include/net/net_namespace.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * Operations on the network namespace
0004  */
0005 #ifndef __NET_NET_NAMESPACE_H
0006 #define __NET_NET_NAMESPACE_H
0007
0008 #include <linux/atomic.h>
0009 #include <linux/refcount.h>
0010 #include <linux/workqueue.h>
0011 #include <linux/list.h>
0012 #include <linux/sysctl.h>
0013 #include <linux/uidgid.h>
0014
0015 #include <net/flow.h>
0016 #include <net/netns/core.h>
0017 #include <net/netns/mib.h>
0018 #include <net/netns/unix.h>
0019 #include <net/netns/packet.h>
0020 #include <net/netns/ipv4.h>
0021 #include <net/netns/ipv6.h>
0022 #include <net/netns/nexthop.h>
0023 #include <net/netns/ieee802154_6lowpan.h>
0024 #include <net/netns/sctp.h>
0025 #include <net/netns/netfilter.h>
0026 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
0027 #include <net/netns/conntrack.h>
0028 #endif
0029 #if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
0030 #include <net/netns/flow_table.h>
0031 #endif
0032 #include <net/netns/nftables.h>
0033 #include <net/netns/xfrm.h>
0034 #include <net/netns/mpls.h>
0035 #include <net/netns/can.h>
0036 #include <net/netns/xdp.h>
0037 #include <net/netns/smc.h>
0038 #include <net/netns/bpf.h>
0039 #include <net/netns/mctp.h>
0040 #include <net/net_trackers.h>
0041 #include <linux/ns_common.h>
0042 #include <linux/idr.h>
0043 #include <linux/skbuff.h>
0044 #include <linux/notifier.h>
0045
0046 struct user_namespace;
0047 struct proc_dir_entry;
0048 struct net_device;
0049 struct sock;
0050 struct ctl_table_header;
0051 struct net_generic;
0052 struct uevent_sock;
0053 struct netns_ipvs;
0054 struct bpf_prog;
0055
0056
0057 #define NETDEV_HASHBITS    8
0058 #define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
0059
0060 struct net {
0061     /* First cache line can be often dirtied.
0062      * Do not place here read-mostly fields.
0063      */
0064     refcount_t      passive;    /* To decide when the network
0065                          * namespace should be freed.
0066                          */
0067     spinlock_t      rules_mod_lock;
0068
0069     atomic_t        dev_unreg_count;
0070
0071     unsigned int        dev_base_seq;   /* protected by rtnl_mutex */
0072     int         ifindex;
0073
0074     spinlock_t      nsid_lock;
0075     atomic_t        fnhe_genid;
0076
0077     struct list_head    list;       /* list of network namespaces */
0078     struct list_head    exit_list;  /* To linked to call pernet exit
0079                          * methods on dead net (
0080                          * pernet_ops_rwsem read locked),
0081                          * or to unregister pernet ops
0082                          * (pernet_ops_rwsem write locked).
0083                          */
0084     struct llist_node   cleanup_list;   /* namespaces on death row */
0085
0086 #ifdef CONFIG_KEYS
0087     struct key_tag      *key_domain;    /* Key domain of operation tag */
0088 #endif
0089     struct user_namespace   *user_ns;   /* Owning user namespace */
0090     struct ucounts      *ucounts;
0091     struct idr      netns_ids;
0092
0093     struct ns_common    ns;
0094     struct ref_tracker_dir  refcnt_tracker;
0095
0096     struct list_head    dev_base_head;
0097     struct proc_dir_entry   *proc_net;
0098     struct proc_dir_entry   *proc_net_stat;
0099
0100 #ifdef CONFIG_SYSCTL
0101     struct ctl_table_set    sysctls;
0102 #endif
0103
0104     struct sock         *rtnl;          /* rtnetlink socket */
0105     struct sock     *genl_sock;
0106
0107     struct uevent_sock  *uevent_sock;       /* uevent socket */
0108
0109     struct hlist_head   *dev_name_head;
0110     struct hlist_head   *dev_index_head;
0111     struct raw_notifier_head    netdev_chain;
0112
0113     /* Note that @hash_mix can be read millions times per second,
0114      * it is critical that it is on a read_mostly cache line.
0115      */
0116     u32         hash_mix;
0117
0118     struct net_device       *loopback_dev;          /* The loopback */
0119
0120     /* core fib_rules */
0121     struct list_head    rules_ops;
0122
0123     struct netns_core   core;
0124     struct netns_mib    mib;
0125     struct netns_packet packet;
0126 #if IS_ENABLED(CONFIG_UNIX)
0127     struct netns_unix   unx;
0128 #endif
0129     struct netns_nexthop    nexthop;
0130     struct netns_ipv4   ipv4;
0131 #if IS_ENABLED(CONFIG_IPV6)
0132     struct netns_ipv6   ipv6;
0133 #endif
0134 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
0135     struct netns_ieee802154_lowpan  ieee802154_lowpan;
0136 #endif
0137 #if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE)
0138     struct netns_sctp   sctp;
0139 #endif
0140 #ifdef CONFIG_NETFILTER
0141     struct netns_nf     nf;
0142 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
0143     struct netns_ct     ct;
0144 #endif
0145 #if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
0146     struct netns_nftables   nft;
0147 #endif
0148 #if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
0149     struct netns_ft ft;
0150 #endif
0151 #endif
0152 #ifdef CONFIG_WEXT_CORE
0153     struct sk_buff_head wext_nlevents;
0154 #endif
0155     struct net_generic __rcu    *gen;
0156
0157     /* Used to store attached BPF programs */
0158     struct netns_bpf    bpf;
0159
0160     /* Note : following structs are cache line aligned */
0161 #ifdef CONFIG_XFRM
0162     struct netns_xfrm   xfrm;
0163 #endif
0164
0165     u64         net_cookie; /* written once */
0166
0167 #if IS_ENABLED(CONFIG_IP_VS)
0168     struct netns_ipvs   *ipvs;
0169 #endif
0170 #if IS_ENABLED(CONFIG_MPLS)
0171     struct netns_mpls   mpls;
0172 #endif
0173 #if IS_ENABLED(CONFIG_CAN)
0174     struct netns_can    can;
0175 #endif
0176 #ifdef CONFIG_XDP_SOCKETS
0177     struct netns_xdp    xdp;
0178 #endif
0179 #if IS_ENABLED(CONFIG_MCTP)
0180     struct netns_mctp   mctp;
0181 #endif
0182 #if IS_ENABLED(CONFIG_CRYPTO_USER)
0183     struct sock     *crypto_nlsk;
0184 #endif
0185     struct sock     *diag_nlsk;
0186 #if IS_ENABLED(CONFIG_SMC)
0187     struct netns_smc    smc;
0188 #endif
0189 } __randomize_layout;
0190
0191 #include <linux/seq_file_net.h>
0192
0193 /* Init's network namespace */
0194 extern struct net init_net;
0195
0196 #ifdef CONFIG_NET_NS
0197 struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns,
0198             struct net *old_net);
0199
0200 void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid);
0201
0202 void net_ns_barrier(void);
0203
0204 struct ns_common *get_net_ns(struct ns_common *ns);
0205 struct net *get_net_ns_by_fd(int fd);
0206 #else /* CONFIG_NET_NS */
0207 #include <linux/sched.h>
0208 #include <linux/nsproxy.h>
0209 static inline struct net *copy_net_ns(unsigned long flags,
0210     struct user_namespace *user_ns, struct net *old_net)
0211 {
0212     if (flags & CLONE_NEWNET)
0213         return ERR_PTR(-EINVAL);
0214     return old_net;
0215 }
0216
0217 static inline void net_ns_get_ownership(const struct net *net,
0218                     kuid_t *uid, kgid_t *gid)
0219 {
0220     *uid = GLOBAL_ROOT_UID;
0221     *gid = GLOBAL_ROOT_GID;
0222 }
0223
0224 static inline void net_ns_barrier(void) {}
0225
0226 static inline struct ns_common *get_net_ns(struct ns_common *ns)
0227 {
0228     return ERR_PTR(-EINVAL);
0229 }
0230
0231 static inline struct net *get_net_ns_by_fd(int fd)
0232 {
0233     return ERR_PTR(-EINVAL);
0234 }
0235 #endif /* CONFIG_NET_NS */
0236
0237
0238 extern struct list_head net_namespace_list;
0239
0240 struct net *get_net_ns_by_pid(pid_t pid);
0241
0242 #ifdef CONFIG_SYSCTL
0243 void ipx_register_sysctl(void);
0244 void ipx_unregister_sysctl(void);
0245 #else
0246 #define ipx_register_sysctl()
0247 #define ipx_unregister_sysctl()
0248 #endif
0249
0250 #ifdef CONFIG_NET_NS
0251 void __put_net(struct net *net);
0252
0253 /* Try using get_net_track() instead */
0254 static inline struct net *get_net(struct net *net)
0255 {
0256     refcount_inc(&net->ns.count);
0257     return net;
0258 }
0259
0260 static inline struct net *maybe_get_net(struct net *net)
0261 {
0262     /* Used when we know struct net exists but we
0263      * aren't guaranteed a previous reference count
0264      * exists.  If the reference count is zero this
0265      * function fails and returns NULL.
0266      */
0267     if (!refcount_inc_not_zero(&net->ns.count))
0268         net = NULL;
0269     return net;
0270 }
0271
0272 /* Try using put_net_track() instead */
0273 static inline void put_net(struct net *net)
0274 {
0275     if (refcount_dec_and_test(&net->ns.count))
0276         __put_net(net);
0277 }
0278
0279 static inline
0280 int net_eq(const struct net *net1, const struct net *net2)
0281 {
0282     return net1 == net2;
0283 }
0284
0285 static inline int check_net(const struct net *net)
0286 {
0287     return refcount_read(&net->ns.count) != 0;
0288 }
0289
0290 void net_drop_ns(void *);
0291
0292 #else
0293
0294 static inline struct net *get_net(struct net *net)
0295 {
0296     return net;
0297 }
0298
0299 static inline void put_net(struct net *net)
0300 {
0301 }
0302
0303 static inline struct net *maybe_get_net(struct net *net)
0304 {
0305     return net;
0306 }
0307
0308 static inline
0309 int net_eq(const struct net *net1, const struct net *net2)
0310 {
0311     return 1;
0312 }
0313
0314 static inline int check_net(const struct net *net)
0315 {
0316     return 1;
0317 }
0318
0319 #define net_drop_ns NULL
0320 #endif
0321
0322
0323 static inline void netns_tracker_alloc(struct net *net,
0324                        netns_tracker *tracker, gfp_t gfp)
0325 {
0326 #ifdef CONFIG_NET_NS_REFCNT_TRACKER
0327     ref_tracker_alloc(&net->refcnt_tracker, tracker, gfp);
0328 #endif
0329 }
0330
0331 static inline void netns_tracker_free(struct net *net,
0332                       netns_tracker *tracker)
0333 {
0334 #ifdef CONFIG_NET_NS_REFCNT_TRACKER
0335        ref_tracker_free(&net->refcnt_tracker, tracker);
0336 #endif
0337 }
0338
0339 static inline struct net *get_net_track(struct net *net,
0340                     netns_tracker *tracker, gfp_t gfp)
0341 {
0342     get_net(net);
0343     netns_tracker_alloc(net, tracker, gfp);
0344     return net;
0345 }
0346
0347 static inline void put_net_track(struct net *net, netns_tracker *tracker)
0348 {
0349     netns_tracker_free(net, tracker);
0350     put_net(net);
0351 }
0352
0353 typedef struct {
0354 #ifdef CONFIG_NET_NS
0355     struct net *net;
0356 #endif
0357 } possible_net_t;
0358
0359 static inline void write_pnet(possible_net_t *pnet, struct net *net)
0360 {
0361 #ifdef CONFIG_NET_NS
0362     pnet->net = net;
0363 #endif
0364 }
0365
0366 static inline struct net *read_pnet(const possible_net_t *pnet)
0367 {
0368 #ifdef CONFIG_NET_NS
0369     return pnet->net;
0370 #else
0371     return &init_net;
0372 #endif
0373 }
0374
0375 /* Protected by net_rwsem */
0376 #define for_each_net(VAR)               \
0377     list_for_each_entry(VAR, &net_namespace_list, list)
0378 #define for_each_net_continue_reverse(VAR)      \
0379     list_for_each_entry_continue_reverse(VAR, &net_namespace_list, list)
0380 #define for_each_net_rcu(VAR)               \
0381     list_for_each_entry_rcu(VAR, &net_namespace_list, list)
0382
0383 #ifdef CONFIG_NET_NS
0384 #define __net_init
0385 #define __net_exit
0386 #define __net_initdata
0387 #define __net_initconst
0388 #else
0389 #define __net_init  __init
0390 #define __net_exit  __ref
0391 #define __net_initdata  __initdata
0392 #define __net_initconst __initconst
0393 #endif
0394
0395 int peernet2id_alloc(struct net *net, struct net *peer, gfp_t gfp);
0396 int peernet2id(const struct net *net, struct net *peer);
0397 bool peernet_has_id(const struct net *net, struct net *peer);
0398 struct net *get_net_ns_by_id(const struct net *net, int id);
0399
0400 struct pernet_operations {
0401     struct list_head list;
0402     /*
0403      * Below methods are called without any exclusive locks.
0404      * More than one net may be constructed and destructed
0405      * in parallel on several cpus. Every pernet_operations
0406      * have to keep in mind all other pernet_operations and
0407      * to introduce a locking, if they share common resources.
0408      *
0409      * The only time they are called with exclusive lock is
0410      * from register_pernet_subsys(), unregister_pernet_subsys()
0411      * register_pernet_device() and unregister_pernet_device().
0412      *
0413      * Exit methods using blocking RCU primitives, such as
0414      * synchronize_rcu(), should be implemented via exit_batch.
0415      * Then, destruction of a group of net requires single
0416      * synchronize_rcu() related to these pernet_operations,
0417      * instead of separate synchronize_rcu() for every net.
0418      * Please, avoid synchronize_rcu() at all, where it's possible.
0419      *
0420      * Note that a combination of pre_exit() and exit() can
0421      * be used, since a synchronize_rcu() is guaranteed between
0422      * the calls.
0423      */
0424     int (*init)(struct net *net);
0425     void (*pre_exit)(struct net *net);
0426     void (*exit)(struct net *net);
0427     void (*exit_batch)(struct list_head *net_exit_list);
0428     unsigned int *id;
0429     size_t size;
0430 };
0431
0432 /*
0433  * Use these carefully.  If you implement a network device and it
0434  * needs per network namespace operations use device pernet operations,
0435  * otherwise use pernet subsys operations.
0436  *
0437  * Network interfaces need to be removed from a dying netns _before_
0438  * subsys notifiers can be called, as most of the network code cleanup
0439  * (which is done from subsys notifiers) runs with the assumption that
0440  * dev_remove_pack has been called so no new packets will arrive during
0441  * and after the cleanup functions have been called.  dev_remove_pack
0442  * is not per namespace so instead the guarantee of no more packets
0443  * arriving in a network namespace is provided by ensuring that all
0444  * network devices and all sockets have left the network namespace
0445  * before the cleanup methods are called.
0446  *
0447  * For the longest time the ipv4 icmp code was registered as a pernet
0448  * device which caused kernel oops, and panics during network
0449  * namespace cleanup.   So please don't get this wrong.
0450  */
0451 int register_pernet_subsys(struct pernet_operations *);
0452 void unregister_pernet_subsys(struct pernet_operations *);
0453 int register_pernet_device(struct pernet_operations *);
0454 void unregister_pernet_device(struct pernet_operations *);
0455
0456 struct ctl_table;
0457
0458 #ifdef CONFIG_SYSCTL
0459 int net_sysctl_init(void);
0460 struct ctl_table_header *register_net_sysctl(struct net *net, const char *path,
0461                          struct ctl_table *table);
0462 void unregister_net_sysctl_table(struct ctl_table_header *header);
0463 #else
0464 static inline int net_sysctl_init(void) { return 0; }
0465 static inline struct ctl_table_header *register_net_sysctl(struct net *net,
0466     const char *path, struct ctl_table *table)
0467 {
0468     return NULL;
0469 }
0470 static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
0471 {
0472 }
0473 #endif
0474
0475 static inline int rt_genid_ipv4(const struct net *net)
0476 {
0477     return atomic_read(&net->ipv4.rt_genid);
0478 }
0479
0480 #if IS_ENABLED(CONFIG_IPV6)
0481 static inline int rt_genid_ipv6(const struct net *net)
0482 {
0483     return atomic_read(&net->ipv6.fib6_sernum);
0484 }
0485 #endif
0486
0487 static inline void rt_genid_bump_ipv4(struct net *net)
0488 {
0489     atomic_inc(&net->ipv4.rt_genid);
0490 }
0491
0492 extern void (*__fib6_flush_trees)(struct net *net);
0493 static inline void rt_genid_bump_ipv6(struct net *net)
0494 {
0495     if (__fib6_flush_trees)
0496         __fib6_flush_trees(net);
0497 }
0498
0499 #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN)
0500 static inline struct netns_ieee802154_lowpan *
0501 net_ieee802154_lowpan(struct net *net)
0502 {
0503     return &net->ieee802154_lowpan;
0504 }
0505 #endif
0506
0507 /* For callers who don't really care about whether it's IPv4 or IPv6 */
0508 static inline void rt_genid_bump_all(struct net *net)
0509 {
0510     rt_genid_bump_ipv4(net);
0511     rt_genid_bump_ipv6(net);
0512 }
0513
0514 static inline int fnhe_genid(const struct net *net)
0515 {
0516     return atomic_read(&net->fnhe_genid);
0517 }
0518
0519 static inline void fnhe_genid_bump(struct net *net)
0520 {
0521     atomic_inc(&net->fnhe_genid);
0522 }
0523
0524 #ifdef CONFIG_NET
0525 void net_ns_init(void);
0526 #else
0527 static inline void net_ns_init(void) {}
0528 #endif
0529
0530 #endif /* __NET_NET_NAMESPACE_H */