diff options
Diffstat (limited to 'include/net/netns')
-rw-r--r-- | include/net/netns/conntrack.h | 37 | ||||
-rw-r--r-- | include/net/netns/core.h | 16 | ||||
-rw-r--r-- | include/net/netns/dccp.h | 11 | ||||
-rw-r--r-- | include/net/netns/generic.h | 48 | ||||
-rw-r--r-- | include/net/netns/hash.h | 21 | ||||
-rw-r--r-- | include/net/netns/ipv4.h | 72 | ||||
-rw-r--r-- | include/net/netns/ipv6.h | 70 | ||||
-rw-r--r-- | include/net/netns/mib.h | 28 | ||||
-rw-r--r-- | include/net/netns/packet.h | 15 | ||||
-rw-r--r-- | include/net/netns/unix.h | 13 | ||||
-rw-r--r-- | include/net/netns/x_tables.h | 18 | ||||
-rw-r--r-- | include/net/netns/xfrm.h | 64 |
12 files changed, 413 insertions, 0 deletions
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h new file mode 100644 index 00000000..7a911eca --- /dev/null +++ b/include/net/netns/conntrack.h @@ -0,0 +1,37 @@ +#ifndef __NETNS_CONNTRACK_H +#define __NETNS_CONNTRACK_H + +#include <linux/list.h> +#include <linux/list_nulls.h> +#include <linux/atomic.h> + +struct ctl_table_header; +struct nf_conntrack_ecache; + +struct netns_ct { + atomic_t count; + unsigned int expect_count; + unsigned int htable_size; + struct kmem_cache *nf_conntrack_cachep; + struct hlist_nulls_head *hash; + struct hlist_head *expect_hash; + struct hlist_nulls_head unconfirmed; + struct hlist_nulls_head dying; + struct ip_conntrack_stat __percpu *stat; + struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; + struct nf_exp_event_notifier __rcu *nf_expect_event_cb; + int sysctl_events; + unsigned int sysctl_events_retry_timeout; + int sysctl_acct; + int sysctl_tstamp; + int sysctl_checksum; + unsigned int sysctl_log_invalid; /* Log invalid packets */ +#ifdef CONFIG_SYSCTL + struct ctl_table_header *sysctl_header; + struct ctl_table_header *acct_sysctl_header; + struct ctl_table_header *tstamp_sysctl_header; + struct ctl_table_header *event_sysctl_header; +#endif + char *slabname; +}; +#endif diff --git a/include/net/netns/core.h b/include/net/netns/core.h new file mode 100644 index 00000000..78eb1ff7 --- /dev/null +++ b/include/net/netns/core.h @@ -0,0 +1,16 @@ +#ifndef __NETNS_CORE_H__ +#define __NETNS_CORE_H__ + +struct ctl_table_header; +struct prot_inuse; + +struct netns_core { + /* core sysctls */ + struct ctl_table_header *sysctl_hdr; + + int sysctl_somaxconn; + + struct prot_inuse __percpu *inuse; +}; + +#endif diff --git a/include/net/netns/dccp.h b/include/net/netns/dccp.h new file mode 100644 index 00000000..98d2a7ce --- /dev/null +++ b/include/net/netns/dccp.h @@ -0,0 +1,11 @@ +#ifndef __NETNS_DCCP_H__ +#define __NETNS_DCCP_H__ + +struct sock; + +struct netns_dccp { + struct sock *v4_ctl_sk; + struct sock *v6_ctl_sk; +}; + +#endif diff --git a/include/net/netns/generic.h b/include/net/netns/generic.h new file mode 100644 index 00000000..0931618c --- /dev/null +++ b/include/net/netns/generic.h @@ -0,0 +1,48 @@ +/* + * generic net pointers + */ + +#ifndef __NET_GENERIC_H__ +#define __NET_GENERIC_H__ + +#include <linux/bug.h> +#include <linux/rcupdate.h> + +/* + * Generic net pointers are to be used by modules to put some private + * stuff on the struct net without explicit struct net modification + * + * The rules are simple: + * 1. set pernet_operations->id. After register_pernet_device you + * will have the id of your private pointer. + * 2. set pernet_operations->size to have the code allocate and free + * a private structure pointed to from struct net. + * 3. do not change this pointer while the net is alive; + * 4. do not try to have any private reference on the net_generic object. + * + * After accomplishing all of the above, the private pointer can be + * accessed with the net_generic() call. + */ + +struct net_generic { + unsigned int len; + struct rcu_head rcu; + + void *ptr[0]; +}; + +static inline void *net_generic(const struct net *net, int id) +{ + struct net_generic *ng; + void *ptr; + + rcu_read_lock(); + ng = rcu_dereference(net->gen); + BUG_ON(id == 0 || id > ng->len); + ptr = ng->ptr[id - 1]; + rcu_read_unlock(); + + BUG_ON(!ptr); + return ptr; +} +#endif diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h new file mode 100644 index 00000000..548d78f2 --- /dev/null +++ b/include/net/netns/hash.h @@ -0,0 +1,21 @@ +#ifndef __NET_NS_HASH_H__ +#define __NET_NS_HASH_H__ + +#include <asm/cache.h> + +struct net; + +static inline unsigned net_hash_mix(struct net *net) +{ +#ifdef CONFIG_NET_NS + /* + * shift this right to eliminate bits, that are + * always zeroed + */ + + return (unsigned)(((unsigned long)net) >> L1_CACHE_SHIFT); +#else + return 0; +#endif +} +#endif diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h new file mode 100644 index 00000000..bbd023a1 --- /dev/null +++ b/include/net/netns/ipv4.h @@ -0,0 +1,72 @@ +/* + * ipv4 in net namespaces + */ + +#ifndef __NETNS_IPV4_H__ +#define __NETNS_IPV4_H__ + +#include <net/inet_frag.h> + +struct ctl_table_header; +struct ipv4_devconf; +struct fib_rules_ops; +struct hlist_head; +struct sock; + +struct netns_ipv4 { +#ifdef CONFIG_SYSCTL + struct ctl_table_header *forw_hdr; + struct ctl_table_header *frags_hdr; + struct ctl_table_header *ipv4_hdr; + struct ctl_table_header *route_hdr; +#endif + struct ipv4_devconf *devconf_all; + struct ipv4_devconf *devconf_dflt; +#ifdef CONFIG_IP_MULTIPLE_TABLES + struct fib_rules_ops *rules_ops; +#endif + struct hlist_head *fib_table_hash; + struct sock *fibnl; + + struct sock **icmp_sk; + struct sock *tcp_sock; + + struct netns_frags frags; +#ifdef CONFIG_NETFILTER + struct xt_table *iptable_filter; + struct xt_table *iptable_mangle; + struct xt_table *iptable_raw; + struct xt_table *arptable_filter; +#ifdef CONFIG_SECURITY + struct xt_table *iptable_security; +#endif + struct xt_table *nat_table; + struct hlist_head *nat_bysource; + unsigned int nat_htable_size; +#endif + + int sysctl_icmp_echo_ignore_all; + int sysctl_icmp_echo_ignore_broadcasts; + int sysctl_icmp_ignore_bogus_error_responses; + int sysctl_icmp_ratelimit; + int sysctl_icmp_ratemask; + int sysctl_icmp_errors_use_inbound_ifaddr; + int sysctl_rt_cache_rebuild_count; + int current_rt_cache_rebuild_count; + + unsigned int sysctl_ping_group_range[2]; + long sysctl_tcp_mem[3]; + + atomic_t rt_genid; + atomic_t dev_addr_genid; + +#ifdef CONFIG_IP_MROUTE +#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES + struct mr_table *mrt; +#else + struct list_head mr_tables; + struct fib_rules_ops *mr_rules_ops; +#endif +#endif +}; +#endif diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h new file mode 100644 index 00000000..81abfcb2 --- /dev/null +++ b/include/net/netns/ipv6.h @@ -0,0 +1,70 @@ +/* + * ipv6 in net namespaces + */ + +#include <net/inet_frag.h> + +#ifndef __NETNS_IPV6_H__ +#define __NETNS_IPV6_H__ +#include <net/dst_ops.h> + +struct ctl_table_header; + +struct netns_sysctl_ipv6 { +#ifdef CONFIG_SYSCTL + struct ctl_table_header *table; + struct ctl_table_header *frags_hdr; +#endif + int bindv6only; + int flush_delay; + int ip6_rt_max_size; + int ip6_rt_gc_min_interval; + int ip6_rt_gc_timeout; + int ip6_rt_gc_interval; + int ip6_rt_gc_elasticity; + int ip6_rt_mtu_expires; + int ip6_rt_min_advmss; + int icmpv6_time; +}; + +struct netns_ipv6 { + struct netns_sysctl_ipv6 sysctl; + struct ipv6_devconf *devconf_all; + struct ipv6_devconf *devconf_dflt; + struct netns_frags frags; +#ifdef CONFIG_NETFILTER + struct xt_table *ip6table_filter; + struct xt_table *ip6table_mangle; + struct xt_table *ip6table_raw; +#ifdef CONFIG_SECURITY + struct xt_table *ip6table_security; +#endif +#endif + struct rt6_info *ip6_null_entry; + struct rt6_statistics *rt6_stats; + struct timer_list ip6_fib_timer; + struct hlist_head *fib_table_hash; + struct fib6_table *fib6_main_tbl; + struct dst_ops ip6_dst_ops; + unsigned int ip6_rt_gc_expire; + unsigned long ip6_rt_last_gc; +#ifdef CONFIG_IPV6_MULTIPLE_TABLES + struct rt6_info *ip6_prohibit_entry; + struct rt6_info *ip6_blk_hole_entry; + struct fib6_table *fib6_local_tbl; + struct fib_rules_ops *fib6_rules_ops; +#endif + struct sock **icmp_sk; + struct sock *ndisc_sk; + struct sock *tcp_sk; + struct sock *igmp_sk; +#ifdef CONFIG_IPV6_MROUTE +#ifndef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES + struct mr6_table *mrt6; +#else + struct list_head mr6_tables; + struct fib_rules_ops *mr6_rules_ops; +#endif +#endif +}; +#endif diff --git a/include/net/netns/mib.h b/include/net/netns/mib.h new file mode 100644 index 00000000..d542a4b2 --- /dev/null +++ b/include/net/netns/mib.h @@ -0,0 +1,28 @@ +#ifndef __NETNS_MIB_H__ +#define __NETNS_MIB_H__ + +#include <net/snmp.h> + +struct netns_mib { + DEFINE_SNMP_STAT(struct tcp_mib, tcp_statistics); + DEFINE_SNMP_STAT(struct ipstats_mib, ip_statistics); + DEFINE_SNMP_STAT(struct linux_mib, net_statistics); + DEFINE_SNMP_STAT(struct udp_mib, udp_statistics); + DEFINE_SNMP_STAT(struct udp_mib, udplite_statistics); + DEFINE_SNMP_STAT(struct icmp_mib, icmp_statistics); + DEFINE_SNMP_STAT_ATOMIC(struct icmpmsg_mib, icmpmsg_statistics); + +#if IS_ENABLED(CONFIG_IPV6) + struct proc_dir_entry *proc_net_devsnmp6; + DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6); + DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6); + DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics); + DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics); + DEFINE_SNMP_STAT_ATOMIC(struct icmpv6msg_mib, icmpv6msg_statistics); +#endif +#ifdef CONFIG_XFRM_STATISTICS + DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics); +#endif +}; + +#endif diff --git a/include/net/netns/packet.h b/include/net/netns/packet.h new file mode 100644 index 00000000..cb4e894c --- /dev/null +++ b/include/net/netns/packet.h @@ -0,0 +1,15 @@ +/* + * Packet network namespace + */ +#ifndef __NETNS_PACKET_H__ +#define __NETNS_PACKET_H__ + +#include <linux/rculist.h> +#include <linux/spinlock.h> + +struct netns_packet { + spinlock_t sklist_lock; + struct hlist_head sklist; +}; + +#endif /* __NETNS_PACKET_H__ */ diff --git a/include/net/netns/unix.h b/include/net/netns/unix.h new file mode 100644 index 00000000..284649d4 --- /dev/null +++ b/include/net/netns/unix.h @@ -0,0 +1,13 @@ +/* + * Unix network namespace + */ +#ifndef __NETNS_UNIX_H__ +#define __NETNS_UNIX_H__ + +struct ctl_table_header; +struct netns_unix { + int sysctl_max_dgram_qlen; + struct ctl_table_header *ctl; +}; + +#endif /* __NETNS_UNIX_H__ */ diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h new file mode 100644 index 00000000..591db7d6 --- /dev/null +++ b/include/net/netns/x_tables.h @@ -0,0 +1,18 @@ +#ifndef __NETNS_X_TABLES_H +#define __NETNS_X_TABLES_H + +#include <linux/list.h> +#include <linux/netfilter.h> + +struct ebt_table; + +struct netns_xt { + struct list_head tables[NFPROTO_NUMPROTO]; +#if defined(CONFIG_BRIDGE_NF_EBTABLES) || \ + defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE) + struct ebt_table *broute_table; + struct ebt_table *frame_filter; + struct ebt_table *frame_nat; +#endif +}; +#endif diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h new file mode 100644 index 00000000..5299e69a --- /dev/null +++ b/include/net/netns/xfrm.h @@ -0,0 +1,64 @@ +#ifndef __NETNS_XFRM_H +#define __NETNS_XFRM_H + +#include <linux/list.h> +#include <linux/wait.h> +#include <linux/workqueue.h> +#include <linux/xfrm.h> +#include <net/dst_ops.h> + +struct ctl_table_header; + +struct xfrm_policy_hash { + struct hlist_head *table; + unsigned int hmask; +}; + +struct netns_xfrm { + struct list_head state_all; + /* + * Hash table to find appropriate SA towards given target (endpoint of + * tunnel or destination of transport mode) allowed by selector. + * + * Main use is finding SA after policy selected tunnel or transport + * mode. Also, it can be used by ah/esp icmp error handler to find + * offending SA. + */ + struct hlist_head *state_bydst; + struct hlist_head *state_bysrc; + struct hlist_head *state_byspi; + unsigned int state_hmask; + unsigned int state_num; + struct work_struct state_hash_work; + struct hlist_head state_gc_list; + struct work_struct state_gc_work; + + wait_queue_head_t km_waitq; + + struct list_head policy_all; + struct hlist_head *policy_byidx; + unsigned int policy_idx_hmask; + struct hlist_head policy_inexact[XFRM_POLICY_MAX * 2]; + struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2]; + unsigned int policy_count[XFRM_POLICY_MAX * 2]; + struct work_struct policy_hash_work; + + + struct sock *nlsk; + struct sock *nlsk_stash; + + u32 sysctl_aevent_etime; + u32 sysctl_aevent_rseqth; + int sysctl_larval_drop; + u32 sysctl_acq_expires; +#ifdef CONFIG_SYSCTL + struct ctl_table_header *sysctl_hdr; +#endif + + struct dst_ops xfrm4_dst_ops; +#if IS_ENABLED(CONFIG_IPV6) + struct dst_ops xfrm6_dst_ops; +#endif +}; + +#endif |