[patch 0/9][NETNS][IPV6] make addrconf and icmp per namespace

[patch 0/9][NETNS][IPV6] make addrconf and icmp per namespace

[Daniel Lezcano]

The following patchset makes the different part of ipv6 to take
into account the namespaces. On top of that, addrconf and icmp
are now aware how to use the namespaces too. So we can move an
interface inside the namespace and set ip up to have an ipv6
address autoconfigured and be able to ping it.

ndisc will come very soon ... :)

-- 

[patch 1/9][NETNS][IPV6] Move sysctl initialization later on in the IPv6 init sequence

[Daniel Lezcano]

[-- Attachment #1: ipv6-move-sysctl-initialization-later.patch --]
[-- Type: text/plain, Size: 2106 bytes --]

This patch moves initialization of IPv6 sysctl stuff at the end of
IPv6 initialization.
This will be helpful for network namespaces where some sysctl entries
depend on per-namespace variables, that need to be allocated and 
initialized before they are referenced by sysctl.

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 net/ipv6/af_inet6.c |   27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

Index: net-2.6.26/net/ipv6/af_inet6.c
===================================================================
--- net-2.6.26.orig/net/ipv6/af_inet6.c
+++ net-2.6.26/net/ipv6/af_inet6.c
@@ -934,12 +934,6 @@ static int __init inet6_init(void)
 	err = register_pernet_subsys(&inet6_net_ops);
 	if (err)
 		goto register_pernet_fail;
-
-#ifdef CONFIG_SYSCTL
-	err = ipv6_sysctl_register();
-	if (err)
-		goto sysctl_fail;
-#endif
 	err = icmpv6_init();
 	if (err)
 		goto icmp_fail;
@@ -1006,9 +1000,19 @@ static int __init inet6_init(void)
 	err = ipv6_packet_init();
 	if (err)
 		goto ipv6_packet_fail;
+
+#ifdef CONFIG_SYSCTL
+	err = ipv6_sysctl_register();
+	if (err)
+		goto sysctl_fail;
+#endif
 out:
 	return err;
 
+#ifdef CONFIG_SYSCTL
+sysctl_fail:
+	ipv6_packet_cleanup();
+#endif
 ipv6_packet_fail:
 	tcpv6_exit();
 tcpv6_fail:
@@ -1050,10 +1054,6 @@ igmp_fail:
 ndisc_fail:
 	icmpv6_cleanup();
 icmp_fail:
-#ifdef CONFIG_SYSCTL
-	ipv6_sysctl_unregister();
-sysctl_fail:
-#endif
 	unregister_pernet_subsys(&inet6_net_ops);
 register_pernet_fail:
 	cleanup_ipv6_mibs();
@@ -1083,6 +1083,9 @@ static void __exit inet6_exit(void)
 	/* Disallow any further netlink messages */
 	rtnl_unregister_all(PF_INET6);
 
+#ifdef CONFIG_SYSCTL
+	ipv6_sysctl_unregister();
+#endif
 	udpv6_exit();
 #ifdef CONFIG_IP_UDPLITE
 	udplitev6_exit();
@@ -1112,9 +1115,7 @@ static void __exit inet6_exit(void)
 	ndisc_cleanup();
 	icmpv6_cleanup();
 	rawv6_exit();
-#ifdef CONFIG_SYSCTL
-	ipv6_sysctl_unregister();
-#endif
+
 	unregister_pernet_subsys(&inet6_net_ops);
 	cleanup_ipv6_mibs();
 	proto_unregister(&rawv6_prot);

-- 

[patch 2/9][NETNS][IPV6] af_inet6 - allow socket creation per namespace

[Daniel Lezcano]

[-- Attachment #1: ipv6-allow-creation-of-ipv6-sockets-per-namespace.patch --]
[-- Type: text/plain, Size: 1914 bytes --]

Allow creation of IPv6 raw and datagram sockets in network namespaces 
other than init_net.

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 net/ipv6/af_inet6.c |   10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

Index: net-2.6.26/net/ipv6/af_inet6.c
===================================================================
--- net-2.6.26.orig/net/ipv6/af_inet6.c
+++ net-2.6.26/net/ipv6/af_inet6.c
@@ -92,9 +92,6 @@ static int inet6_create(struct net *net,
 	int try_loading_module = 0;
 	int err;
 
-	if (net != &init_net)
-		return -EAFNOSUPPORT;
-
 	if (sock->type != SOCK_RAW &&
 	    sock->type != SOCK_DGRAM &&
 	    !inet_ehash_secret)
@@ -248,6 +245,7 @@ int inet6_bind(struct socket *sock, stru
 	struct sock *sk = sock->sk;
 	struct inet_sock *inet = inet_sk(sk);
 	struct ipv6_pinfo *np = inet6_sk(sk);
+	struct net *net = sk->sk_net;
 	__be32 v4addr = 0;
 	unsigned short snum;
 	int addr_type = 0;
@@ -278,7 +276,7 @@ int inet6_bind(struct socket *sock, stru
 	/* Check if the address belongs to the host. */
 	if (addr_type == IPV6_ADDR_MAPPED) {
 		v4addr = addr->sin6_addr.s6_addr32[3];
-		if (inet_addr_type(&init_net, v4addr) != RTN_LOCAL) {
+		if (inet_addr_type(net, v4addr) != RTN_LOCAL) {
 			err = -EADDRNOTAVAIL;
 			goto out;
 		}
@@ -300,7 +298,7 @@ int inet6_bind(struct socket *sock, stru
 					err = -EINVAL;
 					goto out;
 				}
-				dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if);
+				dev = dev_get_by_index(net, sk->sk_bound_dev_if);
 				if (!dev) {
 					err = -ENODEV;
 					goto out;
@@ -312,7 +310,7 @@ int inet6_bind(struct socket *sock, stru
 			 */
 			v4addr = LOOPBACK4_IPV6;
 			if (!(addr_type & IPV6_ADDR_MULTICAST))	{
-				if (!ipv6_chk_addr(&init_net, &addr->sin6_addr,
+				if (!ipv6_chk_addr(net, &addr->sin6_addr,
 						   dev, 0)) {
 					if (dev)
 						dev_put(dev);

-- 

[patch 3/9][NETNS][IPV6] proc - protect snmp6 from non-init_net calls

[Daniel Lezcano]

[-- Attachment #1: snmp6-protect-register.patch --]
[-- Type: text/plain, Size: 637 bytes --]

This patchset avoids creation of the /proc entry for snmp6 when
the call is made from a network namespace different from the init_net.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 net/ipv6/proc.c |    3 +++
 1 file changed, 3 insertions(+)

Index: net-2.6.26/net/ipv6/proc.c
===================================================================
--- net-2.6.26.orig/net/ipv6/proc.c
+++ net-2.6.26/net/ipv6/proc.c
@@ -220,6 +220,9 @@ int snmp6_register_dev(struct inet6_dev 
 	if (!idev || !idev->dev)
 		return -EINVAL;
 
+	if (idev->dev->nd_net != &init_net)
+		return 0;
+
 	if (!proc_net_devsnmp6)
 		return -ENOENT;
 

-- 

[patch 4/9][NETNS][IPV6] addrconf - Pass the proper network namespace parameters to addrconf

[Daniel Lezcano]

[-- Attachment #1: addrconf-per-network-namespace.patch --]
[-- Type: text/plain, Size: 7575 bytes --]

This patch propagates the network namespace pointer to the address
configuration routines which need it, which means adding a new parameter
to these functions, and make them use it instead of using the initial 
network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
---
 include/net/addrconf.h |    9 ++++--
 net/ipv6/addrconf.c    |   66 +++++++++++++++++++++++++++++++++++--------------
 net/ipv6/af_inet6.c    |    6 ++--
 3 files changed, 57 insertions(+), 24 deletions(-)

Index: net-2.6.26/include/net/addrconf.h
===================================================================
--- net-2.6.26.orig/include/net/addrconf.h
+++ net-2.6.26/include/net/addrconf.h
@@ -55,9 +55,12 @@ struct prefix_info {
 extern int			addrconf_init(void);
 extern void			addrconf_cleanup(void);
 
-extern int			addrconf_add_ifaddr(void __user *arg);
-extern int			addrconf_del_ifaddr(void __user *arg);
-extern int			addrconf_set_dstaddr(void __user *arg);
+extern int			addrconf_add_ifaddr(struct net *net,
+						    void __user *arg);
+extern int			addrconf_del_ifaddr(struct net *net,
+						    void __user *arg);
+extern int			addrconf_set_dstaddr(struct net *net,
+						     void __user *arg);
 
 extern int			ipv6_chk_addr(struct net *net,
 					      struct in6_addr *addr,
Index: net-2.6.26/net/ipv6/addrconf.c
===================================================================
--- net-2.6.26.orig/net/ipv6/addrconf.c
+++ net-2.6.26/net/ipv6/addrconf.c
@@ -1866,7 +1866,7 @@ ok:
  *	Special case for SIT interfaces where we create a new "virtual"
  *	device.
  */
-int addrconf_set_dstaddr(void __user *arg)
+int addrconf_set_dstaddr(struct net *net, void __user *arg)
 {
 	struct in6_ifreq ireq;
 	struct net_device *dev;
@@ -1878,7 +1878,7 @@ int addrconf_set_dstaddr(void __user *ar
 	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
 		goto err_exit;
 
-	dev = __dev_get_by_index(&init_net, ireq.ifr6_ifindex);
+	dev = __dev_get_by_index(net, ireq.ifr6_ifindex);
 
 	err = -ENODEV;
 	if (dev == NULL)
@@ -1909,7 +1909,8 @@ int addrconf_set_dstaddr(void __user *ar
 
 		if (err == 0) {
 			err = -ENOBUFS;
-			if ((dev = __dev_get_by_name(&init_net, p.name)) == NULL)
+			dev = __dev_get_by_name(net, p.name);
+			if (!dev)
 				goto err_exit;
 			err = dev_open(dev);
 		}
@@ -1924,8 +1925,9 @@ err_exit:
 /*
  *	Manual configuration of address on an interface
  */
-static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen,
-			  __u8 ifa_flags, __u32 prefered_lft, __u32 valid_lft)
+static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
+			  int plen, __u8 ifa_flags, __u32 prefered_lft,
+			  __u32 valid_lft)
 {
 	struct inet6_ifaddr *ifp;
 	struct inet6_dev *idev;
@@ -1939,7 +1941,8 @@ static int inet6_addr_add(int ifindex, s
 	if (!valid_lft || prefered_lft > valid_lft)
 		return -EINVAL;
 
-	if ((dev = __dev_get_by_index(&init_net, ifindex)) == NULL)
+	dev = __dev_get_by_index(net, ifindex);
+	if (!dev)
 		return -ENODEV;
 
 	if ((idev = addrconf_add_dev(dev)) == NULL)
@@ -1984,13 +1987,15 @@ static int inet6_addr_add(int ifindex, s
 	return PTR_ERR(ifp);
 }
 
-static int inet6_addr_del(int ifindex, struct in6_addr *pfx, int plen)
+static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx,
+			  int plen)
 {
 	struct inet6_ifaddr *ifp;
 	struct inet6_dev *idev;
 	struct net_device *dev;
 
-	if ((dev = __dev_get_by_index(&init_net, ifindex)) == NULL)
+	dev = __dev_get_by_index(net, ifindex);
+	if (!dev)
 		return -ENODEV;
 
 	if ((idev = __in6_dev_get(dev)) == NULL)
@@ -2018,7 +2023,7 @@ static int inet6_addr_del(int ifindex, s
 }
 
 
-int addrconf_add_ifaddr(void __user *arg)
+int addrconf_add_ifaddr(struct net *net, void __user *arg)
 {
 	struct in6_ifreq ireq;
 	int err;
@@ -2030,13 +2035,14 @@ int addrconf_add_ifaddr(void __user *arg
 		return -EFAULT;
 
 	rtnl_lock();
-	err = inet6_addr_add(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen,
-			     IFA_F_PERMANENT, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
+	err = inet6_addr_add(net, ireq.ifr6_ifindex, &ireq.ifr6_addr,
+			     ireq.ifr6_prefixlen, IFA_F_PERMANENT,
+			     INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
 	rtnl_unlock();
 	return err;
 }
 
-int addrconf_del_ifaddr(void __user *arg)
+int addrconf_del_ifaddr(struct net *net, void __user *arg)
 {
 	struct in6_ifreq ireq;
 	int err;
@@ -2048,7 +2054,8 @@ int addrconf_del_ifaddr(void __user *arg
 		return -EFAULT;
 
 	rtnl_lock();
-	err = inet6_addr_del(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen);
+	err = inet6_addr_del(net, ireq.ifr6_ifindex, &ireq.ifr6_addr,
+			     ireq.ifr6_prefixlen);
 	rtnl_unlock();
 	return err;
 }
@@ -3061,7 +3068,7 @@ inet6_rtm_deladdr(struct sk_buff *skb, s
 	if (pfx == NULL)
 		return -EINVAL;
 
-	return inet6_addr_del(ifm->ifa_index, pfx, ifm->ifa_prefixlen);
+	return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen);
 }
 
 static int inet6_addr_modify(struct inet6_ifaddr *ifp, u8 ifa_flags,
@@ -3137,7 +3144,7 @@ inet6_rtm_newaddr(struct sk_buff *skb, s
 		valid_lft = INFINITY_LIFE_TIME;
 	}
 
-	dev =  __dev_get_by_index(&init_net, ifm->ifa_index);
+	dev =  __dev_get_by_index(net, ifm->ifa_index);
 	if (dev == NULL)
 		return -ENODEV;
 
@@ -3150,8 +3157,9 @@ inet6_rtm_newaddr(struct sk_buff *skb, s
 		 * It would be best to check for !NLM_F_CREATE here but
 		 * userspace alreay relies on not having to provide this.
 		 */
-		return inet6_addr_add(ifm->ifa_index, pfx, ifm->ifa_prefixlen,
-				      ifa_flags, preferred_lft, valid_lft);
+		return inet6_addr_add(net, ifm->ifa_index, pfx,
+				      ifm->ifa_prefixlen, ifa_flags,
+				      preferred_lft, valid_lft);
 	}
 
 	if (nlh->nlmsg_flags & NLM_F_EXCL ||
@@ -4260,6 +4268,22 @@ int unregister_inet6addr_notifier(struct
 
 EXPORT_SYMBOL(unregister_inet6addr_notifier);
 
+
+static int addrconf_net_init(struct net *net)
+{
+	return 0;
+}
+
+static void addrconf_net_exit(struct net *net)
+{
+	;
+}
+
+static struct pernet_operations addrconf_net_ops = {
+	.init = addrconf_net_init,
+	.exit = addrconf_net_exit,
+};
+
 /*
  *	Init / cleanup code
  */
@@ -4301,6 +4325,10 @@ int __init addrconf_init(void)
 	if (err)
 		goto errlo;
 
+	err = register_pernet_device(&addrconf_net_ops);
+	if (err)
+		return err;
+
 	register_netdevice_notifier(&ipv6_dev_notf);
 
 	addrconf_verify(0);
@@ -4334,6 +4362,7 @@ void addrconf_cleanup(void)
 	int i;
 
 	unregister_netdevice_notifier(&ipv6_dev_notf);
+	unregister_pernet_device(&addrconf_net_ops);
 
 	unregister_pernet_subsys(&addrconf_ops);
 
@@ -4370,6 +4399,7 @@ void addrconf_cleanup(void)
 	write_unlock_bh(&addrconf_hash_lock);
 
 	del_timer(&addr_chk_timer);
-
 	rtnl_unlock();
+
+	unregister_pernet_subsys(&addrconf_net_ops);
 }
Index: net-2.6.26/net/ipv6/af_inet6.c
===================================================================
--- net-2.6.26.orig/net/ipv6/af_inet6.c
+++ net-2.6.26/net/ipv6/af_inet6.c
@@ -454,11 +454,11 @@ int inet6_ioctl(struct socket *sock, uns
 		return(ipv6_route_ioctl(net, cmd, (void __user *)arg));
 
 	case SIOCSIFADDR:
-		return addrconf_add_ifaddr((void __user *) arg);
+		return addrconf_add_ifaddr(net, (void __user *) arg);
 	case SIOCDIFADDR:
-		return addrconf_del_ifaddr((void __user *) arg);
+		return addrconf_del_ifaddr(net, (void __user *) arg);
 	case SIOCSIFDSTADDR:
-		return addrconf_set_dstaddr((void __user *) arg);
+		return addrconf_set_dstaddr(net, (void __user *) arg);
 	default:
 		if (!sk->sk_prot->ioctl)
 			return -ENOIOCTLCMD;

-- 

[patch 5/9][NETNS][IPV6] addrconf - make addrconf per namespace

[Daniel Lezcano]

[-- Attachment #1: addrconf-truly-per-namespace.patch --]
[-- Type: text/plain, Size: 11729 bytes --]

All the infrastructure to propagate the network namespace
information is ready. Make use of it.

There is a special case here between the initial network namespace
and the other namespaces:

* When ipv6 is initialized at boot time (aka in the init_net), it 
registers to the notifier callback. So addrconf_notify will be called
as many time as there are network devices setup on the system and the
function will add ipv6 addresses to the network devices. But the first
device which needs to have its ipv6 address setup is the loopback, 
unfortunatly this is not the case. So the loopback address is setup
manually in the ipv6 init function.

* With the network namespace, this ordering problem does not appears
because notifier is already setup and active, so as soon as we register
the loopback the ipv6 address is setup and it will be the first device.

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 net/ipv6/addrconf.c |  113 +++++++++++++++++++++++-----------------------------
 1 file changed, 50 insertions(+), 63 deletions(-)

Index: net-2.6.26/net/ipv6/addrconf.c
===================================================================
--- net-2.6.26.orig/net/ipv6/addrconf.c
+++ net-2.6.26/net/ipv6/addrconf.c
@@ -561,7 +561,7 @@ ipv6_add_addr(struct inet6_dev *idev, co
 	write_lock(&addrconf_hash_lock);
 
 	/* Ignore adding duplicate addresses on an interface */
-	if (ipv6_chk_same_addr(&init_net, addr, idev->dev)) {
+	if (ipv6_chk_same_addr(idev->dev->nd_net, addr, idev->dev)) {
 		ADBG(("ipv6_add_addr: already assigned\n"));
 		err = -EEXIST;
 		goto out;
@@ -751,9 +751,9 @@ static void ipv6_del_addr(struct inet6_i
 	if ((ifp->flags & IFA_F_PERMANENT) && onlink < 1) {
 		struct in6_addr prefix;
 		struct rt6_info *rt;
-
+		struct net *net = ifp->idev->dev->nd_net;
 		ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len);
-		rt = rt6_lookup(&init_net, &prefix, NULL, ifp->idev->dev->ifindex, 1);
+		rt = rt6_lookup(net, &prefix, NULL, ifp->idev->dev->ifindex, 1);
 
 		if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) {
 			if (onlink == 0) {
@@ -905,6 +905,7 @@ int ipv6_dev_get_saddr(struct net_device
 {
 	struct ipv6_saddr_score hiscore;
 	struct inet6_ifaddr *ifa_result = NULL;
+	struct net *net = daddr_dev->nd_net;
 	int daddr_type = __ipv6_addr_type(daddr);
 	int daddr_scope = __ipv6_addr_src_scope(daddr_type);
 	int daddr_ifindex = daddr_dev ? daddr_dev->ifindex : 0;
@@ -916,7 +917,7 @@ int ipv6_dev_get_saddr(struct net_device
 	read_lock(&dev_base_lock);
 	rcu_read_lock();
 
-	for_each_netdev(&init_net, dev) {
+	for_each_netdev(net, dev) {
 		struct inet6_dev *idev;
 		struct inet6_ifaddr *ifa;
 
@@ -1555,7 +1556,7 @@ addrconf_prefix_route(struct in6_addr *p
 		.fc_expires = expires,
 		.fc_dst_len = plen,
 		.fc_flags = RTF_UP | flags,
-		.fc_nlinfo.nl_net = &init_net,
+		.fc_nlinfo.nl_net = dev->nd_net,
 	};
 
 	ipv6_addr_copy(&cfg.fc_dst, pfx);
@@ -1582,7 +1583,7 @@ static void addrconf_add_mroute(struct n
 		.fc_ifindex = dev->ifindex,
 		.fc_dst_len = 8,
 		.fc_flags = RTF_UP,
-		.fc_nlinfo.nl_net = &init_net,
+		.fc_nlinfo.nl_net = dev->nd_net,
 	};
 
 	ipv6_addr_set(&cfg.fc_dst, htonl(0xFF000000), 0, 0, 0);
@@ -1599,7 +1600,7 @@ static void sit_route_add(struct net_dev
 		.fc_ifindex = dev->ifindex,
 		.fc_dst_len = 96,
 		.fc_flags = RTF_UP | RTF_NONEXTHOP,
-		.fc_nlinfo.nl_net = &init_net,
+		.fc_nlinfo.nl_net = dev->nd_net,
 	};
 
 	/* prefix length - 96 bits "::d.d.d.d" */
@@ -1700,7 +1701,8 @@ void addrconf_prefix_rcv(struct net_devi
 
 	if (pinfo->onlink) {
 		struct rt6_info *rt;
-		rt = rt6_lookup(&init_net, &pinfo->prefix, NULL, dev->ifindex, 1);
+		rt = rt6_lookup(dev->nd_net, &pinfo->prefix, NULL,
+				dev->ifindex, 1);
 
 		if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) {
 			if (rt->rt6i_flags&RTF_EXPIRES) {
@@ -1743,7 +1745,7 @@ void addrconf_prefix_rcv(struct net_devi
 
 ok:
 
-		ifp = ipv6_get_ifaddr(&init_net, &addr, dev, 1);
+		ifp = ipv6_get_ifaddr(dev->nd_net, &addr, dev, 1);
 
 		if (ifp == NULL && valid_lft) {
 			int max_addresses = in6_dev->cnf.max_addresses;
@@ -2066,6 +2068,7 @@ static void sit_add_v4_addrs(struct inet
 	struct inet6_ifaddr * ifp;
 	struct in6_addr addr;
 	struct net_device *dev;
+	struct net *net = idev->dev->nd_net;
 	int scope;
 
 	ASSERT_RTNL();
@@ -2092,7 +2095,7 @@ static void sit_add_v4_addrs(struct inet
 		return;
 	}
 
-	for_each_netdev(&init_net, dev) {
+	for_each_netdev(net, dev) {
 		struct in_device * in_dev = __in_dev_get_rtnl(dev);
 		if (in_dev && (dev->flags & IFF_UP)) {
 			struct in_ifaddr * ifa;
@@ -2255,15 +2258,16 @@ ipv6_inherit_linklocal(struct inet6_dev 
 static void ip6_tnl_add_linklocal(struct inet6_dev *idev)
 {
 	struct net_device *link_dev;
+	struct net *net = idev->dev->nd_net;
 
 	/* first try to inherit the link-local address from the link device */
 	if (idev->dev->iflink &&
-	    (link_dev = __dev_get_by_index(&init_net, idev->dev->iflink))) {
+	    (link_dev = __dev_get_by_index(net, idev->dev->iflink))) {
 		if (!ipv6_inherit_linklocal(idev, link_dev))
 			return;
 	}
 	/* then try to inherit it from any device */
-	for_each_netdev(&init_net, link_dev) {
+	for_each_netdev(net, link_dev) {
 		if (!ipv6_inherit_linklocal(idev, link_dev))
 			return;
 	}
@@ -2296,9 +2300,6 @@ static int addrconf_notify(struct notifi
 	int run_pending = 0;
 	int err;
 
-	if (dev->nd_net != &init_net)
-		return NOTIFY_DONE;
-
 	switch(event) {
 	case NETDEV_REGISTER:
 		if (!idev && dev->mtu >= IPV6_MIN_MTU) {
@@ -3056,9 +3057,6 @@ inet6_rtm_deladdr(struct sk_buff *skb, s
 	struct in6_addr *pfx;
 	int err;
 
-	if (net != &init_net)
-		return -EINVAL;
-
 	err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
 	if (err < 0)
 		return err;
@@ -3121,9 +3119,6 @@ inet6_rtm_newaddr(struct sk_buff *skb, s
 	u8 ifa_flags;
 	int err;
 
-	if (net != &init_net)
-		return -EINVAL;
-
 	err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
 	if (err < 0)
 		return err;
@@ -3324,12 +3319,13 @@ static int inet6_dump_addr(struct sk_buf
 	struct inet6_ifaddr *ifa;
 	struct ifmcaddr6 *ifmca;
 	struct ifacaddr6 *ifaca;
+	struct net *net = skb->sk->sk_net;
 
 	s_idx = cb->args[0];
 	s_ip_idx = ip_idx = cb->args[1];
 
 	idx = 0;
-	for_each_netdev(&init_net, dev) {
+	for_each_netdev(net, dev) {
 		if (idx < s_idx)
 			goto cont;
 		if (idx > s_idx)
@@ -3396,35 +3392,23 @@ cont:
 
 static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
 {
-	struct net *net = skb->sk->sk_net;
 	enum addr_type_t type = UNICAST_ADDR;
 
-	if (net != &init_net)
-		return 0;
-
 	return inet6_dump_addr(skb, cb, type);
 }
 
 static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb)
 {
-	struct net *net = skb->sk->sk_net;
 	enum addr_type_t type = MULTICAST_ADDR;
 
-	if (net != &init_net)
-		return 0;
-
 	return inet6_dump_addr(skb, cb, type);
 }
 
 
 static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
 {
-	struct net *net = skb->sk->sk_net;
 	enum addr_type_t type = ANYCAST_ADDR;
 
-	if (net != &init_net)
-		return 0;
-
 	return inet6_dump_addr(skb, cb, type);
 }
 
@@ -3440,9 +3424,6 @@ static int inet6_rtm_getaddr(struct sk_b
 	struct sk_buff *skb;
 	int err;
 
-	if (net != &init_net)
-		return -EINVAL;
-
 	err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
 	if (err < 0)
 		goto errout;
@@ -3455,7 +3436,7 @@ static int inet6_rtm_getaddr(struct sk_b
 
 	ifm = nlmsg_data(nlh);
 	if (ifm->ifa_index)
-		dev = __dev_get_by_index(&init_net, ifm->ifa_index);
+		dev = __dev_get_by_index(net, ifm->ifa_index);
 
 	if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) {
 		err = -EADDRNOTAVAIL;
@@ -3475,7 +3456,7 @@ static int inet6_rtm_getaddr(struct sk_b
 		kfree_skb(skb);
 		goto errout_ifa;
 	}
-	err = rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid);
+	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
 errout_ifa:
 	in6_ifa_put(ifa);
 errout:
@@ -3485,6 +3466,7 @@ errout:
 static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
 {
 	struct sk_buff *skb;
+	struct net *net = ifa->idev->dev->nd_net;
 	int err = -ENOBUFS;
 
 	skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC);
@@ -3498,10 +3480,10 @@ static void inet6_ifa_notify(int event, 
 		kfree_skb(skb);
 		goto errout;
 	}
-	err = rtnl_notify(skb, &init_net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
+	err = rtnl_notify(skb, net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
 errout:
 	if (err < 0)
-		rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_IFADDR, err);
+		rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, err);
 }
 
 static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
@@ -3666,12 +3648,9 @@ static int inet6_dump_ifinfo(struct sk_b
 	struct net_device *dev;
 	struct inet6_dev *idev;
 
-	if (net != &init_net)
-		return 0;
-
 	read_lock(&dev_base_lock);
 	idx = 0;
-	for_each_netdev(&init_net, dev) {
+	for_each_netdev(net, dev) {
 		if (idx < s_idx)
 			goto cont;
 		if ((idev = in6_dev_get(dev)) == NULL)
@@ -3693,6 +3672,7 @@ cont:
 void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
 {
 	struct sk_buff *skb;
+	struct net *net = idev->dev->nd_net;
 	int err = -ENOBUFS;
 
 	skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC);
@@ -3706,10 +3686,10 @@ void inet6_ifinfo_notify(int event, stru
 		kfree_skb(skb);
 		goto errout;
 	}
-	err = rtnl_notify(skb, &init_net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
+	err = rtnl_notify(skb, net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
 errout:
 	if (err < 0)
-		rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_IFADDR, err);
+		rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, err);
 }
 
 static inline size_t inet6_prefix_nlmsg_size(void)
@@ -3762,6 +3742,7 @@ static void inet6_prefix_notify(int even
 			 struct prefix_info *pinfo)
 {
 	struct sk_buff *skb;
+	struct net *net = idev->dev->nd_net;
 	int err = -ENOBUFS;
 
 	skb = nlmsg_new(inet6_prefix_nlmsg_size(), GFP_ATOMIC);
@@ -3775,10 +3756,10 @@ static void inet6_prefix_notify(int even
 		kfree_skb(skb);
 		goto errout;
 	}
-	err = rtnl_notify(skb, &init_net, 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC);
+	err = rtnl_notify(skb, net, 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC);
 errout:
 	if (err < 0)
-		rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_PREFIX, err);
+		rtnl_set_sk_err(net, RTNLGRP_IPV6_PREFIX, err);
 }
 
 static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
@@ -4276,7 +4257,26 @@ static int addrconf_net_init(struct net 
 
 static void addrconf_net_exit(struct net *net)
 {
-	;
+	struct net_device *dev;
+
+	/*
+	 * Remove loopback references from default routing entries
+	 */
+/* 	in6_dev_put(net->ipv6.ip6_null_entry->rt6i_idev); */
+/* #ifdef CONFIG_IPV6_MULTIPLE_TABLES */
+/* 	in6_dev_put(net->ipv6.ip6_prohibit_entry->rt6i_idev); */
+/* 	in6_dev_put(net->ipv6.ip6_blk_hole_entry->rt6i_idev); */
+/* #endif */
+
+	rtnl_lock();
+	/* clean dev list */
+	for_each_netdev(net, dev) {
+		if (__in6_dev_get(dev) == NULL)
+			continue;
+		addrconf_ifdown(dev, 1);
+	}
+	addrconf_ifdown(net->loopback_dev, 2);
+	rtnl_unlock();
 }
 
 static struct pernet_operations addrconf_net_ops = {
@@ -4357,7 +4357,6 @@ errlo:
 
 void addrconf_cleanup(void)
 {
-	struct net_device *dev;
 	struct inet6_ifaddr *ifa;
 	int i;
 
@@ -4369,20 +4368,8 @@ void addrconf_cleanup(void)
 	rtnl_lock();
 
 	/*
-	 *	clean dev list.
-	 */
-
-	for_each_netdev(&init_net, dev) {
-		if (__in6_dev_get(dev) == NULL)
-			continue;
-		addrconf_ifdown(dev, 1);
-	}
-	addrconf_ifdown(init_net.loopback_dev, 2);
-
-	/*
 	 *	Check hash table.
 	 */
-
 	write_lock_bh(&addrconf_hash_lock);
 	for (i=0; i < IN6_ADDR_HSIZE; i++) {
 		for (ifa=inet6_addr_lst[i]; ifa; ) {

-- 

[patch 6/9][NETNS][IPV6] route6 - add netns parameter to ip6_route_output

[Daniel Lezcano]

[-- Attachment #1: ip6_route_output.patch --]
[-- Type: text/plain, Size: 7347 bytes --]

Add an netns parameter to ip6_route_output. That will allow to access
to the right routing table for outgoing traffic.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
---
 include/net/ip6_route.h          |    3 ++-
 net/ipv6/icmp.c                  |    2 +-
 net/ipv6/ip6_output.c            |    4 ++--
 net/ipv6/ip6_tunnel.c            |    2 +-
 net/ipv6/ndisc.c                 |    2 +-
 net/ipv6/netfilter.c             |    4 ++--
 net/ipv6/netfilter/ip6t_REJECT.c |    2 +-
 net/ipv6/route.c                 |    7 ++++---
 net/ipv6/sit.c                   |    2 +-
 net/ipv6/xfrm6_policy.c          |    2 +-
 net/sctp/ipv6.c                  |    2 +-
 11 files changed, 17 insertions(+), 15 deletions(-)

Index: net-2.6.26/include/net/ip6_route.h
===================================================================
--- net-2.6.26.orig/include/net/ip6_route.h
+++ net-2.6.26/include/net/ip6_route.h
@@ -43,7 +43,8 @@ extern struct rt6_info	*ip6_blk_hole_ent
 
 extern void			ip6_route_input(struct sk_buff *skb);
 
-extern struct dst_entry *	ip6_route_output(struct sock *sk,
+extern struct dst_entry *	ip6_route_output(struct net *net,
+						 struct sock *sk,
 						 struct flowi *fl);
 
 extern int			ip6_route_init(void);
Index: net-2.6.26/net/ipv6/icmp.c
===================================================================
--- net-2.6.26.orig/net/ipv6/icmp.c
+++ net-2.6.26/net/ipv6/icmp.c
@@ -178,7 +178,7 @@ static inline int icmpv6_xrlim_allow(str
 	 * XXX: perhaps the expire for routing entries cloned by
 	 * this lookup should be more aggressive (not longer than timeout).
 	 */
-	dst = ip6_route_output(sk, fl);
+	dst = ip6_route_output(&init_net, sk, fl);
 	if (dst->error) {
 		IP6_INC_STATS(ip6_dst_idev(dst),
 			      IPSTATS_MIB_OUTNOROUTES);
Index: net-2.6.26/net/ipv6/ip6_output.c
===================================================================
--- net-2.6.26.orig/net/ipv6/ip6_output.c
+++ net-2.6.26/net/ipv6/ip6_output.c
@@ -913,7 +913,7 @@ static int ip6_dst_lookup_tail(struct so
 	int err;
 
 	if (*dst == NULL)
-		*dst = ip6_route_output(sk, fl);
+		*dst = ip6_route_output(&init_net, sk, fl);
 
 	if ((err = (*dst)->error))
 		goto out_err_release;
@@ -954,7 +954,7 @@ static int ip6_dst_lookup_tail(struct so
 				dst_release(*dst);
 				memcpy(&fl_gw, fl, sizeof(struct flowi));
 				memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
-				*dst = ip6_route_output(sk, &fl_gw);
+				*dst = ip6_route_output(&init_net, sk, &fl_gw);
 				if ((err = (*dst)->error))
 					goto out_err_release;
 			}
Index: net-2.6.26/net/ipv6/ip6_tunnel.c
===================================================================
--- net-2.6.26.orig/net/ipv6/ip6_tunnel.c
+++ net-2.6.26/net/ipv6/ip6_tunnel.c
@@ -847,7 +847,7 @@ static int ip6_tnl_xmit2(struct sk_buff 
 	if ((dst = ip6_tnl_dst_check(t)) != NULL)
 		dst_hold(dst);
 	else {
-		dst = ip6_route_output(NULL, fl);
+		dst = ip6_route_output(&init_net, NULL, fl);
 
 		if (dst->error || xfrm_lookup(&dst, fl, NULL, 0) < 0)
 			goto tx_err_link_failure;
Index: net-2.6.26/net/ipv6/ndisc.c
===================================================================
--- net-2.6.26.orig/net/ipv6/ndisc.c
+++ net-2.6.26/net/ipv6/ndisc.c
@@ -1427,7 +1427,7 @@ void ndisc_send_redirect(struct sk_buff 
 	icmpv6_flow_init(ndisc_socket->sk, &fl, NDISC_REDIRECT,
 			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
 
-	dst = ip6_route_output(NULL, &fl);
+	dst = ip6_route_output(&init_net, NULL, &fl);
 	if (dst == NULL)
 		return;
 
Index: net-2.6.26/net/ipv6/netfilter.c
===================================================================
--- net-2.6.26.orig/net/ipv6/netfilter.c
+++ net-2.6.26/net/ipv6/netfilter.c
@@ -23,7 +23,7 @@ int ip6_route_me_harder(struct sk_buff *
 		    .saddr = iph->saddr, } },
 	};
 
-	dst = ip6_route_output(skb->sk, &fl);
+	dst = ip6_route_output(&init_net, skb->sk, &fl);
 
 #ifdef CONFIG_XFRM
 	if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
@@ -86,7 +86,7 @@ static int nf_ip6_reroute(struct sk_buff
 
 static int nf_ip6_route(struct dst_entry **dst, struct flowi *fl)
 {
-	*dst = ip6_route_output(NULL, fl);
+	*dst = ip6_route_output(&init_net, NULL, fl);
 	return (*dst)->error;
 }
 
Index: net-2.6.26/net/ipv6/netfilter/ip6t_REJECT.c
===================================================================
--- net-2.6.26.orig/net/ipv6/netfilter/ip6t_REJECT.c
+++ net-2.6.26/net/ipv6/netfilter/ip6t_REJECT.c
@@ -93,7 +93,7 @@ static void send_reset(struct sk_buff *o
 	fl.fl_ip_sport = otcph.dest;
 	fl.fl_ip_dport = otcph.source;
 	security_skb_classify_flow(oldskb, &fl);
-	dst = ip6_route_output(NULL, &fl);
+	dst = ip6_route_output(&init_net, NULL, &fl);
 	if (dst == NULL)
 		return;
 	if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0))
Index: net-2.6.26/net/ipv6/route.c
===================================================================
--- net-2.6.26.orig/net/ipv6/route.c
+++ net-2.6.26/net/ipv6/route.c
@@ -772,7 +772,8 @@ static struct rt6_info *ip6_pol_route_ou
 	return ip6_pol_route(net, table, fl->oif, fl, flags);
 }
 
-struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl)
+struct dst_entry * ip6_route_output(struct net *net, struct sock *sk,
+				    struct flowi *fl)
 {
 	int flags = 0;
 
@@ -782,7 +783,7 @@ struct dst_entry * ip6_route_output(stru
 	if (!ipv6_addr_any(&fl->fl6_src))
 		flags |= RT6_LOOKUP_F_HAS_SADDR;
 
-	return fib6_rule_lookup(&init_net, fl, flags, ip6_pol_route_output);
+	return fib6_rule_lookup(net, fl, flags, ip6_pol_route_output);
 }
 
 EXPORT_SYMBOL(ip6_route_output);
@@ -2260,7 +2261,7 @@ static int inet6_rtm_getroute(struct sk_
 	skb_reset_mac_header(skb);
 	skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr));
 
-	rt = (struct rt6_info*) ip6_route_output(NULL, &fl);
+	rt = (struct rt6_info*) ip6_route_output(&init_net, NULL, &fl);
 	skb->dst = &rt->u.dst;
 
 	err = rt6_fill_node(skb, rt, &fl.fl6_dst, &fl.fl6_src, iif,
Index: net-2.6.26/net/ipv6/sit.c
===================================================================
--- net-2.6.26.orig/net/ipv6/sit.c
+++ net-2.6.26/net/ipv6/sit.c
@@ -393,7 +393,7 @@ isatap_srcok(struct sk_buff *skb, struct
 	fl.oif = dev->ifindex;
 	security_skb_classify_flow(skb, &fl);
 
-	dst = ip6_route_output(NULL, &fl);
+	dst = ip6_route_output(&init_net, NULL, &fl);
 	if (!dst->error && (dst->dev == dev) && (neigh = dst->neighbour)) {
 
 		addr6 = (struct in6_addr*)&neigh->primary_key;
Index: net-2.6.26/net/ipv6/xfrm6_policy.c
===================================================================
--- net-2.6.26.orig/net/ipv6/xfrm6_policy.c
+++ net-2.6.26/net/ipv6/xfrm6_policy.c
@@ -38,7 +38,7 @@ static struct dst_entry *xfrm6_dst_looku
 	if (saddr)
 		memcpy(&fl.fl6_src, saddr, sizeof(fl.fl6_src));
 
-	dst = ip6_route_output(NULL, &fl);
+	dst = ip6_route_output(&init_net, NULL, &fl);
 
 	err = dst->error;
 	if (dst->error) {
Index: net-2.6.26/net/sctp/ipv6.c
===================================================================
--- net-2.6.26.orig/net/sctp/ipv6.c
+++ net-2.6.26/net/sctp/ipv6.c
@@ -257,7 +257,7 @@ static struct dst_entry *sctp_v6_get_dst
 			NIP6(fl.fl6_src));
 	}
 
-	dst = ip6_route_output(NULL, &fl);
+	dst = ip6_route_output(&init_net, NULL, &fl);
 	if (!dst->error) {
 		struct rt6_info *rt;
 		rt = (struct rt6_info *)dst;

-- 

[patch 7/9][NETNS][IPV6] route6 - pass always a valid socket to ip6_dst_lookup

[Daniel Lezcano]

[-- Attachment #1: ip6_dst_lookup.patch --]
[-- Type: text/plain, Size: 2391 bytes --]

The ip6_dst_lookup receive a socket as parameter. In some part of the code
it is called with a NULL socket parameter. We want to rely on the socket
to retrieve the network namespace, so we always pass a valid socket in all
cases.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
---
 net/ipv6/ip6_output.c |    4 ++--
 net/ipv6/tcp_ipv6.c   |    9 ++++++---
 2 files changed, 8 insertions(+), 5 deletions(-)

Index: net-2.6.26/net/ipv6/ip6_output.c
===================================================================
--- net-2.6.26.orig/net/ipv6/ip6_output.c
+++ net-2.6.26/net/ipv6/ip6_output.c
@@ -913,7 +913,7 @@ static int ip6_dst_lookup_tail(struct so
 	int err;
 
 	if (*dst == NULL)
-		*dst = ip6_route_output(&init_net, sk, fl);
+		*dst = ip6_route_output(sk->sk_net, sk, fl);
 
 	if ((err = (*dst)->error))
 		goto out_err_release;
@@ -954,7 +954,7 @@ static int ip6_dst_lookup_tail(struct so
 				dst_release(*dst);
 				memcpy(&fl_gw, fl, sizeof(struct flowi));
 				memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
-				*dst = ip6_route_output(&init_net, sk, &fl_gw);
+				*dst = ip6_route_output(sk->sk_net, sk, &fl_gw);
 				if ((err = (*dst)->error))
 					goto out_err_release;
 			}
Index: net-2.6.26/net/ipv6/tcp_ipv6.c
===================================================================
--- net-2.6.26.orig/net/ipv6/tcp_ipv6.c
+++ net-2.6.26/net/ipv6/tcp_ipv6.c
@@ -1071,8 +1071,11 @@ static void tcp_v6_send_reset(struct soc
 	fl.fl_ip_sport = t1->source;
 	security_skb_classify_flow(skb, &fl);
 
-	/* sk = NULL, but it is safe for now. RST socket required. */
-	if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
+	/* Pass a socket to ip6_dst_lookup either it is for RST
+	 * Underlying function will use this to retrieve the network
+	 * namespace
+	 */
+	if (!ip6_dst_lookup(tcp6_socket->sk, &buff->dst, &fl)) {
 
 		if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
 			ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
@@ -1172,7 +1175,7 @@ static void tcp_v6_send_ack(struct tcp_t
 	fl.fl_ip_sport = t1->source;
 	security_skb_classify_flow(skb, &fl);
 
-	if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
+	if (!ip6_dst_lookup(tcp6_socket->sk, &buff->dst, &fl)) {
 		if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
 			ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
 			TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);

-- 

[patch 8/9][NETNS][IPV6] ip6_input - enable ipv6_rcv to handle several network namespace

[Daniel Lezcano]

[-- Attachment #1: ip6-input-disable-multinetns-protection.patch --]
[-- Type: text/plain, Size: 715 bytes --]

The different subsystem of ipv6 are ready for namespaces, so let's
activate it for ipv6_rcv.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
---
 net/ipv6/ip6_input.c |    5 -----
 1 file changed, 5 deletions(-)

Index: net-2.6.26/net/ipv6/ip6_input.c
===================================================================
--- net-2.6.26.orig/net/ipv6/ip6_input.c
+++ net-2.6.26/net/ipv6/ip6_input.c
@@ -61,11 +61,6 @@ int ipv6_rcv(struct sk_buff *skb, struct
 	u32 		pkt_len;
 	struct inet6_dev *idev;
 
-	if (dev->nd_net != &init_net) {
-		kfree_skb(skb);
-		return 0;
-	}
-
 	if (skb->pkt_type == PACKET_OTHERHOST) {
 		kfree_skb(skb);
 		return 0;

-- 

[patch 9/9][NETNS][IPV6] icmp6 - make icmpv6_socket per namespace

[Daniel Lezcano]

[-- Attachment #1: icmp6-allocate-icmpv6_socket-per-namespace.patch --]
[-- Type: text/plain, Size: 2580 bytes --]

This patch make the changes necessary to support network namespaces in ICMPv6.

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 net/ipv6/icmp.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

Index: net-2.6.26/net/ipv6/icmp.c
===================================================================
--- net-2.6.26.orig/net/ipv6/icmp.c
+++ net-2.6.26/net/ipv6/icmp.c
@@ -163,6 +163,7 @@ static inline int icmpv6_xrlim_allow(str
 				     struct flowi *fl)
 {
 	struct dst_entry *dst;
+	struct net *net = sk->sk_net;
 	int res = 0;
 
 	/* Informational messages are not limited. */
@@ -178,7 +179,7 @@ static inline int icmpv6_xrlim_allow(str
 	 * XXX: perhaps the expire for routing entries cloned by
 	 * this lookup should be more aggressive (not longer than timeout).
 	 */
-	dst = ip6_route_output(&init_net, sk, fl);
+	dst = ip6_route_output(net, sk, fl);
 	if (dst->error) {
 		IP6_INC_STATS(ip6_dst_idev(dst),
 			      IPSTATS_MIB_OUTNOROUTES);
@@ -186,7 +187,7 @@ static inline int icmpv6_xrlim_allow(str
 		res = 1;
 	} else {
 		struct rt6_info *rt = (struct rt6_info *)dst;
-		int tmo = init_net.ipv6.sysctl.icmpv6_time;
+		int tmo = net->ipv6.sysctl.icmpv6_time;
 
 		/* Give more bandwidth to wider prefixes. */
 		if (rt->rt6i_dst.plen < 128)
@@ -305,6 +306,7 @@ static inline void mip6_addr_swap(struct
 void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
 		 struct net_device *dev)
 {
+	struct net *net = skb->dev->nd_net;
 	struct inet6_dev *idev = NULL;
 	struct ipv6hdr *hdr = ipv6_hdr(skb);
 	struct sock *sk;
@@ -334,7 +336,7 @@ void icmpv6_send(struct sk_buff *skb, in
 	 */
 	addr_type = ipv6_addr_type(&hdr->daddr);
 
-	if (ipv6_chk_addr(&init_net, &hdr->daddr, skb->dev, 0))
+	if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
 		saddr = &hdr->daddr;
 
 	/*
@@ -391,7 +393,7 @@ void icmpv6_send(struct sk_buff *skb, in
 	fl.fl_icmp_code = code;
 	security_skb_classify_flow(skb, &fl);
 
-	sk = icmpv6_sk(&init_net);
+	sk = icmpv6_sk(net);
 	np = inet6_sk(sk);
 
 	if (icmpv6_xmit_lock(sk))
@@ -507,6 +509,7 @@ EXPORT_SYMBOL(icmpv6_send);
 
 static void icmpv6_echo_reply(struct sk_buff *skb)
 {
+	struct net *net = skb->dev->nd_net;
 	struct sock *sk;
 	struct inet6_dev *idev;
 	struct ipv6_pinfo *np;
@@ -537,7 +540,7 @@ static void icmpv6_echo_reply(struct sk_
 	fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
 	security_skb_classify_flow(skb, &fl);
 
-	sk = icmpv6_sk(&init_net);
+	sk = icmpv6_sk(net);
 	np = inet6_sk(sk);
 
 	if (icmpv6_xmit_lock(sk))

-- 

Re: [patch 0/9][NETNS][IPV6] make addrconf and icmp per namespace

[David Miller]

From: Daniel Lezcano <dlezcano@fr.ibm.com>
Date: Wed, 05 Mar 2008 18:56:49 +0100

> The following patchset makes the different part of ipv6 to take
> into account the namespaces. On top of that, addrconf and icmp
> are now aware how to use the namespaces too. So we can move an
> interface inside the namespace and set ip up to have an ipv6
> address autoconfigured and be able to ping it.
> 
> ndisc will come very soon ... :)

Applied and pushed out to net-2.6.26, thanks.

Can you quickly resolve this turd which got added by
these changes to net/ipv6/addrconf.c?

static void addrconf_net_exit(struct net *net)
{
	struct net_device *dev;

	/*
	 * Remove loopback references from default routing entries
	 */
/* 	in6_dev_put(net->ipv6.ip6_null_entry->rt6i_idev); */
/* #ifdef CONFIG_IPV6_MULTIPLE_TABLES */
/* 	in6_dev_put(net->ipv6.ip6_prohibit_entry->rt6i_idev); */
/* 	in6_dev_put(net->ipv6.ip6_blk_hole_entry->rt6i_idev); */
/* #endif */

Either turn the code on or remove it.

The upstream tree isn't a place to take "notes" using commented out
code to remind you later about something.

Thanks.

Re: [patch 0/9][NETNS][IPV6] make addrconf and icmp per namespace

[Daniel Lezcano]

David Miller wrote:
> From: Daniel Lezcano <dlezcano@fr.ibm.com>
> Date: Wed, 05 Mar 2008 18:56:49 +0100
> 
>> The following patchset makes the different part of ipv6 to take
>> into account the namespaces. On top of that, addrconf and icmp
>> are now aware how to use the namespaces too. So we can move an
>> interface inside the namespace and set ip up to have an ipv6
>> address autoconfigured and be able to ping it.
>>
>> ndisc will come very soon ... :)
> 
> Applied and pushed out to net-2.6.26, thanks.
> 
> Can you quickly resolve this turd which got added by
> these changes to net/ipv6/addrconf.c?
> 
> static void addrconf_net_exit(struct net *net)
> {
> 	struct net_device *dev;
> 
> 	/*
> 	 * Remove loopback references from default routing entries
> 	 */
> /* 	in6_dev_put(net->ipv6.ip6_null_entry->rt6i_idev); */
> /* #ifdef CONFIG_IPV6_MULTIPLE_TABLES */
> /* 	in6_dev_put(net->ipv6.ip6_prohibit_entry->rt6i_idev); */
> /* 	in6_dev_put(net->ipv6.ip6_blk_hole_entry->rt6i_idev); */
> /* #endif */
> 
> Either turn the code on or remove it.
> 
> The upstream tree isn't a place to take "notes" using commented out
> code to remind you later about something.

Oops, sorry. I forgot to remove this comment. I will remove it asap.