Re: [patch 1/2][RFC] add socketat syscall

Re: [patch 1/2][RFC] add socketat syscall

[Michael Kerrisk]

Hi Daniel,

Please CC linux-api on API/ABI changes.

See Documentation/SubmitChecklist and
http://thread.gmane.org/gmane.linux.ltp/5658.

Thanks,

Michael

On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
> This patch adds the socketat syscall which allows to specify in
> which network namespace we want to create a socket. The network
> namespace destination is referred by a socket fd previously opened
> in the destination network namespace.
>
> Signed-off-by: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
> ---
>  arch/x86/include/asm/unistd_32.h   |    1
>  arch/x86/include/asm/unistd_64.h   |    3 +-
>  arch/x86/kernel/syscall_table_32.S |    1
>  include/linux/syscalls.h           |    1
>  kernel/sys_ni.c                    |    1
>  net/socket.c                       |   45 +++++++++++++++++++++++++++++++++++++
>  6 files changed, 51 insertions(+), 1 deletion(-)
>
> Index: net-next-2.6/arch/x86/include/asm/unistd_32.h
> ===================================================================
> --- net-next-2.6.orig/arch/x86/include/asm/unistd_32.h
> +++ net-next-2.6/arch/x86/include/asm/unistd_32.h
> @@ -338,6 +338,7 @@
>  #define __NR_dup3              330
>  #define __NR_pipe2             331
>  #define __NR_inotify_init1     332
> +#define __NR_socketat           333
>
>  #ifdef __KERNEL__
>
> Index: net-next-2.6/arch/x86/include/asm/unistd_64.h
> ===================================================================
> --- net-next-2.6.orig/arch/x86/include/asm/unistd_64.h
> +++ net-next-2.6/arch/x86/include/asm/unistd_64.h
> @@ -653,7 +653,8 @@ __SYSCALL(__NR_dup3, sys_dup3)
>  __SYSCALL(__NR_pipe2, sys_pipe2)
>  #define __NR_inotify_init1                     294
>  __SYSCALL(__NR_inotify_init1, sys_inotify_init1)
> -
> +#define __NR_socketat                           295
> +__SYSCALL(__NR_socketat, sys_socketat)
>
>  #ifndef __NO_STUBS
>  #define __ARCH_WANT_OLD_READDIR
> Index: net-next-2.6/arch/x86/kernel/syscall_table_32.S
> ===================================================================
> --- net-next-2.6.orig/arch/x86/kernel/syscall_table_32.S
> +++ net-next-2.6/arch/x86/kernel/syscall_table_32.S
> @@ -332,3 +332,4 @@ ENTRY(sys_call_table)
>        .long sys_dup3                  /* 330 */
>        .long sys_pipe2
>        .long sys_inotify_init1
> +       .long sys_socketat
> Index: net-next-2.6/net/socket.c
> ===================================================================
> --- net-next-2.6.orig/net/socket.c
> +++ net-next-2.6/net/socket.c
> @@ -1253,6 +1253,51 @@ out_release:
>        return retval;
>  }
>
> +asmlinkage long sys_socketat(int fd, int family, int type, int protocol)
> +{
> +       int retval, fput_needed;
> +       struct socket *sock;
> +       struct socket *sockat;
> +       struct net *net;
> +       int flags;
> +
> +       /* Check the SOCK_* constants for consistency.  */
> +       BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
> +       BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
> +       BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
> +       BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
> +
> +       flags = type & ~SOCK_TYPE_MASK;
> +       if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
> +               return -EINVAL;
> +       type &= SOCK_TYPE_MASK;
> +
> +       if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
> +               flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
> +
> +       sock = sockfd_lookup_light(fd, &retval, &fput_needed);
> +       if (!sock)
> +               goto out;
> +
> +       net = sock_net(sock->sk);
> +
> +       retval = __sock_create(net, family, type, protocol, &sockat, 0);
> +       if (retval)
> +               goto out_fput;
> +
> +       retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
> +       if (retval < 0)
> +               goto out_release;
> +out_fput:
> +       fput_light(sock->file, fput_needed);
> +out:
> +       return retval;
> +
> +out_release:
> +       sock_release(sockat);
> +       goto out;
> +}
> +
>  /*
>  *     Create a pair of connected sockets.
>  */
> Index: net-next-2.6/include/linux/syscalls.h
> ===================================================================
> --- net-next-2.6.orig/include/linux/syscalls.h
> +++ net-next-2.6/include/linux/syscalls.h
> @@ -423,6 +423,7 @@ asmlinkage long sys_recvfrom(int, void _
>                                struct sockaddr __user *, int __user *);
>  asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags);
>  asmlinkage long sys_socket(int, int, int);
> +asmlinkage long sys_socketat(int, int, int, int);
>  asmlinkage long sys_socketpair(int, int, int, int __user *);
>  asmlinkage long sys_socketcall(int call, unsigned long __user *args);
>  asmlinkage long sys_listen(int, int);
> Index: net-next-2.6/kernel/sys_ni.c
> ===================================================================
> --- net-next-2.6.orig/kernel/sys_ni.c
> +++ net-next-2.6/kernel/sys_ni.c
> @@ -40,6 +40,7 @@ cond_syscall(sys_send);
>  cond_syscall(sys_recvfrom);
>  cond_syscall(sys_recv);
>  cond_syscall(sys_socket);
> +cond_syscall(sys_socketat);
>  cond_syscall(sys_setsockopt);
>  cond_syscall(compat_sys_setsockopt);
>  cond_syscall(sys_getsockopt);
>
> --
> _______________________________________________
> Containers mailing list
> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linux-foundation.org/mailman/listinfo/containers
>



-- 
Michael Kerrisk Linux man-pages maintainer;
http://www.kernel.org/doc/man-pages/ Found a documentation bug?
http://www.kernel.org/doc/man-pages/reporting_bugs.html
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Daniel Lezcano]

Michael Kerrisk wrote:
> Hi Daniel,
> 
> Please CC linux-api on API/ABI changes.
> 
> See Documentation/SubmitChecklist and
> http://thread.gmane.org/gmane.linux.ltp/5658.

Will do, thanks.

   -- Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Michael Kerrisk]

> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
>> This patch adds the socketat syscall which allows to specify in
>> which network namespace we want to create a socket. The network
>> namespace destination is referred by a socket fd previously opened
>> in the destination network namespace.

Daniel,

Is there any documentation for this system call, and/or test programs?

Cheers,

Michael

>> Signed-off-by: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
>> ---
>>  arch/x86/include/asm/unistd_32.h   |    1
>>  arch/x86/include/asm/unistd_64.h   |    3 +-
>>  arch/x86/kernel/syscall_table_32.S |    1
>>  include/linux/syscalls.h           |    1
>>  kernel/sys_ni.c                    |    1
>>  net/socket.c                       |   45 +++++++++++++++++++++++++++++++++++++
>>  6 files changed, 51 insertions(+), 1 deletion(-)
>>
>> Index: net-next-2.6/arch/x86/include/asm/unistd_32.h
>> ===================================================================
>> --- net-next-2.6.orig/arch/x86/include/asm/unistd_32.h
>> +++ net-next-2.6/arch/x86/include/asm/unistd_32.h
>> @@ -338,6 +338,7 @@
>>  #define __NR_dup3              330
>>  #define __NR_pipe2             331
>>  #define __NR_inotify_init1     332
>> +#define __NR_socketat           333
>>
>>  #ifdef __KERNEL__
>>
>> Index: net-next-2.6/arch/x86/include/asm/unistd_64.h
>> ===================================================================
>> --- net-next-2.6.orig/arch/x86/include/asm/unistd_64.h
>> +++ net-next-2.6/arch/x86/include/asm/unistd_64.h
>> @@ -653,7 +653,8 @@ __SYSCALL(__NR_dup3, sys_dup3)
>>  __SYSCALL(__NR_pipe2, sys_pipe2)
>>  #define __NR_inotify_init1                     294
>>  __SYSCALL(__NR_inotify_init1, sys_inotify_init1)
>> -
>> +#define __NR_socketat                           295
>> +__SYSCALL(__NR_socketat, sys_socketat)
>>
>>  #ifndef __NO_STUBS
>>  #define __ARCH_WANT_OLD_READDIR
>> Index: net-next-2.6/arch/x86/kernel/syscall_table_32.S
>> ===================================================================
>> --- net-next-2.6.orig/arch/x86/kernel/syscall_table_32.S
>> +++ net-next-2.6/arch/x86/kernel/syscall_table_32.S
>> @@ -332,3 +332,4 @@ ENTRY(sys_call_table)
>>        .long sys_dup3                  /* 330 */
>>        .long sys_pipe2
>>        .long sys_inotify_init1
>> +       .long sys_socketat
>> Index: net-next-2.6/net/socket.c
>> ===================================================================
>> --- net-next-2.6.orig/net/socket.c
>> +++ net-next-2.6/net/socket.c
>> @@ -1253,6 +1253,51 @@ out_release:
>>        return retval;
>>  }
>>
>> +asmlinkage long sys_socketat(int fd, int family, int type, int protocol)
>> +{
>> +       int retval, fput_needed;
>> +       struct socket *sock;
>> +       struct socket *sockat;
>> +       struct net *net;
>> +       int flags;
>> +
>> +       /* Check the SOCK_* constants for consistency.  */
>> +       BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
>> +       BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
>> +       BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
>> +       BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
>> +
>> +       flags = type & ~SOCK_TYPE_MASK;
>> +       if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
>> +               return -EINVAL;
>> +       type &= SOCK_TYPE_MASK;
>> +
>> +       if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
>> +               flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
>> +
>> +       sock = sockfd_lookup_light(fd, &retval, &fput_needed);
>> +       if (!sock)
>> +               goto out;
>> +
>> +       net = sock_net(sock->sk);
>> +
>> +       retval = __sock_create(net, family, type, protocol, &sockat, 0);
>> +       if (retval)
>> +               goto out_fput;
>> +
>> +       retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
>> +       if (retval < 0)
>> +               goto out_release;
>> +out_fput:
>> +       fput_light(sock->file, fput_needed);
>> +out:
>> +       return retval;
>> +
>> +out_release:
>> +       sock_release(sockat);
>> +       goto out;
>> +}
>> +
>>  /*
>>  *     Create a pair of connected sockets.
>>  */
>> Index: net-next-2.6/include/linux/syscalls.h
>> ===================================================================
>> --- net-next-2.6.orig/include/linux/syscalls.h
>> +++ net-next-2.6/include/linux/syscalls.h
>> @@ -423,6 +423,7 @@ asmlinkage long sys_recvfrom(int, void _
>>                                struct sockaddr __user *, int __user *);
>>  asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags);
>>  asmlinkage long sys_socket(int, int, int);
>> +asmlinkage long sys_socketat(int, int, int, int);
>>  asmlinkage long sys_socketpair(int, int, int, int __user *);
>>  asmlinkage long sys_socketcall(int call, unsigned long __user *args);
>>  asmlinkage long sys_listen(int, int);
>> Index: net-next-2.6/kernel/sys_ni.c
>> ===================================================================
>> --- net-next-2.6.orig/kernel/sys_ni.c
>> +++ net-next-2.6/kernel/sys_ni.c
>> @@ -40,6 +40,7 @@ cond_syscall(sys_send);
>>  cond_syscall(sys_recvfrom);
>>  cond_syscall(sys_recv);
>>  cond_syscall(sys_socket);
>> +cond_syscall(sys_socketat);
>>  cond_syscall(sys_setsockopt);
>>  cond_syscall(compat_sys_setsockopt);
>>  cond_syscall(sys_getsockopt);
>>
>> --
>> _______________________________________________
>> Containers mailing list
>> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
>> https://lists.linux-foundation.org/mailman/listinfo/containers
>>
>
>
>
> --
> Michael Kerrisk Linux man-pages maintainer;
> http://www.kernel.org/doc/man-pages/ Found a documentation bug?
> http://www.kernel.org/doc/man-pages/reporting_bugs.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-api" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git
man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html
Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Daniel Lezcano]

Michael Kerrisk wrote:
>> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
>>> This patch adds the socketat syscall which allows to specify in
>>> which network namespace we want to create a socket. The network
>>> namespace destination is referred by a socket fd previously opened
>>> in the destination network namespace.
> 
> Daniel,
> 
> Is there any documentation for this system call, and/or test programs?

Not yet.

This small patch is a proposition to Andreas and Vivien to have a single 
process being able to manage several network namespaces.

When a process unshares the network, it creates a socket which is used 
as a socket control (it belongs to the network namespace). Each time a 
network namespace is created, a socket control is created.

When the process has to create a socket for a specific network 
namespace, it can use the socket control to specify it. This is the 
purpose of the socketat syscall.

One example for a program in userspace:

int main(int argc, char *argv[])
{
	const int maxunshare = 128;
	int scs[maxunshare];
	int i, fd;
	
	for (i = 0; i < maxunshare; i++) {
		scs[i] = socket(PF_INET, SOCK_DGRAM, 0);
		unshare(CLONE_NEWNET);
	}

	....

	/* I want to create a socket inside the network namespace #10 */

	fd = socketat(scs[10], PF_INET, SOCKET_STREAM, 0);

	....

	bind, listen, etc ...
}

>>> Signed-off-by: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
>>> ---
>>>  arch/x86/include/asm/unistd_32.h   |    1
>>>  arch/x86/include/asm/unistd_64.h   |    3 +-
>>>  arch/x86/kernel/syscall_table_32.S |    1
>>>  include/linux/syscalls.h           |    1
>>>  kernel/sys_ni.c                    |    1
>>>  net/socket.c                       |   45 +++++++++++++++++++++++++++++++++++++
>>>  6 files changed, 51 insertions(+), 1 deletion(-)
>>>
>>> Index: net-next-2.6/arch/x86/include/asm/unistd_32.h
>>> ===================================================================
>>> --- net-next-2.6.orig/arch/x86/include/asm/unistd_32.h
>>> +++ net-next-2.6/arch/x86/include/asm/unistd_32.h
>>> @@ -338,6 +338,7 @@
>>>  #define __NR_dup3              330
>>>  #define __NR_pipe2             331
>>>  #define __NR_inotify_init1     332
>>> +#define __NR_socketat           333
>>>
>>>  #ifdef __KERNEL__
>>>
>>> Index: net-next-2.6/arch/x86/include/asm/unistd_64.h
>>> ===================================================================
>>> --- net-next-2.6.orig/arch/x86/include/asm/unistd_64.h
>>> +++ net-next-2.6/arch/x86/include/asm/unistd_64.h
>>> @@ -653,7 +653,8 @@ __SYSCALL(__NR_dup3, sys_dup3)
>>>  __SYSCALL(__NR_pipe2, sys_pipe2)
>>>  #define __NR_inotify_init1                     294
>>>  __SYSCALL(__NR_inotify_init1, sys_inotify_init1)
>>> -
>>> +#define __NR_socketat                           295
>>> +__SYSCALL(__NR_socketat, sys_socketat)
>>>
>>>  #ifndef __NO_STUBS
>>>  #define __ARCH_WANT_OLD_READDIR
>>> Index: net-next-2.6/arch/x86/kernel/syscall_table_32.S
>>> ===================================================================
>>> --- net-next-2.6.orig/arch/x86/kernel/syscall_table_32.S
>>> +++ net-next-2.6/arch/x86/kernel/syscall_table_32.S
>>> @@ -332,3 +332,4 @@ ENTRY(sys_call_table)
>>>        .long sys_dup3                  /* 330 */
>>>        .long sys_pipe2
>>>        .long sys_inotify_init1
>>> +       .long sys_socketat
>>> Index: net-next-2.6/net/socket.c
>>> ===================================================================
>>> --- net-next-2.6.orig/net/socket.c
>>> +++ net-next-2.6/net/socket.c
>>> @@ -1253,6 +1253,51 @@ out_release:
>>>        return retval;
>>>  }
>>>
>>> +asmlinkage long sys_socketat(int fd, int family, int type, int protocol)
>>> +{
>>> +       int retval, fput_needed;
>>> +       struct socket *sock;
>>> +       struct socket *sockat;
>>> +       struct net *net;
>>> +       int flags;
>>> +
>>> +       /* Check the SOCK_* constants for consistency.  */
>>> +       BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
>>> +       BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
>>> +       BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
>>> +       BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
>>> +
>>> +       flags = type & ~SOCK_TYPE_MASK;
>>> +       if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
>>> +               return -EINVAL;
>>> +       type &= SOCK_TYPE_MASK;
>>> +
>>> +       if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
>>> +               flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
>>> +
>>> +       sock = sockfd_lookup_light(fd, &retval, &fput_needed);
>>> +       if (!sock)
>>> +               goto out;
>>> +
>>> +       net = sock_net(sock->sk);
>>> +
>>> +       retval = __sock_create(net, family, type, protocol, &sockat, 0);
>>> +       if (retval)
>>> +               goto out_fput;
>>> +
>>> +       retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
>>> +       if (retval < 0)
>>> +               goto out_release;
>>> +out_fput:
>>> +       fput_light(sock->file, fput_needed);
>>> +out:
>>> +       return retval;
>>> +
>>> +out_release:
>>> +       sock_release(sockat);
>>> +       goto out;
>>> +}
>>> +
>>>  /*
>>>  *     Create a pair of connected sockets.
>>>  */
>>> Index: net-next-2.6/include/linux/syscalls.h
>>> ===================================================================
>>> --- net-next-2.6.orig/include/linux/syscalls.h
>>> +++ net-next-2.6/include/linux/syscalls.h
>>> @@ -423,6 +423,7 @@ asmlinkage long sys_recvfrom(int, void _
>>>                                struct sockaddr __user *, int __user *);
>>>  asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags);
>>>  asmlinkage long sys_socket(int, int, int);
>>> +asmlinkage long sys_socketat(int, int, int, int);
>>>  asmlinkage long sys_socketpair(int, int, int, int __user *);
>>>  asmlinkage long sys_socketcall(int call, unsigned long __user *args);
>>>  asmlinkage long sys_listen(int, int);
>>> Index: net-next-2.6/kernel/sys_ni.c
>>> ===================================================================
>>> --- net-next-2.6.orig/kernel/sys_ni.c
>>> +++ net-next-2.6/kernel/sys_ni.c
>>> @@ -40,6 +40,7 @@ cond_syscall(sys_send);
>>>  cond_syscall(sys_recvfrom);
>>>  cond_syscall(sys_recv);
>>>  cond_syscall(sys_socket);
>>> +cond_syscall(sys_socketat);
>>>  cond_syscall(sys_setsockopt);
>>>  cond_syscall(compat_sys_setsockopt);
>>>  cond_syscall(sys_getsockopt);
>>>
>>> --
>>> _______________________________________________
>>> Containers mailing list
>>> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
>>> https://lists.linux-foundation.org/mailman/listinfo/containers
>>>
>>
>>
>> --
>> Michael Kerrisk Linux man-pages maintainer;
>> http://www.kernel.org/doc/man-pages/ Found a documentation bug?
>> http://www.kernel.org/doc/man-pages/reporting_bugs.html
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-api" in
>> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
> 
> 
> 


-- 






















































Sauf indication contraire ci-dessus:
Compagnie IBM France
Siège Social : Tour Descartes, 2, avenue Gambetta, La Défense 5, 92400
Courbevoie
RCS Nanterre 552 118 465
Forme Sociale : S.A.S.
Capital Social : 542.737.118 ?
SIREN/SIRET : 552 118 465 02430
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Subrata Modak]

Thanks Daniel/Michael,

Adding Veerendra, Sudhir & Gowri as they are handling NS tests now and
they may include it in their Plan.

Regards--
Subrata

On Thu, 2008-11-06 at 17:18 +0100, Daniel Lezcano wrote:
> Michael Kerrisk wrote:
> >> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
> >>> This patch adds the socketat syscall which allows to specify in
> >>> which network namespace we want to create a socket. The network
> >>> namespace destination is referred by a socket fd previously opened
> >>> in the destination network namespace.
> > 
> > Daniel,
> > 
> > Is there any documentation for this system call, and/or test programs?
> 
> Not yet.
> 
> This small patch is a proposition to Andreas and Vivien to have a single 
> process being able to manage several network namespaces.
> 
> When a process unshares the network, it creates a socket which is used 
> as a socket control (it belongs to the network namespace). Each time a 
> network namespace is created, a socket control is created.
> 
> When the process has to create a socket for a specific network 
> namespace, it can use the socket control to specify it. This is the 
> purpose of the socketat syscall.
> 
> One example for a program in userspace:
> 
> int main(int argc, char *argv[])
> {
> 	const int maxunshare = 128;
> 	int scs[maxunshare];
> 	int i, fd;
> 	
> 	for (i = 0; i < maxunshare; i++) {
> 		scs[i] = socket(PF_INET, SOCK_DGRAM, 0);
> 		unshare(CLONE_NEWNET);
> 	}
> 
> 	....
> 
> 	/* I want to create a socket inside the network namespace #10 */
> 
> 	fd = socketat(scs[10], PF_INET, SOCKET_STREAM, 0);
> 
> 	....
> 
> 	bind, listen, etc ...
> }
> 
> >>> Signed-off-by: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
> >>> ---
> >>>  arch/x86/include/asm/unistd_32.h   |    1
> >>>  arch/x86/include/asm/unistd_64.h   |    3 +-
> >>>  arch/x86/kernel/syscall_table_32.S |    1
> >>>  include/linux/syscalls.h           |    1
> >>>  kernel/sys_ni.c                    |    1
> >>>  net/socket.c                       |   45 +++++++++++++++++++++++++++++++++++++
> >>>  6 files changed, 51 insertions(+), 1 deletion(-)
> >>>
> >>> Index: net-next-2.6/arch/x86/include/asm/unistd_32.h
> >>> ===================================================================
> >>> --- net-next-2.6.orig/arch/x86/include/asm/unistd_32.h
> >>> +++ net-next-2.6/arch/x86/include/asm/unistd_32.h
> >>> @@ -338,6 +338,7 @@
> >>>  #define __NR_dup3              330
> >>>  #define __NR_pipe2             331
> >>>  #define __NR_inotify_init1     332
> >>> +#define __NR_socketat           333
> >>>
> >>>  #ifdef __KERNEL__
> >>>
> >>> Index: net-next-2.6/arch/x86/include/asm/unistd_64.h
> >>> ===================================================================
> >>> --- net-next-2.6.orig/arch/x86/include/asm/unistd_64.h
> >>> +++ net-next-2.6/arch/x86/include/asm/unistd_64.h
> >>> @@ -653,7 +653,8 @@ __SYSCALL(__NR_dup3, sys_dup3)
> >>>  __SYSCALL(__NR_pipe2, sys_pipe2)
> >>>  #define __NR_inotify_init1                     294
> >>>  __SYSCALL(__NR_inotify_init1, sys_inotify_init1)
> >>> -
> >>> +#define __NR_socketat                           295
> >>> +__SYSCALL(__NR_socketat, sys_socketat)
> >>>
> >>>  #ifndef __NO_STUBS
> >>>  #define __ARCH_WANT_OLD_READDIR
> >>> Index: net-next-2.6/arch/x86/kernel/syscall_table_32.S
> >>> ===================================================================
> >>> --- net-next-2.6.orig/arch/x86/kernel/syscall_table_32.S
> >>> +++ net-next-2.6/arch/x86/kernel/syscall_table_32.S
> >>> @@ -332,3 +332,4 @@ ENTRY(sys_call_table)
> >>>        .long sys_dup3                  /* 330 */
> >>>        .long sys_pipe2
> >>>        .long sys_inotify_init1
> >>> +       .long sys_socketat
> >>> Index: net-next-2.6/net/socket.c
> >>> ===================================================================
> >>> --- net-next-2.6.orig/net/socket.c
> >>> +++ net-next-2.6/net/socket.c
> >>> @@ -1253,6 +1253,51 @@ out_release:
> >>>        return retval;
> >>>  }
> >>>
> >>> +asmlinkage long sys_socketat(int fd, int family, int type, int protocol)
> >>> +{
> >>> +       int retval, fput_needed;
> >>> +       struct socket *sock;
> >>> +       struct socket *sockat;
> >>> +       struct net *net;
> >>> +       int flags;
> >>> +
> >>> +       /* Check the SOCK_* constants for consistency.  */
> >>> +       BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
> >>> +       BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
> >>> +       BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
> >>> +       BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
> >>> +
> >>> +       flags = type & ~SOCK_TYPE_MASK;
> >>> +       if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
> >>> +               return -EINVAL;
> >>> +       type &= SOCK_TYPE_MASK;
> >>> +
> >>> +       if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
> >>> +               flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
> >>> +
> >>> +       sock = sockfd_lookup_light(fd, &retval, &fput_needed);
> >>> +       if (!sock)
> >>> +               goto out;
> >>> +
> >>> +       net = sock_net(sock->sk);
> >>> +
> >>> +       retval = __sock_create(net, family, type, protocol, &sockat, 0);
> >>> +       if (retval)
> >>> +               goto out_fput;
> >>> +
> >>> +       retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
> >>> +       if (retval < 0)
> >>> +               goto out_release;
> >>> +out_fput:
> >>> +       fput_light(sock->file, fput_needed);
> >>> +out:
> >>> +       return retval;
> >>> +
> >>> +out_release:
> >>> +       sock_release(sockat);
> >>> +       goto out;
> >>> +}
> >>> +
> >>>  /*
> >>>  *     Create a pair of connected sockets.
> >>>  */
> >>> Index: net-next-2.6/include/linux/syscalls.h
> >>> ===================================================================
> >>> --- net-next-2.6.orig/include/linux/syscalls.h
> >>> +++ net-next-2.6/include/linux/syscalls.h
> >>> @@ -423,6 +423,7 @@ asmlinkage long sys_recvfrom(int, void _
> >>>                                struct sockaddr __user *, int __user *);
> >>>  asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags);
> >>>  asmlinkage long sys_socket(int, int, int);
> >>> +asmlinkage long sys_socketat(int, int, int, int);
> >>>  asmlinkage long sys_socketpair(int, int, int, int __user *);
> >>>  asmlinkage long sys_socketcall(int call, unsigned long __user *args);
> >>>  asmlinkage long sys_listen(int, int);
> >>> Index: net-next-2.6/kernel/sys_ni.c
> >>> ===================================================================
> >>> --- net-next-2.6.orig/kernel/sys_ni.c
> >>> +++ net-next-2.6/kernel/sys_ni.c
> >>> @@ -40,6 +40,7 @@ cond_syscall(sys_send);
> >>>  cond_syscall(sys_recvfrom);
> >>>  cond_syscall(sys_recv);
> >>>  cond_syscall(sys_socket);
> >>> +cond_syscall(sys_socketat);
> >>>  cond_syscall(sys_setsockopt);
> >>>  cond_syscall(compat_sys_setsockopt);
> >>>  cond_syscall(sys_getsockopt);
> >>>
> >>> --
> >>> _______________________________________________
> >>> Containers mailing list
> >>> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> >>> https://lists.linux-foundation.org/mailman/listinfo/containers
> >>>
> >>
> >>
> >> --
> >> Michael Kerrisk Linux man-pages maintainer;
> >> http://www.kernel.org/doc/man-pages/ Found a documentation bug?
> >> http://www.kernel.org/doc/man-pages/reporting_bugs.html
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-api" in
> >> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >>
> > 
> > 
> > 
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Cedric Le Goater]

Daniel Lezcano wrote:
> Michael Kerrisk wrote:
>>> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
>>>> This patch adds the socketat syscall which allows to specify in
>>>> which network namespace we want to create a socket. The network
>>>> namespace destination is referred by a socket fd previously opened
>>>> in the destination network namespace.
>> Daniel,
>>
>> Is there any documentation for this system call, and/or test programs?
> 
> Not yet.
> 
> This small patch is a proposition to Andreas and Vivien to have a single 
> process being able to manage several network namespaces.
> 
> When a process unshares the network, it creates a socket which is used 
> as a socket control (it belongs to the network namespace). Each time a 
> network namespace is created, a socket control is created.
> 
> When the process has to create a socket for a specific network 
> namespace, it can use the socket control to specify it. This is the 
> purpose of the socketat syscall.

what about eric's proposal of adding an fd argument to sys_socket() ? was it 
dropped ?

C. 

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Daniel Lezcano]

Cedric Le Goater wrote:
> Daniel Lezcano wrote:
>> Michael Kerrisk wrote:
>>>> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
>>>>> This patch adds the socketat syscall which allows to specify in
>>>>> which network namespace we want to create a socket. The network
>>>>> namespace destination is referred by a socket fd previously opened
>>>>> in the destination network namespace.
>>> Daniel,
>>>
>>> Is there any documentation for this system call, and/or test programs?
>> Not yet.
>>
>> This small patch is a proposition to Andreas and Vivien to have a single 
>> process being able to manage several network namespaces.
>>
>> When a process unshares the network, it creates a socket which is used 
>> as a socket control (it belongs to the network namespace). Each time a 
>> network namespace is created, a socket control is created.
>>
>> When the process has to create a socket for a specific network 
>> namespace, it can use the socket control to specify it. This is the 
>> purpose of the socketat syscall.
> 
> what about eric's proposal of adding an fd argument to sys_socket() ? was it 
> dropped ?

AFAIU, the Eric's proposal in case a new syscall was not accepted. IMHO 
a new syscall, with the man pages is better than adding an extra obscure 
argument to a well known API.  But if there is a reason to not add a new 
syscall, we can consider Eric's approach as a good alternative I think.

But before sending anything, I am still waiting for Vivien and Andreas 
answer about this approach. If it helps them to migrate their project to 
the network namespace, I will send something more formal.
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Eric W. Biederman]

Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> writes:

> AFAIU, the Eric's proposal in case a new syscall was not accepted. IMHO a new
> syscall, with the man pages is better than adding an extra obscure argument to a
> well known API.  But if there is a reason to not add a new syscall, we can
> consider Eric's approach as a good alternative I think.
>
> But before sending anything, I am still waiting for Vivien and Andreas answer
> about this approach. If it helps them to migrate their project to the network
> namespace, I will send something more formal.

In my queue I have some preliminary patches.  For both the syscall
thing and a filesystem that will pin the namespace.  I trying
to get my pile down so I can actually test it.

Ultimately to get the full functionality of the current linux-vrf
project we need:

socketat (or some variant thereof) so we can get unprivileged
creation of new sockets in another network namespace.

A fs to pin the network namespace and give it a name.

And ultimately a privileged operation sys_enter(int type, int fd);
To allow the default network namespace to be changed allowing
unprivileged applications to be run in the network namespace.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Vivien Chappelier]

Hi,

   The socketat() option is fine but only solves half of the problem. I 
also need to be able to change the default namespace of a process to 
join an existing network namespace.

   My use case is the following (embedded router): I have two separate 
networks, one with internet access running standard applications and 
routing LAN traffic, one with access to the operator network only and 
running dedicated applications such as software upgrade or telephony 
software. These two networks have to be totally separate and I need the 
ability to run applications and open sockets in any of these networks or 
even both. With the current proposal, I could have init or some 
additional daemon create the two namespaces and ask it to fork and exec 
the applications I want to run so that it can give the open socket to 
its child. However this solution is not very practical nor elegant 
compared to the chvrf approach.

   The fs solution proposed by Eric to name, create, and remove network 
namespaces is fine. IMHO using the filesystem to create sockets would be 
a bad option as the filename would need to be parsed for every protocol 
etc.. So combining the filesystem idea with the socketat() syscall is a 
good way of solving both issues. In this case, each namespace would be 
represented with a single file and we could also give the fd obtained by 
opening this file as the socketat() argument. I also prefer extending 
socket() as was suggested previously rather than adding a new syscall, 
but this is up to the syscall API maintainers to decide.

regards,
Vivien.

Re: [patch 1/2][RFC] add socketat syscall

[Eric W. Biederman]

Vivien Chappelier <vivien.chappelier-L+G57L1VLRbR7s880joybQ@public.gmane.org> writes:

> Hi,
>
>   The socketat() option is fine but only solves half of the problem. I also need
> to be able to change the default namespace of a process to join an existing
> network namespace.

I'm trying to get a feel.  What kind of applications do you have for which
you are changing the default network namespace aka chvrf?

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 1/2][RFC] add socketat syscall

[Vivien Chappelier]

Hi,

> I'm trying to get a feel.  What kind of applications do you have for which
> you are changing the default network namespace aka chvrf?
>   
    No problem to detail a bit more. We are working on products for 
telephony operators that generally need both a classical 'user' access 
to the internet and a priviledged 'services' access to the operator network.

    My first example is a cable modem (CM), IP phone (eMTA) and router. 
The DOCSIS and PacketCable standards require this product to have 
separate networks for each of these features, bridged together at the 
MAC level, so that it behaves exactly as three separate boxes from the 
operator's network point of view. So we have:
- default network namespace '0' for the router and standard Linux 
applications that need internet access.
- network namespace '1' for the CM
- network namespace '2' for the eMTA
- a bridge connecting the CM interface, eMTA interface and router 
WAN-side interface together
    Basically, the CM application is run in a chvrf context and performs 
its DHCP and TFTP requests on the operator network using the CM MAC 
address. The same way, the eMTA application is run in its own network 
for its DHCP, TFTP and all the VOIP related traffic (MGCP signaling and 
RTP voice traffic) using the eMTA MAC address. The CM network is also 
used for firmware upgrade.

    A second example is a product mixing an internet browser and a set 
top box-like access to the operator's TV network. In this case, the 
operator's network for internet and TV use separate VLANs and DHCP 
requests on each network may provide IP addresses in the same subnet. So 
in this case, one DHCP client and the TV player are run in chvrf context.

    I hope it clarifies our use case a bit more and why we need and use 
the VRF feature.

regards,
Vivien.
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html