[NET]: Support multiple network namespaces with netlink

Each netlink socket will live in exactly one network namespace, this includes the controlling kernel sockets. This patch updates all of the existing netlink protocols to only support the initial network namespace. Request by clients in other namespaces will get -ECONREFUSED. As they would if the kernel did not have the support for that netlink protocol compiled in. As each netlink protocol is updated to be multiple network namespace safe it can register multiple kernel sockets to acquire a presence in the rest of the network namespaces. The implementation in af_netlink is a simple filter implementation at hash table insertion and hash table look up time. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric W. Biederman <ebiederm@xmission.com> 2007-09-12 07:05:38 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-10-10 19:49:09 -0400
commit: b4b510290b056b86611757ce1175a230f1080f53 (patch)
tree: 7bd1d45855ac7457be6d50338c60751f19e436d9 /net/ipv6
parent: e9dc86534051b78e41e5b746cccc291b57a3a311 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 64536a3ef2f6..2f5a52453834 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -569,7 +569,7 @@ ipq_rcv_nl_event(struct notifier_block *this,
        if (event == NETLINK_URELEASE &&
            n->protocol == NETLINK_IP6_FW && n->pid) {
                write_lock_bh(&queue_lock);
-                if (n->pid == peer_pid)
+                if ((n->net == &init_net) && (n->pid == peer_pid))
                        __ipq_reset();
                write_unlock_bh(&queue_lock);
        }
@@ -661,8 +661,8 @@ static int __init ip6_queue_init(void)
        struct proc_dir_entry *proc;
        netlink_register_notifier(&ipq_nl_notifier);
-        ipqnl = netlink_kernel_create(NETLINK_IP6_FW, 0, ipq_rcv_sk, NULL,
+        ipqnl = netlink_kernel_create(&init_net, NETLINK_IP6_FW, 0, ipq_rcv_sk,
-                                      THIS_MODULE);
+                                        NULL, THIS_MODULE);
        if (ipqnl == NULL) {
                printk(KERN_ERR "ip6_queue: failed to create netlink socket\n");
                goto cleanup_netlink_notifier;
author	Eric W. Biederman <ebiederm@xmission.com>	2007-09-12 07:05:38 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-10-10 19:49:09 -0400
commit	b4b510290b056b86611757ce1175a230f1080f53 (patch)
tree	7bd1d45855ac7457be6d50338c60751f19e436d9 /net/ipv6
parent	e9dc86534051b78e41e5b746cccc291b57a3a311 (diff)

diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 64536a3ef2f6..2f5a52453834 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c
@@ -569,7 +569,7 @@ ipq_rcv_nl_event(struct notifier_block *this,
569	if (event == NETLINK_URELEASE &&	569	if (event == NETLINK_URELEASE &&
570	n->protocol == NETLINK_IP6_FW && n->pid) {	570	n->protocol == NETLINK_IP6_FW && n->pid) {
571	write_lock_bh(&queue_lock);	571	write_lock_bh(&queue_lock);
572	if (n->pid == peer_pid)	572	if ((n->net == &init_net) && (n->pid == peer_pid))
573	__ipq_reset();	573	__ipq_reset();
574	write_unlock_bh(&queue_lock);	574	write_unlock_bh(&queue_lock);
575	}	575	}
@@ -661,8 +661,8 @@ static int __init ip6_queue_init(void)
661	struct proc_dir_entry *proc;	661	struct proc_dir_entry *proc;
662		662
663	netlink_register_notifier(&ipq_nl_notifier);	663	netlink_register_notifier(&ipq_nl_notifier);
664	ipqnl = netlink_kernel_create(NETLINK_IP6_FW, 0, ipq_rcv_sk, NULL,	664	ipqnl = netlink_kernel_create(&init_net, NETLINK_IP6_FW, 0, ipq_rcv_sk,
665	THIS_MODULE);	665	NULL, THIS_MODULE);
666	if (ipqnl == NULL) {	666	if (ipqnl == NULL) {
667	printk(KERN_ERR "ip6_queue: failed to create netlink socket\n");	667	printk(KERN_ERR "ip6_queue: failed to create netlink socket\n");
668	goto cleanup_netlink_notifier;	668	goto cleanup_netlink_notifier;