[PATCH 4/6] netns: Add SO_NSID and SO_NETID socket option

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vivien Chappelier <vivien.chappelier@thomson.net>
To: netdev <netdev@vger.kernel.org>
Cc: David Miller <davem@davemloft.net>,
	Benjamin Thery <benjamin.thery@bull.net>,
	jleu@mindspring.com, linux-vrf-general@lists.sourceforge.net
Subject: [PATCH 4/6] netns: Add SO_NSID and SO_NETID socket option
Date: Tue, 28 Oct 2008 18:44:40 +0100	[thread overview]
Message-ID: <20081028174440.GD8471@thomson.net> (raw)

SO_NSID: bind a socket to a network namespace, given its nsid

This allows a process to have individual sockets in different namespaces.
Also, calling setsockopt(SO_NSID) on a socket before using it for ioctl() make the ioctl() operations happen in the given namespace. This is very useful to configure or retrieve networking information in a different namespace.

SO_NETNS: bind a process to an already existing netns, given its nsid

This is an easy way to move a process to a different, already existing, network namespace without creating a new one.

---
 arch/alpha/include/asm/socket.h    |    4 +++
 arch/arm/include/asm/socket.h      |    4 +++
 arch/avr32/include/asm/socket.h    |    4 +++
 arch/blackfin/include/asm/socket.h |    4 +++
 arch/h8300/include/asm/socket.h    |    4 +++
 arch/ia64/include/asm/socket.h     |    4 +++
 arch/mips/include/asm/socket.h     |    4 +++
 arch/parisc/include/asm/socket.h   |    4 +++
 arch/powerpc/include/asm/socket.h  |    4 +++
 arch/s390/include/asm/socket.h     |    4 +++
 arch/sh/include/asm/socket.h       |    4 +++
 arch/sparc/include/asm/socket.h    |    4 +++
 arch/x86/include/asm/socket.h      |    4 +++
 include/asm-cris/socket.h          |    4 +++
 include/asm-frv/socket.h           |    4 +++
 include/asm-m32r/socket.h          |    4 +++
 include/asm-m68k/socket.h          |    4 +++
 include/asm-mn10300/socket.h       |    4 +++
 include/asm-xtensa/socket.h        |    4 +++
 net/core/sock.c                    |   47 +++++++++++++++++++++++++++++++++++-
 20 files changed, 122 insertions(+), 1 deletions(-)

diff --git a/arch/alpha/include/asm/socket.h b/arch/alpha/include/asm/socket.h
index a1057c2..e9f3f47 100644
--- a/arch/alpha/include/asm/socket.h
+++ b/arch/alpha/include/asm/socket.h
@@ -62,6 +62,10 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 /* O_NONBLOCK clashes with the bits used for socket types.  Therefore we
  * have to define SOCK_NONBLOCK to a different value here.
  */
diff --git a/arch/arm/include/asm/socket.h b/arch/arm/include/asm/socket.h
index 6817be9..5162369 100644
--- a/arch/arm/include/asm/socket.h
+++ b/arch/arm/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/arch/avr32/include/asm/socket.h b/arch/avr32/include/asm/socket.h
index 35863f2..d500536 100644
--- a/arch/avr32/include/asm/socket.h
+++ b/arch/avr32/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* __ASM_AVR32_SOCKET_H */
diff --git a/arch/blackfin/include/asm/socket.h b/arch/blackfin/include/asm/socket.h
index 2ca702e..a56fc0f 100644
--- a/arch/blackfin/include/asm/socket.h
+++ b/arch/blackfin/include/asm/socket.h
@@ -53,4 +53,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif				/* _ASM_SOCKET_H */
diff --git a/arch/h8300/include/asm/socket.h b/arch/h8300/include/asm/socket.h
index da2520d..112c632 100644
--- a/arch/h8300/include/asm/socket.h
+++ b/arch/h8300/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/arch/ia64/include/asm/socket.h b/arch/ia64/include/asm/socket.h
index d5ef0aa..246b075 100644
--- a/arch/ia64/include/asm/socket.h
+++ b/arch/ia64/include/asm/socket.h
@@ -63,4 +63,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_IA64_SOCKET_H */
diff --git a/arch/mips/include/asm/socket.h b/arch/mips/include/asm/socket.h
index facc2d7..d90fadb 100644
--- a/arch/mips/include/asm/socket.h
+++ b/arch/mips/include/asm/socket.h
@@ -75,6 +75,10 @@ To add: #define SO_REUSEPORT 0x0200	/* Allow local address and port reuse.  */
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #ifdef __KERNEL__
 
 /** sock_type - Socket types
diff --git a/arch/parisc/include/asm/socket.h b/arch/parisc/include/asm/socket.h
index fba402c..cebbd8b 100644
--- a/arch/parisc/include/asm/socket.h
+++ b/arch/parisc/include/asm/socket.h
@@ -54,6 +54,10 @@
 
 #define SO_MARK			0x401f
 
+/* Namespace management */
+#define SO_NETNS		0x4020
+#define SO_NSID			0x4021
+
 /* O_NONBLOCK clashes with the bits used for socket types.  Therefore we
  * have to define SOCK_NONBLOCK to a different value here.
  */
diff --git a/arch/powerpc/include/asm/socket.h b/arch/powerpc/include/asm/socket.h
index f5a4e16..68e9a53 100644
--- a/arch/powerpc/include/asm/socket.h
+++ b/arch/powerpc/include/asm/socket.h
@@ -61,4 +61,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif	/* _ASM_POWERPC_SOCKET_H */
diff --git a/arch/s390/include/asm/socket.h b/arch/s390/include/asm/socket.h
index c786ab6..48a2e1f 100644
--- a/arch/s390/include/asm/socket.h
+++ b/arch/s390/include/asm/socket.h
@@ -62,4 +62,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/arch/sh/include/asm/socket.h b/arch/sh/include/asm/socket.h
index 6d4bf65..3e1ae9a 100644
--- a/arch/sh/include/asm/socket.h
+++ b/arch/sh/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* __ASM_SH_SOCKET_H */
diff --git a/arch/sparc/include/asm/socket.h b/arch/sparc/include/asm/socket.h
index bf50d0c..e64381c 100644
--- a/arch/sparc/include/asm/socket.h
+++ b/arch/sparc/include/asm/socket.h
@@ -50,6 +50,10 @@
 
 #define SO_MARK			0x0022
 
+/* Namespace management */
+#define SO_NETNS		0x0023
+#define SO_NSID			0x0024
+
 /* Security levels - as per NRL IPv6 - don't actually do anything */
 #define SO_SECURITY_AUTHENTICATION		0x5001
 #define SO_SECURITY_ENCRYPTION_TRANSPORT	0x5002
diff --git a/arch/x86/include/asm/socket.h b/arch/x86/include/asm/socket.h
index 8ab9cc8..9023180 100644
--- a/arch/x86/include/asm/socket.h
+++ b/arch/x86/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_X86_SOCKET_H */
diff --git a/include/asm-cris/socket.h b/include/asm-cris/socket.h
index 9df0ca8..7550720 100644
--- a/include/asm-cris/socket.h
+++ b/include/asm-cris/socket.h
@@ -56,6 +56,10 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
 
 
diff --git a/include/asm-frv/socket.h b/include/asm-frv/socket.h
index e51ca67..2ea7442 100644
--- a/include/asm-frv/socket.h
+++ b/include/asm-frv/socket.h
@@ -54,5 +54,9 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
 
diff --git a/include/asm-m32r/socket.h b/include/asm-m32r/socket.h
index 9a0e200..06de900 100644
--- a/include/asm-m32r/socket.h
+++ b/include/asm-m32r/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_M32R_SOCKET_H */
diff --git a/include/asm-m68k/socket.h b/include/asm-m68k/socket.h
index dbc64e9..b208e7c 100644
--- a/include/asm-m68k/socket.h
+++ b/include/asm-m68k/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/include/asm-mn10300/socket.h b/include/asm-mn10300/socket.h
index 80af9c4..6665cb8 100644
--- a/include/asm-mn10300/socket.h
+++ b/include/asm-mn10300/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/include/asm-xtensa/socket.h b/include/asm-xtensa/socket.h
index 6100682..7882935 100644
--- a/include/asm-xtensa/socket.h
+++ b/include/asm-xtensa/socket.h
@@ -65,4 +65,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif	/* _XTENSA_SOCKET_H */
diff --git a/net/core/sock.c b/net/core/sock.c
index 5e2a313..b085f67 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -110,6 +110,7 @@
 #include <linux/tcp.h>
 #include <linux/init.h>
 #include <linux/highmem.h>
+#include <linux/nsproxy.h>
 
 #include <asm/uaccess.h>
 #include <asm/system.h>
@@ -668,7 +669,51 @@ set_rcvbuf:
 		}
 		break;
 
-		/* We implement the SO_SNDLOWAT etc to
+	case SO_NETNS:
+		if (!capable(CAP_NET_ADMIN)) {
+			ret = -EPERM;
+		} else {
+			struct nsproxy *new_nsproxy;
+			struct net *old_net, *new_net;
+
+			ret = -EINVAL;
+			new_net = get_net_ns_by_id(val);
+			if (new_net) {
+				ret = unshare_nsproxy_namespaces(CLONE_NEWNS,
+								 &new_nsproxy,
+								 NULL);
+				if (ret == 0) {
+					old_net = new_nsproxy->net_ns;
+					new_nsproxy->net_ns = new_net;
+					put_net(old_net);
+
+					switch_task_namespaces(current,
+							       new_nsproxy);
+				} else
+					put_net(new_net);
+			}
+		}
+		break;
+
+	case SO_NSID:
+		if (!capable(CAP_NET_ADMIN)) {
+			ret = -EPERM;
+		} else {
+			struct net *old_net, *new_net;
+
+			ret = -EINVAL;
+			new_net = get_net_ns_by_id(val);
+			if (new_net) {
+				ret = 0;
+				old_net = sock_net(sk);
+				sock_net_set(sk, get_net(new_net));
+				put_net(old_net);
+			}
+		}
+		break;
+
+
+	/* We implement the SO_SNDLOWAT etc to
 		   not be settable (1003.1g 5.3) */
 	default:
 		ret = -ENOPROTOOPT;
-- 
1.5.4.4

                 reply	other threads:[~2008-10-28 17:44 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a1057c2 dfblob:e9f3f47 dfblob:6817be9 dfblob:5162369
dfblob:35863f2 dfblob:d500536 dfblob:2ca702e dfblob:a56fc0f
dfblob:da2520d dfblob:112c632 dfblob:d5ef0aa dfblob:246b075
dfblob:facc2d7 dfblob:d90fadb dfblob:fba402c dfblob:cebbd8b
dfblob:f5a4e16 dfblob:68e9a53 dfblob:c786ab6 dfblob:48a2e1f
dfblob:6d4bf65 dfblob:3e1ae9a dfblob:bf50d0c dfblob:e64381c
dfblob:8ab9cc8 dfblob:9023180 dfblob:9df0ca8 dfblob:7550720
dfblob:e51ca67 dfblob:2ea7442 dfblob:9a0e200 dfblob:06de900
dfblob:dbc64e9 dfblob:b208e7c dfblob:80af9c4 dfblob:6665cb8
dfblob:6100682 dfblob:7882935 dfblob:5e2a313 dfblob:b085f67 )
 OR (
bs:"[PATCH 4/6] netns: Add SO_NSID and SO_NETID socket option" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081028174440.GD8471@thomson.net \
    --to=vivien.chappelier@thomson.net \
    --cc=benjamin.thery@bull.net \
    --cc=davem@davemloft.net \
    --cc=jleu@mindspring.com \
    --cc=linux-vrf-general@lists.sourceforge.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.