From 426b5303eb435d98b9bee37a807be386bc2b3320 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 24 Jan 2008 00:13:18 -0800 Subject: [NETNS]: Modify the neighbour table code so it handles multiple network namespaces I'm actually surprised at how much was involved. At first glance it appears that the neighbour table data structures are already split by network device so all that should be needed is to modify the user interface commands to filter the set of neighbours by the network namespace of their devices. However a couple things turned up while I was reading through the code. The proxy neighbour table allows entries with no network device, and the neighbour parms are per network device (except for the defaults) so they now need a per network namespace default. So I updated the two structures (which surprised me) with their very own network namespace parameter. Updated the relevant lookup and destroy routines with a network namespace parameter and modified the code that interacts with users to filter out neighbour table entries for devices of other namespaces. I'm a little concerned that we can modify and display the global table configuration and from all network namespaces. But this appears good enough for now. I keep thinking modifying the neighbour table to have per network namespace instances of each table type would should be cleaner. The hash table is already dynamically sized so there are it is not a limiter. The default parameter would be straight forward to take care of. However when I look at the how the network table is built and used I still find some assumptions that there is only a single neighbour table for each type of table in the kernel. The netlink operations, neigh_seq_start, the non-core network users that call neigh_lookup. So while it might be doable it would require more refactoring than my current approach of just doing a little extra filtering in the code. Signed-off-by: Eric W. Biederman Signed-off-by: Daniel Lezcano Signed-off-by: David S. Miller --- net/atm/clip.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'net/atm/clip.c') diff --git a/net/atm/clip.c b/net/atm/clip.c index 741742f00797..47fbdc0c5f72 100644 --- a/net/atm/clip.c +++ b/net/atm/clip.c @@ -949,6 +949,11 @@ static int arp_seq_open(struct inode *inode, struct file *file) seq = file->private_data; seq->private = state; + state->ns.net = get_proc_net(inode); + if (!state->ns.net) { + seq_release_private(inode, file); + rc = -ENXIO; + } out: return rc; @@ -957,11 +962,19 @@ out_kfree: goto out; } +static int arp_seq_release(struct inode *inode, struct file *file) +{ + struct seq_file *seq = file->private_data; + struct clip_seq_state *state = seq->private; + put_net(state->ns.net); + return seq_release_private(inode, file); +} + static const struct file_operations arp_seq_fops = { .open = arp_seq_open, .read = seq_read, .llseek = seq_lseek, - .release = seq_release_private, + .release = arp_seq_release, .owner = THIS_MODULE }; #endif -- cgit v1.2.3 From 6b175b26c1048d331508940ad3516ead1998084f Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 10 Jan 2008 03:25:28 -0800 Subject: [NETNS]: Add netns parameter to inet_(dev_)add_type. The patch extends the inet_addr_type and inet_dev_addr_type with the network namespace pointer. That allows to access the different tables relatively to the network namespace. The modification of the signature function is reported in all the callers of the inet_addr_type using the pointer to the well known init_net. Acked-by: Benjamin Thery Acked-by: Daniel Lezcano Signed-off-by: Eric W. Biederman Signed-off-by: David S. Miller --- net/atm/clip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/atm/clip.c') diff --git a/net/atm/clip.c b/net/atm/clip.c index 47fbdc0c5f72..df7d218a6827 100644 --- a/net/atm/clip.c +++ b/net/atm/clip.c @@ -285,7 +285,7 @@ static int clip_constructor(struct neighbour *neigh) struct neigh_parms *parms; pr_debug("clip_constructor (neigh %p, entry %p)\n", neigh, entry); - neigh->type = inet_addr_type(entry->ip); + neigh->type = inet_addr_type(&init_net, entry->ip); if (neigh->type != RTN_UNICAST) return -EINVAL; -- cgit v1.2.3 From ae22120ad846399f6aa19c5b32f8d4c7bd068fd1 Mon Sep 17 00:00:00 2001 From: "Denis V. Lunev" Date: Thu, 10 Jan 2008 03:52:35 -0800 Subject: [ATM]: Simplify /proc/net/atm/arp opening The iterator state->ns.neigh_sub_iter initialization is moved from arp_seq_open to clip_seq_start for convinience. This should not be a problem as the iterator will be used only after the seq_start callback. Signed-off-by: Denis V. Lunev Signed-off-by: David S. Miller --- net/atm/clip.c | 42 +++++------------------------------------- 1 file changed, 5 insertions(+), 37 deletions(-) (limited to 'net/atm/clip.c') diff --git a/net/atm/clip.c b/net/atm/clip.c index df7d218a6827..45e08620c8ca 100644 --- a/net/atm/clip.c +++ b/net/atm/clip.c @@ -903,6 +903,8 @@ static void *clip_seq_sub_iter(struct neigh_seq_state *_state, static void *clip_seq_start(struct seq_file *seq, loff_t * pos) { + struct clip_seq_state *state = seq->private; + state->ns.neigh_sub_iter = clip_seq_sub_iter; return neigh_seq_start(seq, pos, &clip_tbl, NEIGH_SEQ_NEIGH_ONLY); } @@ -932,49 +934,15 @@ static const struct seq_operations arp_seq_ops = { static int arp_seq_open(struct inode *inode, struct file *file) { - struct clip_seq_state *state; - struct seq_file *seq; - int rc = -EAGAIN; - - state = kzalloc(sizeof(*state), GFP_KERNEL); - if (!state) { - rc = -ENOMEM; - goto out_kfree; - } - state->ns.neigh_sub_iter = clip_seq_sub_iter; - - rc = seq_open(file, &arp_seq_ops); - if (rc) - goto out_kfree; - - seq = file->private_data; - seq->private = state; - state->ns.net = get_proc_net(inode); - if (!state->ns.net) { - seq_release_private(inode, file); - rc = -ENXIO; - } -out: - return rc; - -out_kfree: - kfree(state); - goto out; -} - -static int arp_seq_release(struct inode *inode, struct file *file) -{ - struct seq_file *seq = file->private_data; - struct clip_seq_state *state = seq->private; - put_net(state->ns.net); - return seq_release_private(inode, file); + return seq_open_net(inode, file, &arp_seq_ops, + sizeof(struct clip_seq_state)); } static const struct file_operations arp_seq_fops = { .open = arp_seq_open, .read = seq_read, .llseek = seq_lseek, - .release = arp_seq_release, + .release = seq_release_net, .owner = THIS_MODULE }; #endif -- cgit v1.2.3 From f206351a50ea86250fabea96b9af8d8f8fc02603 Mon Sep 17 00:00:00 2001 From: "Denis V. Lunev" Date: Tue, 22 Jan 2008 22:07:34 -0800 Subject: [NETNS]: Add namespace parameter to ip_route_output_key. Needed to propagate it down to the ip_route_output_flow. Signed-off-by: Denis V. Lunev Signed-off-by: David S. Miller --- net/atm/clip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/atm/clip.c') diff --git a/net/atm/clip.c b/net/atm/clip.c index 45e08620c8ca..86b885ec1cbd 100644 --- a/net/atm/clip.c +++ b/net/atm/clip.c @@ -534,7 +534,7 @@ static int clip_setentry(struct atm_vcc *vcc, __be32 ip) unlink_clip_vcc(clip_vcc); return 0; } - error = ip_route_output_key(&rt, &fl); + error = ip_route_output_key(&init_net, &rt, &fl); if (error) return error; neigh = __neigh_lookup(&clip_tbl, &ip, rt->u.dst.dev, 1); -- cgit v1.2.3