aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2008-01-24 03:13:18 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 18:00:03 -0500
commit426b5303eb435d98b9bee37a807be386bc2b3320 (patch)
tree86f7bd945101d9ac51afb22a210d22b8ff956a4e /net/ipv6
parente1af9f270b69a3ad1dcbabb404dd1f40a96f43f5 (diff)
[NETNS]: Modify the neighbour table code so it handles multiple network namespaces
I'm actually surprised at how much was involved. At first glance it appears that the neighbour table data structures are already split by network device so all that should be needed is to modify the user interface commands to filter the set of neighbours by the network namespace of their devices. However a couple things turned up while I was reading through the code. The proxy neighbour table allows entries with no network device, and the neighbour parms are per network device (except for the defaults) so they now need a per network namespace default. So I updated the two structures (which surprised me) with their very own network namespace parameter. Updated the relevant lookup and destroy routines with a network namespace parameter and modified the code that interacts with users to filter out neighbour table entries for devices of other namespaces. I'm a little concerned that we can modify and display the global table configuration and from all network namespaces. But this appears good enough for now. I keep thinking modifying the neighbour table to have per network namespace instances of each table type would should be cleaner. The hash table is already dynamically sized so there are it is not a limiter. The default parameter would be straight forward to take care of. However when I look at the how the network table is built and used I still find some assumptions that there is only a single neighbour table for each type of table in the kernel. The netlink operations, neigh_seq_start, the non-core network users that call neigh_lookup. So while it might be doable it would require more refactoring than my current approach of just doing a little extra filtering in the code. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/ip6_output.c2
-rw-r--r--net/ipv6/ndisc.c4
2 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 4686646058d3..ba7c8aaf2782 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -449,7 +449,7 @@ int ip6_forward(struct sk_buff *skb)
449 449
450 /* XXX: idev->cnf.proxy_ndp? */ 450 /* XXX: idev->cnf.proxy_ndp? */
451 if (ipv6_devconf.proxy_ndp && 451 if (ipv6_devconf.proxy_ndp &&
452 pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) { 452 pneigh_lookup(&nd_tbl, &init_net, &hdr->daddr, skb->dev, 0)) {
453 int proxied = ip6_forward_proxy_check(skb); 453 int proxied = ip6_forward_proxy_check(skb);
454 if (proxied > 0) 454 if (proxied > 0)
455 return ip6_input(skb); 455 return ip6_input(skb);
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index b87f9d245e2e..b66a1f81bd83 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -789,7 +789,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
789 if (ipv6_chk_acast_addr(dev, &msg->target) || 789 if (ipv6_chk_acast_addr(dev, &msg->target) ||
790 (idev->cnf.forwarding && 790 (idev->cnf.forwarding &&
791 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 791 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
792 (pneigh = pneigh_lookup(&nd_tbl, 792 (pneigh = pneigh_lookup(&nd_tbl, &init_net,
793 &msg->target, dev, 0)) != NULL)) { 793 &msg->target, dev, 0)) != NULL)) {
794 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 794 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
795 skb->pkt_type != PACKET_HOST && 795 skb->pkt_type != PACKET_HOST &&
@@ -930,7 +930,7 @@ static void ndisc_recv_na(struct sk_buff *skb)
930 */ 930 */
931 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 931 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
932 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 932 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
933 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 933 pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) {
934 /* XXX: idev->cnf.prixy_ndp */ 934 /* XXX: idev->cnf.prixy_ndp */
935 goto out; 935 goto out;
936 } 936 }