From: dlezcano@fr.ibm.com
To: linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Cc: serue@us.ibm.com, haveblue@us.ibm.com, clg@fr.ibm.com,
dlezcano@fr.ibm.com
Subject: [RFC] [patch 3/6] [Network namespace] Network devices isolation
Date: Fri, 09 Jun 2006 23:02:05 +0200 [thread overview]
Message-ID: <20060609210627.064168000@localhost.localdomain> (raw)
In-Reply-To: 20060609210202.215291000@localhost.localdomain
[-- Attachment #1: netdev_isolation.patch --]
[-- Type: text/plain, Size: 9453 bytes --]
The dev list view is filled and used from here. The dev_base_list has
been replaced to the dev list view and devices can be accessed only if
the view has the device in its list. All calls from the userspace,
ioctls, netlinks and procfs, will use the network devices view instead
of the global network device list.
Replace-Subject: [Network namespace] Network devices isolation
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
--
net/core/dev.c | 147 ++++++++++++++++++++++++++++++++++++++-------------
net/core/rtnetlink.c | 21 +++++--
2 files changed, 126 insertions(+), 42 deletions(-)
Index: 2.6-mm/net/core/dev.c
===================================================================
--- 2.6-mm.orig/net/core/dev.c
+++ 2.6-mm/net/core/dev.c
@@ -115,6 +115,7 @@
#include <net/iw_handler.h>
#include <asm/current.h>
#include <linux/audit.h>
+#include <linux/net_ns.h>
#include <linux/dmaengine.h>
/*
@@ -474,13 +475,16 @@
struct net_device *__dev_get_by_name(const char *name)
{
- struct hlist_node *p;
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
+ struct net_device *dev;
- hlist_for_each(p, dev_name_hash(name)) {
- struct net_device *dev
- = hlist_entry(p, struct net_device, name_hlist);
+ list_for_each(l, list) {
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
if (!strncmp(dev->name, name, IFNAMSIZ))
- return dev;
+ return dev;
}
return NULL;
}
@@ -498,13 +502,14 @@
struct net_device *dev_get_by_name(const char *name)
{
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
struct net_device *dev;
- read_lock(&dev_base_lock);
+ read_lock(&dev_list->lock);
dev = __dev_get_by_name(name);
if (dev)
dev_hold(dev);
- read_unlock(&dev_base_lock);
+ read_unlock(&dev_list->lock);
return dev;
}
@@ -521,11 +526,14 @@
struct net_device *__dev_get_by_index(int ifindex)
{
- struct hlist_node *p;
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
+ struct net_device *dev;
- hlist_for_each(p, dev_index_hash(ifindex)) {
- struct net_device *dev
- = hlist_entry(p, struct net_device, index_hlist);
+ list_for_each(l, list) {
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
if (dev->ifindex == ifindex)
return dev;
}
@@ -545,13 +553,14 @@
struct net_device *dev_get_by_index(int ifindex)
{
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
struct net_device *dev;
- read_lock(&dev_base_lock);
+ read_lock(&dev_list->lock);
dev = __dev_get_by_index(ifindex);
if (dev)
dev_hold(dev);
- read_unlock(&dev_base_lock);
+ read_unlock(&dev_list->lock);
return dev;
}
@@ -571,14 +580,24 @@
struct net_device *dev_getbyhwaddr(unsigned short type, char *ha)
{
- struct net_device *dev;
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
+ struct net_device *dev = NULL;
ASSERT_RTNL();
- for (dev = dev_base; dev; dev = dev->next)
+ read_lock(&dev_list->lock);
+ list_for_each(l, list) {
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
if (dev->type == type &&
!memcmp(dev->dev_addr, ha, dev->addr_len))
- break;
+ goto out;
+ }
+ dev = NULL;
+out:
+ read_unlock(&dev_list->lock);
return dev;
}
@@ -586,15 +605,25 @@
struct net_device *dev_getfirstbyhwtype(unsigned short type)
{
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
struct net_device *dev;
rtnl_lock();
- for (dev = dev_base; dev; dev = dev->next) {
+
+ read_lock(&dev_list->lock);
+ list_for_each(l, list) {
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
if (dev->type == type) {
dev_hold(dev);
- break;
+ goto out;
}
}
+ dev = NULL;
+out:
+ read_unlock(&dev_list->lock);
rtnl_unlock();
return dev;
}
@@ -614,16 +643,23 @@
struct net_device * dev_get_by_flags(unsigned short if_flags, unsigned short mask)
{
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
struct net_device *dev;
- read_lock(&dev_base_lock);
- for (dev = dev_base; dev != NULL; dev = dev->next) {
+ read_lock(&dev_list->lock);
+ list_for_each(l, list) {
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
if (((dev->flags ^ if_flags) & mask) == 0) {
dev_hold(dev);
- break;
+ goto out;
}
}
- read_unlock(&dev_base_lock);
+ dev = NULL;
+out:
+ read_unlock(&dev_list->lock);
return dev;
}
@@ -1942,6 +1978,9 @@
static int dev_ifconf(char __user *arg)
{
struct ifconf ifc;
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
struct net_device *dev;
char __user *pos;
int len;
@@ -1963,8 +2002,14 @@
*/
total = 0;
- for (dev = dev_base; dev; dev = dev->next) {
+
+ list_for_each(l, list) {
+
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
+
for (i = 0; i < NPROTO; i++) {
+
if (gifconf_list[i]) {
int done;
if (!pos)
@@ -1995,40 +2040,63 @@
* This is invoked by the /proc filesystem handler to display a device
* in detail.
*/
-static __inline__ struct net_device *dev_get_idx(loff_t pos)
+static __inline__ struct net_ns_dev *dev_get_idx(loff_t pos)
{
- struct net_device *dev;
- loff_t i;
-
- for (i = 0, dev = dev_base; dev && i < pos; ++i, dev = dev->next);
-
- return i == pos ? dev : NULL;
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
+
+ loff_t i = 0;
+
+ list_for_each(l, list) {
+ db = list_entry(l, struct net_ns_dev, list);
+ if (i == pos)
+ return db;
+ i++;
+ };
+ return NULL;
}
void *dev_seq_start(struct seq_file *seq, loff_t *pos)
{
- read_lock(&dev_base_lock);
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+
+ read_lock(&dev_list->lock);
return *pos ? dev_get_idx(*pos - 1) : SEQ_START_TOKEN;
}
void *dev_seq_next(struct seq_file *seq, void *v, loff_t *pos)
{
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct net_ns_dev *db = NULL;
+ struct list_head *next;
+
++*pos;
- return v == SEQ_START_TOKEN ? dev_base : ((struct net_device *)v)->next;
+
+ if (v == SEQ_START_TOKEN)
+ next = dev_list->list.next;
+ else
+ next = ((struct net_ns_dev*)v)->list.next;
+ if (next && next != &dev_list->list)
+ db = list_entry(next, struct net_ns_dev, list);
+ return db;
}
void dev_seq_stop(struct seq_file *seq, void *v)
{
- read_unlock(&dev_base_lock);
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ read_unlock(&dev_list->lock);
}
-static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
+static void dev_seq_printf_stats(struct seq_file *seq, struct net_ns_dev *db)
{
+ struct net_device *dev = db->dev;
+
if (dev->get_stats) {
struct net_device_stats *stats = dev->get_stats(dev);
seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
- "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
+ "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
dev->name, stats->rx_bytes, stats->rx_packets,
stats->rx_errors,
stats->rx_dropped + stats->rx_missed_errors,
@@ -2402,7 +2470,7 @@
*/
static int dev_ifsioc(struct ifreq *ifr, unsigned int cmd)
{
- int err;
+ int err = 0;
struct net_device *dev = __dev_get_by_name(ifr->ifr_name);
if (!dev)
@@ -2509,7 +2577,6 @@
/*
* Unknown or private ioctl
*/
-
default:
if ((cmd >= SIOCDEVPRIVATE &&
cmd <= SIOCDEVPRIVATE + 15) ||
@@ -2847,6 +2914,10 @@
}
}
+ ret = net_ns_dev_register(dev, &(net_ns()->dev_list));
+ if (ret)
+ goto out_err;
+
/* Fix illegal SG+CSUM combinations. */
if ((dev->features & NETIF_F_SG) &&
!(dev->features & (NETIF_F_IP_CSUM |
@@ -3218,6 +3289,8 @@
return -ENODEV;
}
+ net_ns_dev_unregister(dev, &(net_ns()->dev_list));
+
dev->reg_state = NETREG_UNREGISTERING;
synchronize_net();
Index: 2.6-mm/net/core/rtnetlink.c
===================================================================
--- 2.6-mm.orig/net/core/rtnetlink.c
+++ 2.6-mm/net/core/rtnetlink.c
@@ -55,6 +55,7 @@
#include <linux/wireless.h>
#include <net/iw_handler.h>
#endif /* CONFIG_NET_WIRELESS_RTNETLINK */
+#include <linux/net_ns.h>
static DEFINE_MUTEX(rtnl_mutex);
@@ -315,21 +316,31 @@
static int rtnetlink_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
{
- int idx;
+ int idx = 0;
int s_idx = cb->args[0];
+
+ struct net_ns_dev_list *dev_list = &(net_ns()->dev_list);
+ struct list_head *l, *list = &dev_list->list;
+ struct net_ns_dev *db;
struct net_device *dev;
- read_lock(&dev_base_lock);
- for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) {
- if (idx < s_idx)
+ read_lock(&dev_list->lock);
+ list_for_each(l, list) {
+
+ if (idx++ < s_idx)
continue;
+
+ db = list_entry(l, struct net_ns_dev, list);
+ dev = db->dev;
+
if (rtnetlink_fill_ifinfo(skb, dev, RTM_NEWLINK,
NETLINK_CB(cb->skb).pid,
cb->nlh->nlmsg_seq, 0,
NLM_F_MULTI) <= 0)
break;
}
- read_unlock(&dev_base_lock);
+ read_unlock(&dev_list->lock);
+
cb->args[0] = idx;
return skb->len;
--
next prev parent reply other threads:[~2006-06-09 21:06 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-09 21:02 [RFC] [patch 0/6] [Network namespace] introduction dlezcano
2006-06-09 21:02 ` [RFC] [patch 1/6] [Network namespace] Network namespace structure dlezcano
2006-06-09 21:02 ` [RFC] [patch 2/6] [Network namespace] Network device sharing by view dlezcano
2006-06-11 10:18 ` Andrew Morton
2006-06-18 18:53 ` Al Viro
2006-06-26 9:47 ` Andrey Savochkin
2006-06-26 13:02 ` Herbert Poetzl
2006-06-26 14:05 ` Eric W. Biederman
2006-06-26 14:08 ` Andrey Savochkin
2006-06-26 18:28 ` Herbert Poetzl
2006-06-26 18:59 ` Eric W. Biederman
2006-06-26 14:56 ` Daniel Lezcano
2006-06-26 15:21 ` Eric W. Biederman
2006-06-26 15:27 ` Andrey Savochkin
2006-06-26 15:49 ` Daniel Lezcano
2006-06-26 16:40 ` Eric W. Biederman
2006-06-26 18:36 ` Herbert Poetzl
2006-06-26 19:35 ` Eric W. Biederman
2006-06-26 20:02 ` Herbert Poetzl
2006-06-26 20:37 ` Eric W. Biederman
2006-06-26 21:26 ` Herbert Poetzl
2006-06-26 21:59 ` Ben Greear
2006-06-26 22:11 ` Eric W. Biederman
2006-06-27 9:09 ` Andrey Savochkin
2006-06-27 15:48 ` Herbert Poetzl
2006-06-27 16:19 ` Andrey Savochkin
2006-06-27 16:40 ` Eric W. Biederman
2006-06-26 22:13 ` Ben Greear
2006-06-26 22:54 ` Herbert Poetzl
2006-06-26 23:08 ` Ben Greear
2006-06-27 16:07 ` Ben Greear
2006-06-27 22:48 ` Herbert Poetzl
2006-06-27 9:11 ` Andrey Savochkin
2006-06-27 9:34 ` Daniel Lezcano
2006-06-27 9:38 ` Andrey Savochkin
2006-06-27 11:21 ` Daniel Lezcano
2006-06-27 11:52 ` Eric W. Biederman
2006-06-27 16:02 ` Herbert Poetzl
2006-06-27 16:47 ` Eric W. Biederman
2006-06-27 17:19 ` Ben Greear
2006-06-27 22:52 ` Herbert Poetzl
2006-06-27 23:12 ` Dave Hansen
2006-06-27 23:42 ` Alexey Kuznetsov
2006-06-28 3:38 ` Eric W. Biederman
2006-06-28 13:36 ` Herbert Poetzl
2006-06-28 13:53 ` jamal
2006-06-28 14:19 ` Andrey Savochkin
2006-06-28 16:17 ` jamal
2006-06-28 16:58 ` Andrey Savochkin
2006-06-28 17:17 ` Eric W. Biederman
2006-06-28 17:04 ` Herbert Poetzl
2006-06-28 14:39 ` Eric W. Biederman
2006-06-30 1:41 ` Sam Vilain
2006-06-29 21:07 ` Sam Vilain
2006-06-29 22:14 ` strict isolation of net interfaces Cedric Le Goater
2006-06-30 2:39 ` Serge E. Hallyn
2006-06-30 2:49 ` Sam Vilain
2006-07-03 14:53 ` Andrey Savochkin
2006-07-04 3:00 ` Sam Vilain
2006-07-04 12:29 ` Daniel Lezcano
2006-07-04 13:13 ` Sam Vilain
2006-07-04 13:19 ` Daniel Lezcano
2006-06-30 8:56 ` Cedric Le Goater
2006-07-03 13:36 ` Herbert Poetzl
2006-06-30 12:23 ` Daniel Lezcano
2006-06-30 14:20 ` Eric W. Biederman
2006-06-30 15:22 ` Daniel Lezcano
2006-06-30 17:58 ` Eric W. Biederman
2006-06-30 16:14 ` Serge E. Hallyn
2006-06-30 17:41 ` Eric W. Biederman
2006-06-30 18:09 ` Eric W. Biederman
2006-06-30 0:15 ` [patch 2/6] [Network namespace] Network device sharing by view jamal
2006-06-30 3:35 ` Herbert Poetzl
2006-06-30 7:45 ` Andrey Savochkin
2006-06-30 13:50 ` jamal
2006-06-30 15:01 ` Andrey Savochkin
2006-06-30 18:22 ` Eric W. Biederman
2006-06-30 21:51 ` jamal
2006-07-01 0:50 ` Eric W. Biederman
2006-06-28 14:21 ` Eric W. Biederman
2006-06-28 14:51 ` Eric W. Biederman
2006-06-27 16:49 ` Alexey Kuznetsov
2006-06-27 11:55 ` Andrey Savochkin
2006-06-27 9:54 ` Kirill Korotaev
2006-06-27 16:09 ` Herbert Poetzl
2006-06-27 16:29 ` Eric W. Biederman
2006-06-27 23:07 ` Herbert Poetzl
2006-06-28 4:07 ` Eric W. Biederman
2006-06-28 6:31 ` Sam Vilain
2006-06-28 14:15 ` Herbert Poetzl
2006-06-28 15:36 ` Eric W. Biederman
2006-06-28 17:18 ` Herbert Poetzl
2006-06-28 10:14 ` Cedric Le Goater
2006-06-28 14:11 ` Herbert Poetzl
2006-06-28 16:10 ` Eric W. Biederman
2006-07-06 9:45 ` Routing tables (Re: [patch 2/6] [Network namespace] Network device sharing by view) Kari Hurtta
2006-06-09 21:02 ` dlezcano [this message]
2006-06-18 18:57 ` [RFC] [patch 3/6] [Network namespace] Network devices isolation Al Viro
2006-06-09 21:02 ` [RFC] [patch 4/6] [Network namespace] Network inet " dlezcano
2006-06-09 21:02 ` [RFC] [patch 5/6] [Network namespace] ipv4 isolation dlezcano
2006-06-10 0:23 ` James Morris
2006-06-10 0:27 ` Rick Jones
2006-06-10 0:47 ` James Morris
2006-06-09 21:02 ` [RFC] [patch 6/6] [Network namespace] Network namespace debugfs dlezcano
2006-06-10 7:16 ` [RFC] [patch 0/6] [Network namespace] introduction Kari Hurtta
2006-06-16 4:23 ` Eric W. Biederman
2006-06-16 9:06 ` Daniel Lezcano
2006-06-16 9:22 ` Eric W. Biederman
2006-06-18 18:47 ` Al Viro
2006-06-20 21:21 ` Daniel Lezcano
2006-06-20 21:25 ` Al Viro
2006-06-20 22:45 ` Daniel Lezcano
2006-06-26 23:38 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060609210627.064168000@localhost.localdomain \
--to=dlezcano@fr.ibm.com \
--cc=clg@fr.ibm.com \
--cc=haveblue@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).