gen; 141 142 /* Note : following structs are cache line aligned */ 143 #ifdef CONFIG_XFRM 144 struct netns_xfrm xfrm; 145 #endif 146 #if IS_ENABLED(CONFIG_IP_VS) 147 struct netns_ipvs *ipvs; 148 #endif 149 #if IS_ENABLED(CONFIG_MPLS) 150 struct netns_mpls mpls; 151 #endif 152 #if IS_ENABLED(CONFIG_CAN) 153 struct netns_can can; 154 #endif 155 struct sock *diag_nlsk; 156 atomic_t fnhe_genid; 157 } __randomize_layout; 158 159 #include <linux/seq_file_net.h> 160 161 /* Init's network namespace */ 162 extern struct net init_net; 163 164 #ifdef CONFIG_NET_NS 165 struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns, 166 struct net *old_net); 167 168 void net_ns_barrier(void); 169 #else /* CONFIG_NET_NS */ 170 #include <linux/sched.h> 171 #include <linux/nsproxy.h> 172 static inline struct net *copy_net_ns(unsigned long flags, 173 struct user_namespace *user_ns, struct net *old_net) 174 { 175 if (flags & CLONE_NEWNET) 176 return ERR_PTR(-EINVAL); 177 return old_net; 178 } 179 180 static inline void net_ns_barrier(void) {} 181 #endif /* CONFIG_NET_NS */ 182 183 184 extern struct list_head net_namespace_list; 185 186 struct net *get_net_ns_by_pid(pid_t pid); 187 struct net *get_net_ns_by_fd(int fd); 188 189 #ifdef CONFIG_SYSCTL 190 void ipx_register_sysctl(void); 191 void ipx_unregister_sysctl(void); 192 #else 193 #define ipx_register_sysctl() 194 #define ipx_unregister_sysctl() 195 #endif 196 197 #ifdef CONFIG_NET_NS 198 void __put_net(struct net *net); 199 200 static inline struct net *get_net(struct net *net) 201 { 202 refcount_inc(&net->count); 203 return net; 204 } 205 206 static inline struct net *maybe_get_net(struct net *net) 207 { 208 /* Used when we know struct net exists but we 209 * aren't guaranteed a previous reference count 210 * exists. If the reference count is zero this 211 * function fails and returns NULL. 212 */ 213 if (!refcount_inc_not_zero(&net->count)) 214 net = NULL; 215 return net; 216 } 217 218 static inline void put_net(struct net *net) 219 { 220 if (refcount_dec_and_test(&net->count)) 221 __put_net(net); 222 } 223 224 static inline 225 int net_eq(const struct net *net1, const struct net *net2) 226 { 227 return net1 == net2; 228 } 229 230 static inline int check_net(const struct net *net) 231 { 232 return refcount_read(&net->count) != 0; 233 } 234 235 void net_drop_ns(void *); 236 237 #else 238 239 static inline struct net *get_net(struct net *net) 240 { 241 return net; 242 } 243 244 static inline void put_net(struct net *net) 245 { 246 } 247 248 static inline struct net *maybe_get_net(struct net *net) 249 { 250 return net; 251 } 252 253 static inline 254 int net_eq(const struct net *net1, const struct net *net2) 255 { 256 return 1; 257 } 258 259 static inline int check_net(const struct net *net) 260 { 261 return 1; 262 } 263 264 #define net_drop_ns NULL 265 #endif 266 267 268 typedef struct { 269 #ifdef CONFIG_NET_NS 270 struct net *net; 271 #endif 272 } possible_net_t; 273 274 static inline void write_pnet(possible_net_t *pnet, struct net *net) 275 { 276 #ifdef CONFIG_NET_NS 277 pnet->net = net; 278 #endif 279 } 280 281 static inline struct net *read_pnet(const possible_net_t *pnet) 282 { 283 #ifdef CONFIG_NET_NS 284 return pnet->net; 285 #else 286 return &init_net; 287 #endif 288 } 289 290 #define for_each_net(VAR) \ 291 list_for_each_entry(VAR, &net_namespace_list, list) 292 293 #define for_each_net_rcu(VAR) \ 294 list_for_each_entry_rcu(VAR, &net_namespace_list, list) 295 296 #ifdef CONFIG_NET_NS 297 #define __net_init 298 #define __net_exit 299 #define __net_initdata 300 #define __net_initconst 301 #else 302 #define __net_init __init 303 #define __net_exit __ref 304 #define __net_initdata __initdata 305 #define __net_initconst __initconst 306 #endif 307 308 int peernet2id_alloc(struct net *net, struct net *peer); 309 int peernet2id(struct net *net, struct net *peer); 310 bool peernet_has_id(struct net *net, struct net *peer); 311 struct net *get_net_ns_by_id(struct net *net, int id); 312 313 struct pernet_operations { 314 struct list_head list; 315 int (*init)(struct net *net); 316 void (*exit)(struct net *net); 317 void (*exit_batch)(struct list_head *net_exit_list); 318 unsigned int *id; 319 size_t size; 320 /* 321 * Indicates above methods are allowed to be executed in parallel 322 * with methods of any other pernet_operations, i.e. they are not 323 * need write locked net_sem. 324 */ 325 bool async; 326 }; 327 328 /* 329 * Use these carefully. If you implement a network device and it 330 * needs per network namespace operations use device pernet operations, 331 * otherwise use pernet subsys operations. 332 * 333 * Network interfaces need to be removed from a dying netns _before_ 334 * subsys notifiers can be called, as most of the network code cleanup 335 * (which is done from subsys notifiers) runs with the assumption that 336 * dev_remove_pack has been called so no new packets will arrive during 337 * and after the cleanup functions have been called. dev_remove_pack 338 * is not per namespace so instead the guarantee of no more packets 339 * arriving in a network namespace is provided by ensuring that all 340 * network devices and all sockets have left the network namespace 341 * before the cleanup methods are called. 342 * 343 * For the longest time the ipv4 icmp code was registered as a pernet 344 * device which caused kernel oops, and panics during network 345 * namespace cleanup. So please don't get this wrong. 346 */ 347 int register_pernet_subsys(struct pernet_operations *); 348 void unregister_pernet_subsys(struct pernet_operations *); 349 int register_pernet_device(struct pernet_operations *); 350 void unregister_pernet_device(struct pernet_operations *); 351 352 struct ctl_table; 353 struct ctl_table_header; 354 355 #ifdef CONFIG_SYSCTL 356 int net_sysctl_init(void); 357 struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, 358 struct ctl_table *table); 359 void unregister_net_sysctl_table(struct ctl_table_header *header); 360 #else 361 static inline int net_sysctl_init(void) { return 0; } 362 static inline struct ctl_table_header *register_net_sysctl(struct net *net, 363 const char *path, struct ctl_table *table) 364 { 365 return NULL; 366 } 367 static inline void unregister_net_sysctl_table(struct ctl_table_header *header) 368 { 369 } 370 #endif 371 372 static inline int rt_genid_ipv4(struct net *net) 373 { 374 return atomic_read(&net->ipv4.rt_genid); 375 } 376 377 static inline void rt_genid_bump_ipv4(struct net *net) 378 { 379 atomic_inc(&net->ipv4.rt_genid); 380 } 381 382 extern void (*__fib6_flush_trees)(struct net *net); 383 static inline void rt_genid_bump_ipv6(struct net *net) 384 { 385 if (__fib6_flush_trees) 386 __fib6_flush_trees(net); 387 } 388 389 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) 390 static inline struct netns_ieee802154_lowpan * 391 net_ieee802154_lowpan(struct net *net) 392 { 393 return &net->ieee802154_lowpan; 394 } 395 #endif 396 397 /* For callers who don't really care about whether it's IPv4 or IPv6 */ 398 static inline void rt_genid_bump_all(struct net *net) 399 { 400 rt_genid_bump_ipv4(net); 401 rt_genid_bump_ipv6(net); 402 } 403 404 static inline int fnhe_genid(struct net *net) 405 { 406 return atomic_read(&net->fnhe_genid); 407 } 408 409 static inline void fnhe_genid_bump(struct net *net) 410 { 411 atomic_inc(&net->fnhe_genid); 412 } 413 414 #endif /* __NET_NET_NAMESPACE_H */ 415