diff options
author | Benjamin Thery <benjamin.thery@bull.net> | 2008-05-28 08:51:24 -0400 |
---|---|---|
committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-06-11 13:38:15 -0400 |
commit | 3de232554a91adc74e80dc15c304be806bd7e1f9 (patch) | |
tree | 625e86cdef1763c886e676132b235b1ba52068b4 /net/ipv6/addrlabel.c | |
parent | 2b5ead46442d80928cce987ae6acf3fe99968ad8 (diff) |
ipv6 netns: Address labels per namespace
This pacth makes IPv6 address labels per network namespace.
It keeps the global label tables, ip6addrlbl_table, but
adds a 'net' member to each ip6addrlbl_entry.
This new member is taken into account when matching labels.
Changelog
=========
* v1: Initial version
* v2:
* Minize the penalty when network namespaces are not configured:
* the 'net' member is added only if CONFIG_NET_NS is
defined. This saves space when network namespaces are not
configured.
* 'net' value is retrieved with the inlined function
ip6addrlbl_net() that always return &init_net when
CONFIG_NET_NS is not defined.
* 'net' member in ip6addrlbl_entry renamed to the less generic
'lbl_net' name (helps code search).
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net/ipv6/addrlabel.c')
-rw-r--r-- | net/ipv6/addrlabel.c | 106 |
1 files changed, 75 insertions, 31 deletions
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c index 9bfa8846f262..08909039d87b 100644 --- a/net/ipv6/addrlabel.c +++ b/net/ipv6/addrlabel.c | |||
@@ -29,6 +29,9 @@ | |||
29 | */ | 29 | */ |
30 | struct ip6addrlbl_entry | 30 | struct ip6addrlbl_entry |
31 | { | 31 | { |
32 | #ifdef CONFIG_NET_NS | ||
33 | struct net *lbl_net; | ||
34 | #endif | ||
32 | struct in6_addr prefix; | 35 | struct in6_addr prefix; |
33 | int prefixlen; | 36 | int prefixlen; |
34 | int ifindex; | 37 | int ifindex; |
@@ -46,6 +49,16 @@ static struct ip6addrlbl_table | |||
46 | u32 seq; | 49 | u32 seq; |
47 | } ip6addrlbl_table; | 50 | } ip6addrlbl_table; |
48 | 51 | ||
52 | static inline | ||
53 | struct net *ip6addrlbl_net(const struct ip6addrlbl_entry *lbl) | ||
54 | { | ||
55 | #ifdef CONFIG_NET_NS | ||
56 | return lbl->lbl_net; | ||
57 | #else | ||
58 | return &init_net; | ||
59 | #endif | ||
60 | } | ||
61 | |||
49 | /* | 62 | /* |
50 | * Default policy table (RFC3484 + extensions) | 63 | * Default policy table (RFC3484 + extensions) |
51 | * | 64 | * |
@@ -65,7 +78,7 @@ static struct ip6addrlbl_table | |||
65 | 78 | ||
66 | #define IPV6_ADDR_LABEL_DEFAULT 0xffffffffUL | 79 | #define IPV6_ADDR_LABEL_DEFAULT 0xffffffffUL |
67 | 80 | ||
68 | static const __initdata struct ip6addrlbl_init_table | 81 | static const __net_initdata struct ip6addrlbl_init_table |
69 | { | 82 | { |
70 | const struct in6_addr *prefix; | 83 | const struct in6_addr *prefix; |
71 | int prefixlen; | 84 | int prefixlen; |
@@ -108,6 +121,9 @@ static const __initdata struct ip6addrlbl_init_table | |||
108 | /* Object management */ | 121 | /* Object management */ |
109 | static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p) | 122 | static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p) |
110 | { | 123 | { |
124 | #ifdef CONFIG_NET_NS | ||
125 | release_net(p->lbl_net); | ||
126 | #endif | ||
111 | kfree(p); | 127 | kfree(p); |
112 | } | 128 | } |
113 | 129 | ||
@@ -128,10 +144,13 @@ static inline void ip6addrlbl_put(struct ip6addrlbl_entry *p) | |||
128 | } | 144 | } |
129 | 145 | ||
130 | /* Find label */ | 146 | /* Find label */ |
131 | static int __ip6addrlbl_match(struct ip6addrlbl_entry *p, | 147 | static int __ip6addrlbl_match(struct net *net, |
148 | struct ip6addrlbl_entry *p, | ||
132 | const struct in6_addr *addr, | 149 | const struct in6_addr *addr, |
133 | int addrtype, int ifindex) | 150 | int addrtype, int ifindex) |
134 | { | 151 | { |
152 | if (!net_eq(ip6addrlbl_net(p), net)) | ||
153 | return 0; | ||
135 | if (p->ifindex && p->ifindex != ifindex) | 154 | if (p->ifindex && p->ifindex != ifindex) |
136 | return 0; | 155 | return 0; |
137 | if (p->addrtype && p->addrtype != addrtype) | 156 | if (p->addrtype && p->addrtype != addrtype) |
@@ -141,19 +160,21 @@ static int __ip6addrlbl_match(struct ip6addrlbl_entry *p, | |||
141 | return 1; | 160 | return 1; |
142 | } | 161 | } |
143 | 162 | ||
144 | static struct ip6addrlbl_entry *__ipv6_addr_label(const struct in6_addr *addr, | 163 | static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net, |
164 | const struct in6_addr *addr, | ||
145 | int type, int ifindex) | 165 | int type, int ifindex) |
146 | { | 166 | { |
147 | struct hlist_node *pos; | 167 | struct hlist_node *pos; |
148 | struct ip6addrlbl_entry *p; | 168 | struct ip6addrlbl_entry *p; |
149 | hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { | 169 | hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { |
150 | if (__ip6addrlbl_match(p, addr, type, ifindex)) | 170 | if (__ip6addrlbl_match(net, p, addr, type, ifindex)) |
151 | return p; | 171 | return p; |
152 | } | 172 | } |
153 | return NULL; | 173 | return NULL; |
154 | } | 174 | } |
155 | 175 | ||
156 | u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex) | 176 | u32 ipv6_addr_label(struct net *net, |
177 | const struct in6_addr *addr, int type, int ifindex) | ||
157 | { | 178 | { |
158 | u32 label; | 179 | u32 label; |
159 | struct ip6addrlbl_entry *p; | 180 | struct ip6addrlbl_entry *p; |
@@ -161,7 +182,7 @@ u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex) | |||
161 | type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK; | 182 | type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK; |
162 | 183 | ||
163 | rcu_read_lock(); | 184 | rcu_read_lock(); |
164 | p = __ipv6_addr_label(addr, type, ifindex); | 185 | p = __ipv6_addr_label(net, addr, type, ifindex); |
165 | label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT; | 186 | label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT; |
166 | rcu_read_unlock(); | 187 | rcu_read_unlock(); |
167 | 188 | ||
@@ -174,7 +195,8 @@ u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex) | |||
174 | } | 195 | } |
175 | 196 | ||
176 | /* allocate one entry */ | 197 | /* allocate one entry */ |
177 | static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix, | 198 | static struct ip6addrlbl_entry *ip6addrlbl_alloc(struct net *net, |
199 | const struct in6_addr *prefix, | ||
178 | int prefixlen, int ifindex, | 200 | int prefixlen, int ifindex, |
179 | u32 label) | 201 | u32 label) |
180 | { | 202 | { |
@@ -216,6 +238,9 @@ static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix, | |||
216 | newp->addrtype = addrtype; | 238 | newp->addrtype = addrtype; |
217 | newp->label = label; | 239 | newp->label = label; |
218 | INIT_HLIST_NODE(&newp->list); | 240 | INIT_HLIST_NODE(&newp->list); |
241 | #ifdef CONFIG_NET_NS | ||
242 | newp->lbl_net = hold_net(net); | ||
243 | #endif | ||
219 | atomic_set(&newp->refcnt, 1); | 244 | atomic_set(&newp->refcnt, 1); |
220 | return newp; | 245 | return newp; |
221 | } | 246 | } |
@@ -237,6 +262,7 @@ static int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int replace) | |||
237 | hlist_for_each_entry_safe(p, pos, n, | 262 | hlist_for_each_entry_safe(p, pos, n, |
238 | &ip6addrlbl_table.head, list) { | 263 | &ip6addrlbl_table.head, list) { |
239 | if (p->prefixlen == newp->prefixlen && | 264 | if (p->prefixlen == newp->prefixlen && |
265 | net_eq(ip6addrlbl_net(p), ip6addrlbl_net(newp)) && | ||
240 | p->ifindex == newp->ifindex && | 266 | p->ifindex == newp->ifindex && |
241 | ipv6_addr_equal(&p->prefix, &newp->prefix)) { | 267 | ipv6_addr_equal(&p->prefix, &newp->prefix)) { |
242 | if (!replace) { | 268 | if (!replace) { |
@@ -261,7 +287,8 @@ out: | |||
261 | } | 287 | } |
262 | 288 | ||
263 | /* add a label */ | 289 | /* add a label */ |
264 | static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen, | 290 | static int ip6addrlbl_add(struct net *net, |
291 | const struct in6_addr *prefix, int prefixlen, | ||
265 | int ifindex, u32 label, int replace) | 292 | int ifindex, u32 label, int replace) |
266 | { | 293 | { |
267 | struct ip6addrlbl_entry *newp; | 294 | struct ip6addrlbl_entry *newp; |
@@ -274,7 +301,7 @@ static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen, | |||
274 | (unsigned int)label, | 301 | (unsigned int)label, |
275 | replace); | 302 | replace); |
276 | 303 | ||
277 | newp = ip6addrlbl_alloc(prefix, prefixlen, ifindex, label); | 304 | newp = ip6addrlbl_alloc(net, prefix, prefixlen, ifindex, label); |
278 | if (IS_ERR(newp)) | 305 | if (IS_ERR(newp)) |
279 | return PTR_ERR(newp); | 306 | return PTR_ERR(newp); |
280 | spin_lock(&ip6addrlbl_table.lock); | 307 | spin_lock(&ip6addrlbl_table.lock); |
@@ -286,7 +313,8 @@ static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen, | |||
286 | } | 313 | } |
287 | 314 | ||
288 | /* remove a label */ | 315 | /* remove a label */ |
289 | static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, | 316 | static int __ip6addrlbl_del(struct net *net, |
317 | const struct in6_addr *prefix, int prefixlen, | ||
290 | int ifindex) | 318 | int ifindex) |
291 | { | 319 | { |
292 | struct ip6addrlbl_entry *p = NULL; | 320 | struct ip6addrlbl_entry *p = NULL; |
@@ -300,6 +328,7 @@ static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, | |||
300 | 328 | ||
301 | hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) { | 329 | hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) { |
302 | if (p->prefixlen == prefixlen && | 330 | if (p->prefixlen == prefixlen && |
331 | net_eq(ip6addrlbl_net(p), net) && | ||
303 | p->ifindex == ifindex && | 332 | p->ifindex == ifindex && |
304 | ipv6_addr_equal(&p->prefix, prefix)) { | 333 | ipv6_addr_equal(&p->prefix, prefix)) { |
305 | hlist_del_rcu(&p->list); | 334 | hlist_del_rcu(&p->list); |
@@ -311,7 +340,8 @@ static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, | |||
311 | return ret; | 340 | return ret; |
312 | } | 341 | } |
313 | 342 | ||
314 | static int ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, | 343 | static int ip6addrlbl_del(struct net *net, |
344 | const struct in6_addr *prefix, int prefixlen, | ||
315 | int ifindex) | 345 | int ifindex) |
316 | { | 346 | { |
317 | struct in6_addr prefix_buf; | 347 | struct in6_addr prefix_buf; |
@@ -324,13 +354,13 @@ static int ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, | |||
324 | 354 | ||
325 | ipv6_addr_prefix(&prefix_buf, prefix, prefixlen); | 355 | ipv6_addr_prefix(&prefix_buf, prefix, prefixlen); |
326 | spin_lock(&ip6addrlbl_table.lock); | 356 | spin_lock(&ip6addrlbl_table.lock); |
327 | ret = __ip6addrlbl_del(&prefix_buf, prefixlen, ifindex); | 357 | ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex); |
328 | spin_unlock(&ip6addrlbl_table.lock); | 358 | spin_unlock(&ip6addrlbl_table.lock); |
329 | return ret; | 359 | return ret; |
330 | } | 360 | } |
331 | 361 | ||
332 | /* add default label */ | 362 | /* add default label */ |
333 | static __init int ip6addrlbl_init(void) | 363 | static int __net_init ip6addrlbl_net_init(struct net *net) |
334 | { | 364 | { |
335 | int err = 0; | 365 | int err = 0; |
336 | int i; | 366 | int i; |
@@ -338,7 +368,8 @@ static __init int ip6addrlbl_init(void) | |||
338 | ADDRLABEL(KERN_DEBUG "%s()\n", __func__); | 368 | ADDRLABEL(KERN_DEBUG "%s()\n", __func__); |
339 | 369 | ||
340 | for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) { | 370 | for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) { |
341 | int ret = ip6addrlbl_add(ip6addrlbl_init_table[i].prefix, | 371 | int ret = ip6addrlbl_add(net, |
372 | ip6addrlbl_init_table[i].prefix, | ||
342 | ip6addrlbl_init_table[i].prefixlen, | 373 | ip6addrlbl_init_table[i].prefixlen, |
343 | 0, | 374 | 0, |
344 | ip6addrlbl_init_table[i].label, 0); | 375 | ip6addrlbl_init_table[i].label, 0); |
@@ -349,11 +380,32 @@ static __init int ip6addrlbl_init(void) | |||
349 | return err; | 380 | return err; |
350 | } | 381 | } |
351 | 382 | ||
383 | static void __net_exit ip6addrlbl_net_exit(struct net *net) | ||
384 | { | ||
385 | struct ip6addrlbl_entry *p = NULL; | ||
386 | struct hlist_node *pos, *n; | ||
387 | |||
388 | /* Remove all labels belonging to the exiting net */ | ||
389 | spin_lock(&ip6addrlbl_table.lock); | ||
390 | hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) { | ||
391 | if (net_eq(ip6addrlbl_net(p), net)) { | ||
392 | hlist_del_rcu(&p->list); | ||
393 | ip6addrlbl_put(p); | ||
394 | } | ||
395 | } | ||
396 | spin_unlock(&ip6addrlbl_table.lock); | ||
397 | } | ||
398 | |||
399 | static struct pernet_operations ipv6_addr_label_ops = { | ||
400 | .init = ip6addrlbl_net_init, | ||
401 | .exit = ip6addrlbl_net_exit, | ||
402 | }; | ||
403 | |||
352 | int __init ipv6_addr_label_init(void) | 404 | int __init ipv6_addr_label_init(void) |
353 | { | 405 | { |
354 | spin_lock_init(&ip6addrlbl_table.lock); | 406 | spin_lock_init(&ip6addrlbl_table.lock); |
355 | 407 | ||
356 | return ip6addrlbl_init(); | 408 | return register_pernet_subsys(&ipv6_addr_label_ops); |
357 | } | 409 | } |
358 | 410 | ||
359 | static const struct nla_policy ifal_policy[IFAL_MAX+1] = { | 411 | static const struct nla_policy ifal_policy[IFAL_MAX+1] = { |
@@ -371,9 +423,6 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
371 | u32 label; | 423 | u32 label; |
372 | int err = 0; | 424 | int err = 0; |
373 | 425 | ||
374 | if (net != &init_net) | ||
375 | return 0; | ||
376 | |||
377 | err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); | 426 | err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); |
378 | if (err < 0) | 427 | if (err < 0) |
379 | return err; | 428 | return err; |
@@ -385,7 +434,7 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
385 | return -EINVAL; | 434 | return -EINVAL; |
386 | 435 | ||
387 | if (ifal->ifal_index && | 436 | if (ifal->ifal_index && |
388 | !__dev_get_by_index(&init_net, ifal->ifal_index)) | 437 | !__dev_get_by_index(net, ifal->ifal_index)) |
389 | return -EINVAL; | 438 | return -EINVAL; |
390 | 439 | ||
391 | if (!tb[IFAL_ADDRESS]) | 440 | if (!tb[IFAL_ADDRESS]) |
@@ -403,12 +452,12 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
403 | 452 | ||
404 | switch(nlh->nlmsg_type) { | 453 | switch(nlh->nlmsg_type) { |
405 | case RTM_NEWADDRLABEL: | 454 | case RTM_NEWADDRLABEL: |
406 | err = ip6addrlbl_add(pfx, ifal->ifal_prefixlen, | 455 | err = ip6addrlbl_add(net, pfx, ifal->ifal_prefixlen, |
407 | ifal->ifal_index, label, | 456 | ifal->ifal_index, label, |
408 | nlh->nlmsg_flags & NLM_F_REPLACE); | 457 | nlh->nlmsg_flags & NLM_F_REPLACE); |
409 | break; | 458 | break; |
410 | case RTM_DELADDRLABEL: | 459 | case RTM_DELADDRLABEL: |
411 | err = ip6addrlbl_del(pfx, ifal->ifal_prefixlen, | 460 | err = ip6addrlbl_del(net, pfx, ifal->ifal_prefixlen, |
412 | ifal->ifal_index); | 461 | ifal->ifal_index); |
413 | break; | 462 | break; |
414 | default: | 463 | default: |
@@ -458,12 +507,10 @@ static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb) | |||
458 | int idx = 0, s_idx = cb->args[0]; | 507 | int idx = 0, s_idx = cb->args[0]; |
459 | int err; | 508 | int err; |
460 | 509 | ||
461 | if (net != &init_net) | ||
462 | return 0; | ||
463 | |||
464 | rcu_read_lock(); | 510 | rcu_read_lock(); |
465 | hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { | 511 | hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { |
466 | if (idx >= s_idx) { | 512 | if (idx >= s_idx && |
513 | net_eq(ip6addrlbl_net(p), net)) { | ||
467 | if ((err = ip6addrlbl_fill(skb, p, | 514 | if ((err = ip6addrlbl_fill(skb, p, |
468 | ip6addrlbl_table.seq, | 515 | ip6addrlbl_table.seq, |
469 | NETLINK_CB(cb->skb).pid, | 516 | NETLINK_CB(cb->skb).pid, |
@@ -499,9 +546,6 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, | |||
499 | struct ip6addrlbl_entry *p; | 546 | struct ip6addrlbl_entry *p; |
500 | struct sk_buff *skb; | 547 | struct sk_buff *skb; |
501 | 548 | ||
502 | if (net != &init_net) | ||
503 | return 0; | ||
504 | |||
505 | err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); | 549 | err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); |
506 | if (err < 0) | 550 | if (err < 0) |
507 | return err; | 551 | return err; |
@@ -513,7 +557,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, | |||
513 | return -EINVAL; | 557 | return -EINVAL; |
514 | 558 | ||
515 | if (ifal->ifal_index && | 559 | if (ifal->ifal_index && |
516 | !__dev_get_by_index(&init_net, ifal->ifal_index)) | 560 | !__dev_get_by_index(net, ifal->ifal_index)) |
517 | return -EINVAL; | 561 | return -EINVAL; |
518 | 562 | ||
519 | if (!tb[IFAL_ADDRESS]) | 563 | if (!tb[IFAL_ADDRESS]) |
@@ -524,7 +568,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, | |||
524 | return -EINVAL; | 568 | return -EINVAL; |
525 | 569 | ||
526 | rcu_read_lock(); | 570 | rcu_read_lock(); |
527 | p = __ipv6_addr_label(addr, ipv6_addr_type(addr), ifal->ifal_index); | 571 | p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index); |
528 | if (p && ip6addrlbl_hold(p)) | 572 | if (p && ip6addrlbl_hold(p)) |
529 | p = NULL; | 573 | p = NULL; |
530 | lseq = ip6addrlbl_table.seq; | 574 | lseq = ip6addrlbl_table.seq; |
@@ -552,7 +596,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, | |||
552 | goto out; | 596 | goto out; |
553 | } | 597 | } |
554 | 598 | ||
555 | err = rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid); | 599 | err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid); |
556 | out: | 600 | out: |
557 | return err; | 601 | return err; |
558 | } | 602 | } |