09 Jun, 2012
1 commit
-
now inetpeer doesn't support namespace,the information will
be leaking across namespace.this patch move the global vars v4_peers and v6_peers to
netns_ipv4 and netns_ipv6 as a field peers.add struct pernet_operations inetpeer_ops to initial pernet
inetpeer data.and change family_to_base and inet_getpeer to support namespace.
Signed-off-by: Gao feng
Signed-off-by: David S. Miller
21 Apr, 2012
1 commit
-
The sysctl core no longer natively understands sysctl tables
with .child entries.Split the ipv6_table to remove the .child entries.
Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
11 May, 2010
4 commits
-
This patch adds support for multiple independant multicast routing instances,
named "tables".Userspace multicast routing daemons can bind to a specific table instance by
issuing a setsockopt call using a new option MRT6_TABLE. The table number is
stored in the raw socket data and affects all following ip6mr setsockopt(),
getsockopt() and ioctl() calls. By default, a single table (RT6_TABLE_DFLT)
is created with a default routing rule pointing to it. Newly created pim6reg
devices have the table number appended ("pim6regX"), with the exception of
devices created in the default table, which are named just "pim6reg" for
compatibility reasons.Packets are directed to a specific table instance using routing rules,
similar to how regular routing rules work. Currently iif, oif and mark
are supported as keys, source and destination addresses could be supported
additionally.Example usage:
- bind pimd/xorp/... to a specific table:
uint32_t table = 123;
setsockopt(fd, SOL_IPV6, MRT6_TABLE, &table, sizeof(table));- create routing rules directing packets to the new table:
# ip -6 mrule add iif eth0 lookup 123
# ip -6 mrule add oif eth0 lookup 123Signed-off-by: Patrick McHardy
-
Signed-off-by: Patrick McHardy
-
Signed-off-by: Patrick McHardy
-
The unres_queue is currently shared between all namespaces. Following patches
will additionally allow to create multiple multicast routing tables in each
namespace. Having a single shared queue for all these users seems to excessive,
move the queue and the cleanup timer to the per-namespace data to unshare it.As a side-effect, this fixes a bug in the seq file iteration functions: the
first entry returned is always from the current namespace, entries returned
after that may belong to any namespace.Signed-off-by: Patrick McHardy
18 Jan, 2010
1 commit
-
'security' tables depend on SECURITY, so ifdef them.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
02 Sep, 2009
1 commit
-
struct net::ipv6.ip6_dst_ops is separatedly dynamically allocated,
but there is no fundamental reason for it. Embed it directly into
struct netns_ipv6.For that:
* move struct dst_ops into separate header to fix circular dependencies
I honestly tried not to, it's pretty impossible to do other way
* drop dynamical allocation, allocate together with netnsFor a change, remove struct dst_ops::dst_net, it's deducible
by using container_of() given dst_ops pointer.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
11 Dec, 2008
6 commits
-
Preliminary work to make IPv6 multicast forwarding netns-aware.
Declare variable 'reg_vif_num' per-namespace, moves into struct netns_ipv6.
At the moment, this variable is only referenced in init_net.
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Preliminary work to make IPv6 multicast forwarding netns-aware.
Declare IPv6 multicast forwarding variables 'mroute_do_assert' and
'mroute_do_pim' per-namespace in struct netns_ipv6.At the moment, these variables are only referenced in init_net.
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Preliminary work to make IPv6 multicast forwarding netns-aware.
Declare variable cache_resolve_queue_len per-namespace: moves it into
struct netns_ipv6.This variable counts the number of unresolved cache entries queued in the
list mfc_unres_queue. This list is kept global to all netns as the number
of entries per namespace is limited to 10 (hardcoded in routine
ip6mr_cache_unresolved).
Entries belonging to different namespaces in mfc_unres_queue will be
identified by matching the mfc_net member introduced previously in
struct mfc6_cache.Keeping this list global to all netns, also allows us to keep a single
timer (ipmr_expire_timer) to handle their expiration.
In some places cache_resolve_queue_len value was tested for arming
or deleting the timer. These tests were equivalent to testing
mfc_unres_queue value instead and are replaced in this patch.At the moment, cache_resolve_queue_len is only referenced in init_net.
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Preliminary work to make IPv6 multicast forwarding netns-aware.
Dynamically allocates IPv6 multicast forwarding cache, mfc6_cache_array,
and moves it to struct netns_ipv6.At the moment, mfc6_cache_array is only referenced in init_net.
Replace 'ARRAY_SIZE(mfc6_cache_array)' with mfc6_cache_array size: MFC6_LINES.
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Preliminary work to make IPv6 multicast forwarding netns-aware.
Dynamically allocates interface table vif6_table and moves it to
struct netns_ipv6, and updates MIF_EXISTS() macro.At the moment, vif6_table is only referenced in init_net.
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Preliminary work to make IPv6 multicast forwarding netns-aware.
Make IPv6 multicast forwarding mroute6_socket per-namespace,
moves it into struct netns_ipv6.At the moment, mroute6_socket is only referenced in init_net.
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller
23 Jul, 2008
1 commit
-
FIB timer list is a trivial size structure, avoid indirection and just
put it in existing ns.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
10 Jun, 2008
1 commit
-
This is a port of the IPv4 security table for IPv6.
Signed-off-by: James Morris
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
08 Mar, 2008
3 commits
-
This patch make use of the network namespace information at the right
places to handle the multicast for several network namespaces. It
makes the socket control to be per namespace too.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Instead of having a tcp6_socket global to all the namespace, there is
tcp6 socket control per namespace. That is consistent with which
namespace sent a RST and allows to pass the socket to the underlying
function to retrieve the network namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Make ndisc socket control per namespace.
Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller
05 Mar, 2008
3 commits
-
This patch makes the necessary changes to make IPv6 dst_entry garbage
collection work with multiple network namespaces.In ip6_dst_gc(), static local variables are now declared
per-namespace.Signed-off-by: Benjamin Thery
Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The ip6_dst_ops is moved inside the network namespace structure. All
references to this structure are now relative to the initial network
namespace.Signed-off-by: Benjamin Thery
Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The rt6_info structures are moved inside the network namespace
structure. All references to these structures are now relative to the
initial network namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller
04 Mar, 2008
4 commits
-
The rt6_stats is now per namespace with this patch. It is allocated
when a network namespace is created and freed when the network
namespace exits and references are relative to the network namespace.Signed-off-by: Benjamin Thery
Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The fib6_rules_ops is moved to the network namespace structure. All
references are changed to have it relatively to it.Each time a network namespace is created a new fib6_rules_ops is
allocated, initialized and stored into the network namespace
structure.The common part of the fib rules is namespace aware, so it is quite
easy to retrieve the network namespace from the rules and use it in
the different callbacks.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Move the timer initialization at the network namespace creation and
store the network namespace in the timer argument.That enables multiple timers (one per network namespace) to do garbage
collecting.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
The fib table for ipv6 are moved to the network namespace structure.
All references to them are made relatively to the network namespace.All external calls to the ip6_fib functions taking the network
namespace parameter are made using the init_net variable, so the
ip6_fib engine is ready for the namespaces but the callers not yet.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller
01 Mar, 2008
1 commit
-
All preparations are done. Now just add a hook to perform an
initialization on namespace startup and replace icmpv6_sk macro with
proper inline call. Actual namespace the packet belongs too will be
passed later along with the one for the routing.Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller
01 Feb, 2008
1 commit
-
Now it's possible to list and manipulate per-netns ip6tables rules.
Filtering decisions are based on init_net's table so far.P.S.: remove init_net check in inet6_create() to see the effect
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
10 commits
-
Since we have one hashtable to lookup the fragment, having
different secret_interval-s for hash rebuild doesn't make
sense, so move this one to inet_frags.The inet_frags_ctl becomes empty after this, so remove it.
The appropriate ctl table is kept read-only in namespaces.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Each namespace has to have own tables to tune their
different parameters, so duplicate the tables and
register them.All the tables in sub-namespaces are temporarily made
read-only.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Since fragment management code is consolidated, we cannot have the
pointer from inet_frag_queue to struct net, since we must know what
king of fragment this is.So, I introduce the netns_frags structure. This one is currently
empty, but will be eventually filled with per-namespace
attributes. Each inet_frag_queue is tagged with this one.The conntrack_reasm is not "netns-izated", so it has one static
netns_frags instance to keep working in init namespace.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This is the core. Declare and register the pernet subsys for
addrconf. The init callback the will create the devconf-s.The init_net will reuse the existing statically declared confs,
so that accessing them from inside the ipv6 code will still
work.The register_pernet_subsys() is moved above the ipv6_add_dev()
call for loopback, because this function will need the
net->devconf_dflt pointer to be already set.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This patch moves the icmpv6_time sysctl to the network namespace
structure.Because the ipv6 protocol is not yet per namespace, the variable is
accessed relatively to the initial network namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
All the sysctl concerning the routes are moved to the network
namespace structure. A helper function is called to initialize the
variables.Because the ipv6 protocol is not yet per namespace, the variables are
accessed relatively from the network namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The ip6_frags is moved to the network namespace structure. Because
there can be multiple instances of the network namespaces, and the
ip6_frags is no longer a global static variable, a helper function has
been added to facilitate the initialization of the variables.Until the ipv6 protocol is not per namespace, the variables are
accessed relatively from the initial network namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
This patch moves the bindv6only sysctl to the network namespace
structure. Until the ipv6 protocol is not per namespace, the sysctl
variable is always from the initial network namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
Each network namespace wants its own set of sysctl value, eg. we
should not be able from a namespace to set a sysctl value for another
namespace , especially for the initial network namespace.This patch duplicates the sysctl table when we register a new network
namespace for ipv6. The duplicated table are postfixed with the
"template" word to notify the developper the table is cloned.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
Like the ipv4 part, this patch adds an ipv6 structure in the net
structure to aggregate the different resources to make ipv6 per
namespace.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller
