summaryrefslogtreecommitdiff
path: root/include/net/netns
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/netns')
-rw-r--r--include/net/netns/conntrack.h37
-rw-r--r--include/net/netns/core.h16
-rw-r--r--include/net/netns/dccp.h11
-rw-r--r--include/net/netns/generic.h48
-rw-r--r--include/net/netns/hash.h21
-rw-r--r--include/net/netns/ipv4.h72
-rw-r--r--include/net/netns/ipv6.h70
-rw-r--r--include/net/netns/mib.h28
-rw-r--r--include/net/netns/packet.h15
-rw-r--r--include/net/netns/unix.h13
-rw-r--r--include/net/netns/x_tables.h18
-rw-r--r--include/net/netns/xfrm.h64
12 files changed, 413 insertions, 0 deletions
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
new file mode 100644
index 00000000..7a911eca
--- /dev/null
+++ b/include/net/netns/conntrack.h
@@ -0,0 +1,37 @@
+#ifndef __NETNS_CONNTRACK_H
+#define __NETNS_CONNTRACK_H
+
+#include <linux/list.h>
+#include <linux/list_nulls.h>
+#include <linux/atomic.h>
+
+struct ctl_table_header;
+struct nf_conntrack_ecache;
+
+struct netns_ct {
+ atomic_t count;
+ unsigned int expect_count;
+ unsigned int htable_size;
+ struct kmem_cache *nf_conntrack_cachep;
+ struct hlist_nulls_head *hash;
+ struct hlist_head *expect_hash;
+ struct hlist_nulls_head unconfirmed;
+ struct hlist_nulls_head dying;
+ struct ip_conntrack_stat __percpu *stat;
+ struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;
+ struct nf_exp_event_notifier __rcu *nf_expect_event_cb;
+ int sysctl_events;
+ unsigned int sysctl_events_retry_timeout;
+ int sysctl_acct;
+ int sysctl_tstamp;
+ int sysctl_checksum;
+ unsigned int sysctl_log_invalid; /* Log invalid packets */
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *sysctl_header;
+ struct ctl_table_header *acct_sysctl_header;
+ struct ctl_table_header *tstamp_sysctl_header;
+ struct ctl_table_header *event_sysctl_header;
+#endif
+ char *slabname;
+};
+#endif
diff --git a/include/net/netns/core.h b/include/net/netns/core.h
new file mode 100644
index 00000000..78eb1ff7
--- /dev/null
+++ b/include/net/netns/core.h
@@ -0,0 +1,16 @@
+#ifndef __NETNS_CORE_H__
+#define __NETNS_CORE_H__
+
+struct ctl_table_header;
+struct prot_inuse;
+
+struct netns_core {
+ /* core sysctls */
+ struct ctl_table_header *sysctl_hdr;
+
+ int sysctl_somaxconn;
+
+ struct prot_inuse __percpu *inuse;
+};
+
+#endif
diff --git a/include/net/netns/dccp.h b/include/net/netns/dccp.h
new file mode 100644
index 00000000..98d2a7ce
--- /dev/null
+++ b/include/net/netns/dccp.h
@@ -0,0 +1,11 @@
+#ifndef __NETNS_DCCP_H__
+#define __NETNS_DCCP_H__
+
+struct sock;
+
+struct netns_dccp {
+ struct sock *v4_ctl_sk;
+ struct sock *v6_ctl_sk;
+};
+
+#endif
diff --git a/include/net/netns/generic.h b/include/net/netns/generic.h
new file mode 100644
index 00000000..0931618c
--- /dev/null
+++ b/include/net/netns/generic.h
@@ -0,0 +1,48 @@
+/*
+ * generic net pointers
+ */
+
+#ifndef __NET_GENERIC_H__
+#define __NET_GENERIC_H__
+
+#include <linux/bug.h>
+#include <linux/rcupdate.h>
+
+/*
+ * Generic net pointers are to be used by modules to put some private
+ * stuff on the struct net without explicit struct net modification
+ *
+ * The rules are simple:
+ * 1. set pernet_operations->id. After register_pernet_device you
+ * will have the id of your private pointer.
+ * 2. set pernet_operations->size to have the code allocate and free
+ * a private structure pointed to from struct net.
+ * 3. do not change this pointer while the net is alive;
+ * 4. do not try to have any private reference on the net_generic object.
+ *
+ * After accomplishing all of the above, the private pointer can be
+ * accessed with the net_generic() call.
+ */
+
+struct net_generic {
+ unsigned int len;
+ struct rcu_head rcu;
+
+ void *ptr[0];
+};
+
+static inline void *net_generic(const struct net *net, int id)
+{
+ struct net_generic *ng;
+ void *ptr;
+
+ rcu_read_lock();
+ ng = rcu_dereference(net->gen);
+ BUG_ON(id == 0 || id > ng->len);
+ ptr = ng->ptr[id - 1];
+ rcu_read_unlock();
+
+ BUG_ON(!ptr);
+ return ptr;
+}
+#endif
diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h
new file mode 100644
index 00000000..548d78f2
--- /dev/null
+++ b/include/net/netns/hash.h
@@ -0,0 +1,21 @@
+#ifndef __NET_NS_HASH_H__
+#define __NET_NS_HASH_H__
+
+#include <asm/cache.h>
+
+struct net;
+
+static inline unsigned net_hash_mix(struct net *net)
+{
+#ifdef CONFIG_NET_NS
+ /*
+ * shift this right to eliminate bits, that are
+ * always zeroed
+ */
+
+ return (unsigned)(((unsigned long)net) >> L1_CACHE_SHIFT);
+#else
+ return 0;
+#endif
+}
+#endif
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
new file mode 100644
index 00000000..bbd023a1
--- /dev/null
+++ b/include/net/netns/ipv4.h
@@ -0,0 +1,72 @@
+/*
+ * ipv4 in net namespaces
+ */
+
+#ifndef __NETNS_IPV4_H__
+#define __NETNS_IPV4_H__
+
+#include <net/inet_frag.h>
+
+struct ctl_table_header;
+struct ipv4_devconf;
+struct fib_rules_ops;
+struct hlist_head;
+struct sock;
+
+struct netns_ipv4 {
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *forw_hdr;
+ struct ctl_table_header *frags_hdr;
+ struct ctl_table_header *ipv4_hdr;
+ struct ctl_table_header *route_hdr;
+#endif
+ struct ipv4_devconf *devconf_all;
+ struct ipv4_devconf *devconf_dflt;
+#ifdef CONFIG_IP_MULTIPLE_TABLES
+ struct fib_rules_ops *rules_ops;
+#endif
+ struct hlist_head *fib_table_hash;
+ struct sock *fibnl;
+
+ struct sock **icmp_sk;
+ struct sock *tcp_sock;
+
+ struct netns_frags frags;
+#ifdef CONFIG_NETFILTER
+ struct xt_table *iptable_filter;
+ struct xt_table *iptable_mangle;
+ struct xt_table *iptable_raw;
+ struct xt_table *arptable_filter;
+#ifdef CONFIG_SECURITY
+ struct xt_table *iptable_security;
+#endif
+ struct xt_table *nat_table;
+ struct hlist_head *nat_bysource;
+ unsigned int nat_htable_size;
+#endif
+
+ int sysctl_icmp_echo_ignore_all;
+ int sysctl_icmp_echo_ignore_broadcasts;
+ int sysctl_icmp_ignore_bogus_error_responses;
+ int sysctl_icmp_ratelimit;
+ int sysctl_icmp_ratemask;
+ int sysctl_icmp_errors_use_inbound_ifaddr;
+ int sysctl_rt_cache_rebuild_count;
+ int current_rt_cache_rebuild_count;
+
+ unsigned int sysctl_ping_group_range[2];
+ long sysctl_tcp_mem[3];
+
+ atomic_t rt_genid;
+ atomic_t dev_addr_genid;
+
+#ifdef CONFIG_IP_MROUTE
+#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
+ struct mr_table *mrt;
+#else
+ struct list_head mr_tables;
+ struct fib_rules_ops *mr_rules_ops;
+#endif
+#endif
+};
+#endif
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
new file mode 100644
index 00000000..81abfcb2
--- /dev/null
+++ b/include/net/netns/ipv6.h
@@ -0,0 +1,70 @@
+/*
+ * ipv6 in net namespaces
+ */
+
+#include <net/inet_frag.h>
+
+#ifndef __NETNS_IPV6_H__
+#define __NETNS_IPV6_H__
+#include <net/dst_ops.h>
+
+struct ctl_table_header;
+
+struct netns_sysctl_ipv6 {
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *table;
+ struct ctl_table_header *frags_hdr;
+#endif
+ int bindv6only;
+ int flush_delay;
+ int ip6_rt_max_size;
+ int ip6_rt_gc_min_interval;
+ int ip6_rt_gc_timeout;
+ int ip6_rt_gc_interval;
+ int ip6_rt_gc_elasticity;
+ int ip6_rt_mtu_expires;
+ int ip6_rt_min_advmss;
+ int icmpv6_time;
+};
+
+struct netns_ipv6 {
+ struct netns_sysctl_ipv6 sysctl;
+ struct ipv6_devconf *devconf_all;
+ struct ipv6_devconf *devconf_dflt;
+ struct netns_frags frags;
+#ifdef CONFIG_NETFILTER
+ struct xt_table *ip6table_filter;
+ struct xt_table *ip6table_mangle;
+ struct xt_table *ip6table_raw;
+#ifdef CONFIG_SECURITY
+ struct xt_table *ip6table_security;
+#endif
+#endif
+ struct rt6_info *ip6_null_entry;
+ struct rt6_statistics *rt6_stats;
+ struct timer_list ip6_fib_timer;
+ struct hlist_head *fib_table_hash;
+ struct fib6_table *fib6_main_tbl;
+ struct dst_ops ip6_dst_ops;
+ unsigned int ip6_rt_gc_expire;
+ unsigned long ip6_rt_last_gc;
+#ifdef CONFIG_IPV6_MULTIPLE_TABLES
+ struct rt6_info *ip6_prohibit_entry;
+ struct rt6_info *ip6_blk_hole_entry;
+ struct fib6_table *fib6_local_tbl;
+ struct fib_rules_ops *fib6_rules_ops;
+#endif
+ struct sock **icmp_sk;
+ struct sock *ndisc_sk;
+ struct sock *tcp_sk;
+ struct sock *igmp_sk;
+#ifdef CONFIG_IPV6_MROUTE
+#ifndef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
+ struct mr6_table *mrt6;
+#else
+ struct list_head mr6_tables;
+ struct fib_rules_ops *mr6_rules_ops;
+#endif
+#endif
+};
+#endif
diff --git a/include/net/netns/mib.h b/include/net/netns/mib.h
new file mode 100644
index 00000000..d542a4b2
--- /dev/null
+++ b/include/net/netns/mib.h
@@ -0,0 +1,28 @@
+#ifndef __NETNS_MIB_H__
+#define __NETNS_MIB_H__
+
+#include <net/snmp.h>
+
+struct netns_mib {
+ DEFINE_SNMP_STAT(struct tcp_mib, tcp_statistics);
+ DEFINE_SNMP_STAT(struct ipstats_mib, ip_statistics);
+ DEFINE_SNMP_STAT(struct linux_mib, net_statistics);
+ DEFINE_SNMP_STAT(struct udp_mib, udp_statistics);
+ DEFINE_SNMP_STAT(struct udp_mib, udplite_statistics);
+ DEFINE_SNMP_STAT(struct icmp_mib, icmp_statistics);
+ DEFINE_SNMP_STAT_ATOMIC(struct icmpmsg_mib, icmpmsg_statistics);
+
+#if IS_ENABLED(CONFIG_IPV6)
+ struct proc_dir_entry *proc_net_devsnmp6;
+ DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6);
+ DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6);
+ DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics);
+ DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics);
+ DEFINE_SNMP_STAT_ATOMIC(struct icmpv6msg_mib, icmpv6msg_statistics);
+#endif
+#ifdef CONFIG_XFRM_STATISTICS
+ DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics);
+#endif
+};
+
+#endif
diff --git a/include/net/netns/packet.h b/include/net/netns/packet.h
new file mode 100644
index 00000000..cb4e894c
--- /dev/null
+++ b/include/net/netns/packet.h
@@ -0,0 +1,15 @@
+/*
+ * Packet network namespace
+ */
+#ifndef __NETNS_PACKET_H__
+#define __NETNS_PACKET_H__
+
+#include <linux/rculist.h>
+#include <linux/spinlock.h>
+
+struct netns_packet {
+ spinlock_t sklist_lock;
+ struct hlist_head sklist;
+};
+
+#endif /* __NETNS_PACKET_H__ */
diff --git a/include/net/netns/unix.h b/include/net/netns/unix.h
new file mode 100644
index 00000000..284649d4
--- /dev/null
+++ b/include/net/netns/unix.h
@@ -0,0 +1,13 @@
+/*
+ * Unix network namespace
+ */
+#ifndef __NETNS_UNIX_H__
+#define __NETNS_UNIX_H__
+
+struct ctl_table_header;
+struct netns_unix {
+ int sysctl_max_dgram_qlen;
+ struct ctl_table_header *ctl;
+};
+
+#endif /* __NETNS_UNIX_H__ */
diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h
new file mode 100644
index 00000000..591db7d6
--- /dev/null
+++ b/include/net/netns/x_tables.h
@@ -0,0 +1,18 @@
+#ifndef __NETNS_X_TABLES_H
+#define __NETNS_X_TABLES_H
+
+#include <linux/list.h>
+#include <linux/netfilter.h>
+
+struct ebt_table;
+
+struct netns_xt {
+ struct list_head tables[NFPROTO_NUMPROTO];
+#if defined(CONFIG_BRIDGE_NF_EBTABLES) || \
+ defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE)
+ struct ebt_table *broute_table;
+ struct ebt_table *frame_filter;
+ struct ebt_table *frame_nat;
+#endif
+};
+#endif
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
new file mode 100644
index 00000000..5299e69a
--- /dev/null
+++ b/include/net/netns/xfrm.h
@@ -0,0 +1,64 @@
+#ifndef __NETNS_XFRM_H
+#define __NETNS_XFRM_H
+
+#include <linux/list.h>
+#include <linux/wait.h>
+#include <linux/workqueue.h>
+#include <linux/xfrm.h>
+#include <net/dst_ops.h>
+
+struct ctl_table_header;
+
+struct xfrm_policy_hash {
+ struct hlist_head *table;
+ unsigned int hmask;
+};
+
+struct netns_xfrm {
+ struct list_head state_all;
+ /*
+ * Hash table to find appropriate SA towards given target (endpoint of
+ * tunnel or destination of transport mode) allowed by selector.
+ *
+ * Main use is finding SA after policy selected tunnel or transport
+ * mode. Also, it can be used by ah/esp icmp error handler to find
+ * offending SA.
+ */
+ struct hlist_head *state_bydst;
+ struct hlist_head *state_bysrc;
+ struct hlist_head *state_byspi;
+ unsigned int state_hmask;
+ unsigned int state_num;
+ struct work_struct state_hash_work;
+ struct hlist_head state_gc_list;
+ struct work_struct state_gc_work;
+
+ wait_queue_head_t km_waitq;
+
+ struct list_head policy_all;
+ struct hlist_head *policy_byidx;
+ unsigned int policy_idx_hmask;
+ struct hlist_head policy_inexact[XFRM_POLICY_MAX * 2];
+ struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2];
+ unsigned int policy_count[XFRM_POLICY_MAX * 2];
+ struct work_struct policy_hash_work;
+
+
+ struct sock *nlsk;
+ struct sock *nlsk_stash;
+
+ u32 sysctl_aevent_etime;
+ u32 sysctl_aevent_rseqth;
+ int sysctl_larval_drop;
+ u32 sysctl_acq_expires;
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *sysctl_hdr;
+#endif
+
+ struct dst_ops xfrm4_dst_ops;
+#if IS_ENABLED(CONFIG_IPV6)
+ struct dst_ops xfrm6_dst_ops;
+#endif
+};
+
+#endif