diff options
author | Denis V. Lunev <den@openvz.org> | 2008-01-10 06:20:28 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 18:01:23 -0500 |
commit | 5fd30ee7c48bf7f9cd16ab44c8a09fa4a57cc21d (patch) | |
tree | eb5fc97bcf41f7f1e9dd9d7c312e13c85c1610d0 | |
parent | 868d13ac811746e28e4c806f2b1bd8575796f9af (diff) |
[NETNS]: Namespacing in the generic fib rules code.
Move static rules_ops & rules_mod_lock to the struct net, register the
pernet subsys to init them and enjoy the fact that the core rules
infrastructure works in the namespace.
Real IPv4 fib rules virtualization requires fib tables support in the
namespace and will be done seriously later in the patchset.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/net_namespace.h | 4 | ||||
-rw-r--r-- | net/core/fib_rules.c | 91 |
2 files changed, 58 insertions, 37 deletions
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index b0a5f904d252..b8c1d60ba9e4 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h | |||
@@ -40,6 +40,10 @@ struct net { | |||
40 | struct hlist_head *dev_name_head; | 40 | struct hlist_head *dev_name_head; |
41 | struct hlist_head *dev_index_head; | 41 | struct hlist_head *dev_index_head; |
42 | 42 | ||
43 | /* core fib_rules */ | ||
44 | struct list_head rules_ops; | ||
45 | spinlock_t rules_mod_lock; | ||
46 | |||
43 | struct sock *rtnl; /* rtnetlink socket */ | 47 | struct sock *rtnl; /* rtnetlink socket */ |
44 | 48 | ||
45 | /* core sysctls */ | 49 | /* core sysctls */ |
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index e12e9f583949..c5f78fed6885 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c | |||
@@ -15,9 +15,6 @@ | |||
15 | #include <net/sock.h> | 15 | #include <net/sock.h> |
16 | #include <net/fib_rules.h> | 16 | #include <net/fib_rules.h> |
17 | 17 | ||
18 | static LIST_HEAD(rules_ops); | ||
19 | static DEFINE_SPINLOCK(rules_mod_lock); | ||
20 | |||
21 | int fib_default_rule_add(struct fib_rules_ops *ops, | 18 | int fib_default_rule_add(struct fib_rules_ops *ops, |
22 | u32 pref, u32 table, u32 flags) | 19 | u32 pref, u32 table, u32 flags) |
23 | { | 20 | { |
@@ -40,16 +37,17 @@ int fib_default_rule_add(struct fib_rules_ops *ops, | |||
40 | } | 37 | } |
41 | EXPORT_SYMBOL(fib_default_rule_add); | 38 | EXPORT_SYMBOL(fib_default_rule_add); |
42 | 39 | ||
43 | static void notify_rule_change(int event, struct fib_rule *rule, | 40 | static void notify_rule_change(struct net *net, int event, |
41 | struct fib_rule *rule, | ||
44 | struct fib_rules_ops *ops, struct nlmsghdr *nlh, | 42 | struct fib_rules_ops *ops, struct nlmsghdr *nlh, |
45 | u32 pid); | 43 | u32 pid); |
46 | 44 | ||
47 | static struct fib_rules_ops *lookup_rules_ops(int family) | 45 | static struct fib_rules_ops *lookup_rules_ops(struct net *net, int family) |
48 | { | 46 | { |
49 | struct fib_rules_ops *ops; | 47 | struct fib_rules_ops *ops; |
50 | 48 | ||
51 | rcu_read_lock(); | 49 | rcu_read_lock(); |
52 | list_for_each_entry_rcu(ops, &rules_ops, list) { | 50 | list_for_each_entry_rcu(ops, &net->rules_ops, list) { |
53 | if (ops->family == family) { | 51 | if (ops->family == family) { |
54 | if (!try_module_get(ops->owner)) | 52 | if (!try_module_get(ops->owner)) |
55 | ops = NULL; | 53 | ops = NULL; |
@@ -87,15 +85,16 @@ int fib_rules_register(struct net *net, struct fib_rules_ops *ops) | |||
87 | ops->action == NULL) | 85 | ops->action == NULL) |
88 | return -EINVAL; | 86 | return -EINVAL; |
89 | 87 | ||
90 | spin_lock(&rules_mod_lock); | 88 | spin_lock(&net->rules_mod_lock); |
91 | list_for_each_entry(o, &rules_ops, list) | 89 | list_for_each_entry(o, &net->rules_ops, list) |
92 | if (ops->family == o->family) | 90 | if (ops->family == o->family) |
93 | goto errout; | 91 | goto errout; |
94 | 92 | ||
95 | list_add_tail_rcu(&ops->list, &rules_ops); | 93 | hold_net(net); |
94 | list_add_tail_rcu(&ops->list, &net->rules_ops); | ||
96 | err = 0; | 95 | err = 0; |
97 | errout: | 96 | errout: |
98 | spin_unlock(&rules_mod_lock); | 97 | spin_unlock(&net->rules_mod_lock); |
99 | 98 | ||
100 | return err; | 99 | return err; |
101 | } | 100 | } |
@@ -118,8 +117,8 @@ int fib_rules_unregister(struct net *net, struct fib_rules_ops *ops) | |||
118 | int err = 0; | 117 | int err = 0; |
119 | struct fib_rules_ops *o; | 118 | struct fib_rules_ops *o; |
120 | 119 | ||
121 | spin_lock(&rules_mod_lock); | 120 | spin_lock(&net->rules_mod_lock); |
122 | list_for_each_entry(o, &rules_ops, list) { | 121 | list_for_each_entry(o, &net->rules_ops, list) { |
123 | if (o == ops) { | 122 | if (o == ops) { |
124 | list_del_rcu(&o->list); | 123 | list_del_rcu(&o->list); |
125 | fib_rules_cleanup_ops(ops); | 124 | fib_rules_cleanup_ops(ops); |
@@ -129,9 +128,11 @@ int fib_rules_unregister(struct net *net, struct fib_rules_ops *ops) | |||
129 | 128 | ||
130 | err = -ENOENT; | 129 | err = -ENOENT; |
131 | out: | 130 | out: |
132 | spin_unlock(&rules_mod_lock); | 131 | spin_unlock(&net->rules_mod_lock); |
133 | 132 | ||
134 | synchronize_rcu(); | 133 | synchronize_rcu(); |
134 | if (!err) | ||
135 | release_net(net); | ||
135 | 136 | ||
136 | return err; | 137 | return err; |
137 | } | 138 | } |
@@ -229,13 +230,10 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
229 | struct nlattr *tb[FRA_MAX+1]; | 230 | struct nlattr *tb[FRA_MAX+1]; |
230 | int err = -EINVAL, unresolved = 0; | 231 | int err = -EINVAL, unresolved = 0; |
231 | 232 | ||
232 | if (net != &init_net) | ||
233 | return -EINVAL; | ||
234 | |||
235 | if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh))) | 233 | if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh))) |
236 | goto errout; | 234 | goto errout; |
237 | 235 | ||
238 | ops = lookup_rules_ops(frh->family); | 236 | ops = lookup_rules_ops(net, frh->family); |
239 | if (ops == NULL) { | 237 | if (ops == NULL) { |
240 | err = EAFNOSUPPORT; | 238 | err = EAFNOSUPPORT; |
241 | goto errout; | 239 | goto errout; |
@@ -348,7 +346,7 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
348 | else | 346 | else |
349 | list_add_rcu(&rule->list, &ops->rules_list); | 347 | list_add_rcu(&rule->list, &ops->rules_list); |
350 | 348 | ||
351 | notify_rule_change(RTM_NEWRULE, rule, ops, nlh, NETLINK_CB(skb).pid); | 349 | notify_rule_change(net, RTM_NEWRULE, rule, ops, nlh, NETLINK_CB(skb).pid); |
352 | flush_route_cache(ops); | 350 | flush_route_cache(ops); |
353 | rules_ops_put(ops); | 351 | rules_ops_put(ops); |
354 | return 0; | 352 | return 0; |
@@ -369,13 +367,10 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
369 | struct nlattr *tb[FRA_MAX+1]; | 367 | struct nlattr *tb[FRA_MAX+1]; |
370 | int err = -EINVAL; | 368 | int err = -EINVAL; |
371 | 369 | ||
372 | if (net != &init_net) | ||
373 | return -EINVAL; | ||
374 | |||
375 | if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh))) | 370 | if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh))) |
376 | goto errout; | 371 | goto errout; |
377 | 372 | ||
378 | ops = lookup_rules_ops(frh->family); | 373 | ops = lookup_rules_ops(net, frh->family); |
379 | if (ops == NULL) { | 374 | if (ops == NULL) { |
380 | err = EAFNOSUPPORT; | 375 | err = EAFNOSUPPORT; |
381 | goto errout; | 376 | goto errout; |
@@ -441,7 +436,7 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
441 | } | 436 | } |
442 | 437 | ||
443 | synchronize_rcu(); | 438 | synchronize_rcu(); |
444 | notify_rule_change(RTM_DELRULE, rule, ops, nlh, | 439 | notify_rule_change(net, RTM_DELRULE, rule, ops, nlh, |
445 | NETLINK_CB(skb).pid); | 440 | NETLINK_CB(skb).pid); |
446 | fib_rule_put(rule); | 441 | fib_rule_put(rule); |
447 | flush_route_cache(ops); | 442 | flush_route_cache(ops); |
@@ -551,13 +546,10 @@ static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb) | |||
551 | struct fib_rules_ops *ops; | 546 | struct fib_rules_ops *ops; |
552 | int idx = 0, family; | 547 | int idx = 0, family; |
553 | 548 | ||
554 | if (net != &init_net) | ||
555 | return -EINVAL; | ||
556 | |||
557 | family = rtnl_msg_family(cb->nlh); | 549 | family = rtnl_msg_family(cb->nlh); |
558 | if (family != AF_UNSPEC) { | 550 | if (family != AF_UNSPEC) { |
559 | /* Protocol specific dump request */ | 551 | /* Protocol specific dump request */ |
560 | ops = lookup_rules_ops(family); | 552 | ops = lookup_rules_ops(net, family); |
561 | if (ops == NULL) | 553 | if (ops == NULL) |
562 | return -EAFNOSUPPORT; | 554 | return -EAFNOSUPPORT; |
563 | 555 | ||
@@ -565,7 +557,7 @@ static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb) | |||
565 | } | 557 | } |
566 | 558 | ||
567 | rcu_read_lock(); | 559 | rcu_read_lock(); |
568 | list_for_each_entry_rcu(ops, &rules_ops, list) { | 560 | list_for_each_entry_rcu(ops, &net->rules_ops, list) { |
569 | if (idx < cb->args[0] || !try_module_get(ops->owner)) | 561 | if (idx < cb->args[0] || !try_module_get(ops->owner)) |
570 | goto skip; | 562 | goto skip; |
571 | 563 | ||
@@ -582,7 +574,7 @@ static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb) | |||
582 | return skb->len; | 574 | return skb->len; |
583 | } | 575 | } |
584 | 576 | ||
585 | static void notify_rule_change(int event, struct fib_rule *rule, | 577 | static void notify_rule_change(struct net *net, int event, struct fib_rule *rule, |
586 | struct fib_rules_ops *ops, struct nlmsghdr *nlh, | 578 | struct fib_rules_ops *ops, struct nlmsghdr *nlh, |
587 | u32 pid) | 579 | u32 pid) |
588 | { | 580 | { |
@@ -600,10 +592,10 @@ static void notify_rule_change(int event, struct fib_rule *rule, | |||
600 | kfree_skb(skb); | 592 | kfree_skb(skb); |
601 | goto errout; | 593 | goto errout; |
602 | } | 594 | } |
603 | err = rtnl_notify(skb, &init_net, pid, ops->nlgroup, nlh, GFP_KERNEL); | 595 | err = rtnl_notify(skb, net, pid, ops->nlgroup, nlh, GFP_KERNEL); |
604 | errout: | 596 | errout: |
605 | if (err < 0) | 597 | if (err < 0) |
606 | rtnl_set_sk_err(&init_net, ops->nlgroup, err); | 598 | rtnl_set_sk_err(net, ops->nlgroup, err); |
607 | } | 599 | } |
608 | 600 | ||
609 | static void attach_rules(struct list_head *rules, struct net_device *dev) | 601 | static void attach_rules(struct list_head *rules, struct net_device *dev) |
@@ -631,22 +623,20 @@ static int fib_rules_event(struct notifier_block *this, unsigned long event, | |||
631 | void *ptr) | 623 | void *ptr) |
632 | { | 624 | { |
633 | struct net_device *dev = ptr; | 625 | struct net_device *dev = ptr; |
626 | struct net *net = dev->nd_net; | ||
634 | struct fib_rules_ops *ops; | 627 | struct fib_rules_ops *ops; |
635 | 628 | ||
636 | if (dev->nd_net != &init_net) | ||
637 | return NOTIFY_DONE; | ||
638 | |||
639 | ASSERT_RTNL(); | 629 | ASSERT_RTNL(); |
640 | rcu_read_lock(); | 630 | rcu_read_lock(); |
641 | 631 | ||
642 | switch (event) { | 632 | switch (event) { |
643 | case NETDEV_REGISTER: | 633 | case NETDEV_REGISTER: |
644 | list_for_each_entry(ops, &rules_ops, list) | 634 | list_for_each_entry(ops, &net->rules_ops, list) |
645 | attach_rules(&ops->rules_list, dev); | 635 | attach_rules(&ops->rules_list, dev); |
646 | break; | 636 | break; |
647 | 637 | ||
648 | case NETDEV_UNREGISTER: | 638 | case NETDEV_UNREGISTER: |
649 | list_for_each_entry(ops, &rules_ops, list) | 639 | list_for_each_entry(ops, &net->rules_ops, list) |
650 | detach_rules(&ops->rules_list, dev); | 640 | detach_rules(&ops->rules_list, dev); |
651 | break; | 641 | break; |
652 | } | 642 | } |
@@ -660,13 +650,40 @@ static struct notifier_block fib_rules_notifier = { | |||
660 | .notifier_call = fib_rules_event, | 650 | .notifier_call = fib_rules_event, |
661 | }; | 651 | }; |
662 | 652 | ||
653 | static int fib_rules_net_init(struct net *net) | ||
654 | { | ||
655 | INIT_LIST_HEAD(&net->rules_ops); | ||
656 | spin_lock_init(&net->rules_mod_lock); | ||
657 | return 0; | ||
658 | } | ||
659 | |||
660 | static struct pernet_operations fib_rules_net_ops = { | ||
661 | .init = fib_rules_net_init, | ||
662 | }; | ||
663 | |||
663 | static int __init fib_rules_init(void) | 664 | static int __init fib_rules_init(void) |
664 | { | 665 | { |
666 | int err; | ||
665 | rtnl_register(PF_UNSPEC, RTM_NEWRULE, fib_nl_newrule, NULL); | 667 | rtnl_register(PF_UNSPEC, RTM_NEWRULE, fib_nl_newrule, NULL); |
666 | rtnl_register(PF_UNSPEC, RTM_DELRULE, fib_nl_delrule, NULL); | 668 | rtnl_register(PF_UNSPEC, RTM_DELRULE, fib_nl_delrule, NULL); |
667 | rtnl_register(PF_UNSPEC, RTM_GETRULE, NULL, fib_nl_dumprule); | 669 | rtnl_register(PF_UNSPEC, RTM_GETRULE, NULL, fib_nl_dumprule); |
668 | 670 | ||
669 | return register_netdevice_notifier(&fib_rules_notifier); | 671 | err = register_netdevice_notifier(&fib_rules_notifier); |
672 | if (err < 0) | ||
673 | goto fail; | ||
674 | |||
675 | err = register_pernet_subsys(&fib_rules_net_ops); | ||
676 | if (err < 0) | ||
677 | goto fail_unregister; | ||
678 | return 0; | ||
679 | |||
680 | fail_unregister: | ||
681 | unregister_netdevice_notifier(&fib_rules_notifier); | ||
682 | fail: | ||
683 | rtnl_unregister(PF_UNSPEC, RTM_NEWRULE); | ||
684 | rtnl_unregister(PF_UNSPEC, RTM_DELRULE); | ||
685 | rtnl_unregister(PF_UNSPEC, RTM_GETRULE); | ||
686 | return err; | ||
670 | } | 687 | } |
671 | 688 | ||
672 | subsys_initcall(fib_rules_init); | 689 | subsys_initcall(fib_rules_init); |