diff options
Diffstat (limited to 'include/net/netns')
| -rw-r--r-- | include/net/netns/conntrack.h | 107 | ||||
| -rw-r--r-- | include/net/netns/generic.h | 2 | ||||
| -rw-r--r-- | include/net/netns/hash.h | 2 | ||||
| -rw-r--r-- | include/net/netns/ieee802154_6lowpan.h | 22 | ||||
| -rw-r--r-- | include/net/netns/ipv4.h | 48 | ||||
| -rw-r--r-- | include/net/netns/ipv6.h | 20 | ||||
| -rw-r--r-- | include/net/netns/mib.h | 6 | ||||
| -rw-r--r-- | include/net/netns/netfilter.h | 18 | ||||
| -rw-r--r-- | include/net/netns/nftables.h | 20 | ||||
| -rw-r--r-- | include/net/netns/packet.h | 4 | ||||
| -rw-r--r-- | include/net/netns/sctp.h | 134 | ||||
| -rw-r--r-- | include/net/netns/x_tables.h | 7 | ||||
| -rw-r--r-- | include/net/netns/xfrm.h | 17 |
13 files changed, 374 insertions, 33 deletions
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h index d4958d4c657..773cce308bc 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h @@ -3,33 +3,110 @@ #include <linux/list.h> #include <linux/list_nulls.h> -#include <asm/atomic.h> +#include <linux/atomic.h> +#include <linux/netfilter/nf_conntrack_tcp.h> +#include <linux/seqlock.h> struct ctl_table_header; struct nf_conntrack_ecache; +struct nf_proto_net { +#ifdef CONFIG_SYSCTL + struct ctl_table_header *ctl_table_header; + struct ctl_table *ctl_table; +#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT + struct ctl_table_header *ctl_compat_header; + struct ctl_table *ctl_compat_table; +#endif +#endif + unsigned int users; +}; + +struct nf_generic_net { + struct nf_proto_net pn; + unsigned int timeout; +}; + +struct nf_tcp_net { + struct nf_proto_net pn; + unsigned int timeouts[TCP_CONNTRACK_TIMEOUT_MAX]; + unsigned int tcp_loose; + unsigned int tcp_be_liberal; + unsigned int tcp_max_retrans; +}; + +enum udp_conntrack { + UDP_CT_UNREPLIED, + UDP_CT_REPLIED, + UDP_CT_MAX +}; + +struct nf_udp_net { + struct nf_proto_net pn; + unsigned int timeouts[UDP_CT_MAX]; +}; + +struct nf_icmp_net { + struct nf_proto_net pn; + unsigned int timeout; +}; + +struct nf_ip_net { + struct nf_generic_net generic; + struct nf_tcp_net tcp; + struct nf_udp_net udp; + struct nf_icmp_net icmp; + struct nf_icmp_net icmpv6; +#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) + struct ctl_table_header *ctl_table_header; + struct ctl_table *ctl_table; +#endif +}; + +struct ct_pcpu { + spinlock_t lock; + struct hlist_nulls_head unconfirmed; + struct hlist_nulls_head dying; + struct hlist_nulls_head tmpl; +}; + struct netns_ct { atomic_t count; unsigned int expect_count; - unsigned int htable_size; - struct kmem_cache *nf_conntrack_cachep; - struct hlist_nulls_head *hash; - struct hlist_head *expect_hash; - struct hlist_nulls_head unconfirmed; - struct hlist_nulls_head dying; - struct ip_conntrack_stat __percpu *stat; - int sysctl_events; - unsigned int sysctl_events_retry_timeout; - int sysctl_acct; - int sysctl_checksum; - unsigned int sysctl_log_invalid; /* Log invalid packets */ #ifdef CONFIG_SYSCTL struct ctl_table_header *sysctl_header; struct ctl_table_header *acct_sysctl_header; + struct ctl_table_header *tstamp_sysctl_header; struct ctl_table_header *event_sysctl_header; + struct ctl_table_header *helper_sysctl_header; #endif - int hash_vmalloc; - int expect_vmalloc; char *slabname; + unsigned int sysctl_log_invalid; /* Log invalid packets */ + unsigned int sysctl_events_retry_timeout; + int sysctl_events; + int sysctl_acct; + int sysctl_auto_assign_helper; + bool auto_assign_helper_warned; + int sysctl_tstamp; + int sysctl_checksum; + + unsigned int htable_size; + seqcount_t generation; + struct kmem_cache *nf_conntrack_cachep; + struct hlist_nulls_head *hash; + struct hlist_head *expect_hash; + struct ct_pcpu __percpu *pcpu_lists; + struct ip_conntrack_stat __percpu *stat; + struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; + struct nf_exp_event_notifier __rcu *nf_expect_event_cb; + struct nf_ip_net nf_ct_proto; +#if defined(CONFIG_NF_CONNTRACK_LABELS) + unsigned int labels_used; + u8 label_words; +#endif +#ifdef CONFIG_NF_NAT_NEEDED + struct hlist_head *nat_bysource; + unsigned int nat_htable_size; +#endif }; #endif diff --git a/include/net/netns/generic.h b/include/net/netns/generic.h index 3419bf5cd15..0931618c0f7 100644 --- a/include/net/netns/generic.h +++ b/include/net/netns/generic.h @@ -5,6 +5,7 @@ #ifndef __NET_GENERIC_H__ #define __NET_GENERIC_H__ +#include <linux/bug.h> #include <linux/rcupdate.h> /* @@ -41,6 +42,7 @@ static inline void *net_generic(const struct net *net, int id) ptr = ng->ptr[id - 1]; rcu_read_unlock(); + BUG_ON(!ptr); return ptr; } #endif diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h index 548d78f2cc4..c06ac58ca10 100644 --- a/include/net/netns/hash.h +++ b/include/net/netns/hash.h @@ -5,7 +5,7 @@ struct net; -static inline unsigned net_hash_mix(struct net *net) +static inline unsigned int net_hash_mix(struct net *net) { #ifdef CONFIG_NET_NS /* diff --git a/include/net/netns/ieee802154_6lowpan.h b/include/net/netns/ieee802154_6lowpan.h new file mode 100644 index 00000000000..e2070960bac --- /dev/null +++ b/include/net/netns/ieee802154_6lowpan.h @@ -0,0 +1,22 @@ +/* + * ieee802154 6lowpan in net namespaces + */ + +#include <net/inet_frag.h> + +#ifndef __NETNS_IEEE802154_6LOWPAN_H__ +#define __NETNS_IEEE802154_6LOWPAN_H__ + +struct netns_sysctl_lowpan { +#ifdef CONFIG_SYSCTL + struct ctl_table_header *frags_hdr; +#endif +}; + +struct netns_ieee802154_lowpan { + struct netns_sysctl_lowpan sysctl; + struct netns_frags frags; + int max_dsize; +}; + +#endif diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index d68c3f12177..aec5e12f9f1 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -5,13 +5,25 @@ #ifndef __NETNS_IPV4_H__ #define __NETNS_IPV4_H__ +#include <linux/uidgid.h> #include <net/inet_frag.h> +struct tcpm_hash_bucket; struct ctl_table_header; struct ipv4_devconf; struct fib_rules_ops; struct hlist_head; +struct fib_table; struct sock; +struct local_ports { + seqlock_t lock; + int range[2]; +}; + +struct ping_group_range { + seqlock_t lock; + kgid_t range[2]; +}; struct netns_ipv4 { #ifdef CONFIG_SYSCTL @@ -19,18 +31,27 @@ struct netns_ipv4 { struct ctl_table_header *frags_hdr; struct ctl_table_header *ipv4_hdr; struct ctl_table_header *route_hdr; + struct ctl_table_header *xfrm4_hdr; #endif struct ipv4_devconf *devconf_all; struct ipv4_devconf *devconf_dflt; #ifdef CONFIG_IP_MULTIPLE_TABLES struct fib_rules_ops *rules_ops; + bool fib_has_custom_rules; + struct fib_table *fib_local; + struct fib_table *fib_main; + struct fib_table *fib_default; +#endif +#ifdef CONFIG_IP_ROUTE_CLASSID + int fib_num_tclassid_users; #endif struct hlist_head *fib_table_hash; struct sock *fibnl; struct sock **icmp_sk; - struct sock *tcp_sock; - + struct inet_peer_base *peers; + struct tcpm_hash_bucket *tcp_metrics_hash; + unsigned int tcp_metrics_hash_log; struct netns_frags frags; #ifdef CONFIG_NETFILTER struct xt_table *iptable_filter; @@ -41,9 +62,6 @@ struct netns_ipv4 { struct xt_table *iptable_security; #endif struct xt_table *nat_table; - struct hlist_head *nat_bysource; - unsigned int nat_htable_size; - int nat_vmalloced; #endif int sysctl_icmp_echo_ignore_all; @@ -52,10 +70,23 @@ struct netns_ipv4 { int sysctl_icmp_ratelimit; int sysctl_icmp_ratemask; int sysctl_icmp_errors_use_inbound_ifaddr; - int sysctl_rt_cache_rebuild_count; - int current_rt_cache_rebuild_count; - atomic_t rt_genid; + struct local_ports ip_local_ports; + + int sysctl_tcp_ecn; + int sysctl_ip_no_pmtu_disc; + int sysctl_ip_fwd_use_pmtu; + + int sysctl_fwmark_reflect; + int sysctl_tcp_fwmark_accept; + + struct ping_group_range ping_group_range; + + atomic_t dev_addr_genid; + +#ifdef CONFIG_SYSCTL + unsigned long *sysctl_local_reserved_ports; +#endif #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES @@ -65,5 +96,6 @@ struct netns_ipv4 { struct fib_rules_ops *mr_rules_ops; #endif #endif + atomic_t rt_genid; }; #endif diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index 81abfcb2eb4..19d3446e59d 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h @@ -12,8 +12,11 @@ struct ctl_table_header; struct netns_sysctl_ipv6 { #ifdef CONFIG_SYSCTL - struct ctl_table_header *table; + struct ctl_table_header *hdr; + struct ctl_table_header *route_hdr; + struct ctl_table_header *icmp_hdr; struct ctl_table_header *frags_hdr; + struct ctl_table_header *xfrm6_hdr; #endif int bindv6only; int flush_delay; @@ -24,13 +27,17 @@ struct netns_sysctl_ipv6 { int ip6_rt_gc_elasticity; int ip6_rt_mtu_expires; int ip6_rt_min_advmss; + int flowlabel_consistency; int icmpv6_time; + int anycast_src_echo_reply; + int fwmark_reflect; }; struct netns_ipv6 { struct netns_sysctl_ipv6 sysctl; struct ipv6_devconf *devconf_all; struct ipv6_devconf *devconf_dflt; + struct inet_peer_base *peers; struct netns_frags frags; #ifdef CONFIG_NETFILTER struct xt_table *ip6table_filter; @@ -39,6 +46,7 @@ struct netns_ipv6 { #ifdef CONFIG_SECURITY struct xt_table *ip6table_security; #endif + struct xt_table *ip6table_nat; #endif struct rt6_info *ip6_null_entry; struct rt6_statistics *rt6_stats; @@ -66,5 +74,15 @@ struct netns_ipv6 { struct fib_rules_ops *mr6_rules_ops; #endif #endif + atomic_t dev_addr_genid; + atomic_t rt_genid; }; + +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) +struct netns_nf_frag { + struct netns_sysctl_ipv6 sysctl; + struct netns_frags frags; +}; +#endif + #endif diff --git a/include/net/netns/mib.h b/include/net/netns/mib.h index 0b44112e236..d542a4b28cc 100644 --- a/include/net/netns/mib.h +++ b/include/net/netns/mib.h @@ -10,15 +10,15 @@ struct netns_mib { DEFINE_SNMP_STAT(struct udp_mib, udp_statistics); DEFINE_SNMP_STAT(struct udp_mib, udplite_statistics); DEFINE_SNMP_STAT(struct icmp_mib, icmp_statistics); - DEFINE_SNMP_STAT(struct icmpmsg_mib, icmpmsg_statistics); + DEFINE_SNMP_STAT_ATOMIC(struct icmpmsg_mib, icmpmsg_statistics); -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) +#if IS_ENABLED(CONFIG_IPV6) struct proc_dir_entry *proc_net_devsnmp6; DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6); DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6); DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics); DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics); - DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics); + DEFINE_SNMP_STAT_ATOMIC(struct icmpv6msg_mib, icmpv6msg_statistics); #endif #ifdef CONFIG_XFRM_STATISTICS DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics); diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h new file mode 100644 index 00000000000..88740024ccf --- /dev/null +++ b/include/net/netns/netfilter.h @@ -0,0 +1,18 @@ +#ifndef __NETNS_NETFILTER_H +#define __NETNS_NETFILTER_H + +#include <linux/proc_fs.h> +#include <linux/netfilter.h> + +struct nf_logger; + +struct netns_nf { +#if defined CONFIG_PROC_FS + struct proc_dir_entry *proc_netfilter; +#endif + const struct nf_logger __rcu *nf_loggers[NFPROTO_NUMPROTO]; +#ifdef CONFIG_SYSCTL + struct ctl_table_header *nf_log_dir_header; +#endif +}; +#endif diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h new file mode 100644 index 00000000000..eee608b12cc --- /dev/null +++ b/include/net/netns/nftables.h @@ -0,0 +1,20 @@ +#ifndef _NETNS_NFTABLES_H_ +#define _NETNS_NFTABLES_H_ + +#include <linux/list.h> + +struct nft_af_info; + +struct netns_nftables { + struct list_head af_info; + struct list_head commit_list; + struct nft_af_info *ipv4; + struct nft_af_info *ipv6; + struct nft_af_info *inet; + struct nft_af_info *arp; + struct nft_af_info *bridge; + unsigned int base_seq; + u8 gencursor; +}; + +#endif diff --git a/include/net/netns/packet.h b/include/net/netns/packet.h index cb4e894c0f8..17ec2b95c06 100644 --- a/include/net/netns/packet.h +++ b/include/net/netns/packet.h @@ -5,10 +5,10 @@ #define __NETNS_PACKET_H__ #include <linux/rculist.h> -#include <linux/spinlock.h> +#include <linux/mutex.h> struct netns_packet { - spinlock_t sklist_lock; + struct mutex sklist_lock; struct hlist_head sklist; }; diff --git a/include/net/netns/sctp.h b/include/net/netns/sctp.h new file mode 100644 index 00000000000..3573a81815a --- /dev/null +++ b/include/net/netns/sctp.h @@ -0,0 +1,134 @@ +#ifndef __NETNS_SCTP_H__ +#define __NETNS_SCTP_H__ + +struct sock; +struct proc_dir_entry; +struct sctp_mib; +struct ctl_table_header; + +struct netns_sctp { + DEFINE_SNMP_STAT(struct sctp_mib, sctp_statistics); + +#ifdef CONFIG_PROC_FS + struct proc_dir_entry *proc_net_sctp; +#endif +#ifdef CONFIG_SYSCTL + struct ctl_table_header *sysctl_header; +#endif + /* This is the global socket data structure used for responding to + * the Out-of-the-blue (OOTB) packets. A control sock will be created + * for this socket at the initialization time. + */ + struct sock *ctl_sock; + + /* This is the global local address list. + * We actively maintain this complete list of addresses on + * the system by catching address add/delete events. + * + * It is a list of sctp_sockaddr_entry. + */ + struct list_head local_addr_list; + struct list_head addr_waitq; + struct timer_list addr_wq_timer; + struct list_head auto_asconf_splist; + spinlock_t addr_wq_lock; + + /* Lock that protects the local_addr_list writers */ + spinlock_t local_addr_lock; + + /* RFC2960 Section 14. Suggested SCTP Protocol Parameter Values + * + * The following protocol parameters are RECOMMENDED: + * + * RTO.Initial - 3 seconds + * RTO.Min - 1 second + * RTO.Max - 60 seconds + * RTO.Alpha - 1/8 (3 when converted to right shifts.) + * RTO.Beta - 1/4 (2 when converted to right shifts.) + */ + unsigned int rto_initial; + unsigned int rto_min; + unsigned int rto_max; + + /* Note: rto_alpha and rto_beta are really defined as inverse + * powers of two to facilitate integer operations. + */ + int rto_alpha; + int rto_beta; + + /* Max.Burst - 4 */ + int max_burst; + + /* Whether Cookie Preservative is enabled(1) or not(0) */ + int cookie_preserve_enable; + + /* The namespace default hmac alg */ + char *sctp_hmac_alg; + + /* Valid.Cookie.Life - 60 seconds */ + unsigned int valid_cookie_life; + + /* Delayed SACK timeout 200ms default*/ + unsigned int sack_timeout; + + /* HB.interval - 30 seconds */ + unsigned int hb_interval; + + /* Association.Max.Retrans - 10 attempts + * Path.Max.Retrans - 5 attempts (per destination address) + * Max.Init.Retransmits - 8 attempts + */ + int max_retrans_association; + int max_retrans_path; + int max_retrans_init; + /* Potentially-Failed.Max.Retrans sysctl value + * taken from: + * http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05 + */ + int pf_retrans; + + /* + * Policy for preforming sctp/socket accounting + * 0 - do socket level accounting, all assocs share sk_sndbuf + * 1 - do sctp accounting, each asoc may use sk_sndbuf bytes + */ + int sndbuf_policy; + + /* + * Policy for preforming sctp/socket accounting + * 0 - do socket level accounting, all assocs share sk_rcvbuf + * 1 - do sctp accounting, each asoc may use sk_rcvbuf bytes + */ + int rcvbuf_policy; + + int default_auto_asconf; + + /* Flag to indicate if addip is enabled. */ + int addip_enable; + int addip_noauth; + + /* Flag to indicate if PR-SCTP is enabled. */ + int prsctp_enable; + + /* Flag to idicate if SCTP-AUTH is enabled */ + int auth_enable; + + /* + * Policy to control SCTP IPv4 address scoping + * 0 - Disable IPv4 address scoping + * 1 - Enable IPv4 address scoping + * 2 - Selectively allow only IPv4 private addresses + * 3 - Selectively allow only IPv4 link local address + */ + int scope_policy; + + /* Threshold for rwnd update SACKS. Receive buffer shifted this many + * bits is an indicator of when to send and window update SACK. + */ + int rwnd_upd_shift; + + /* Threshold for autoclose timeout, in seconds. */ + unsigned long max_autoclose; +}; + +#endif /* __NETNS_SCTP_H__ */ diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h index 591db7d657a..02fe40f8c8f 100644 --- a/include/net/netns/x_tables.h +++ b/include/net/netns/x_tables.h @@ -8,11 +8,18 @@ struct ebt_table; struct netns_xt { struct list_head tables[NFPROTO_NUMPROTO]; + bool notrack_deprecated_warning; #if defined(CONFIG_BRIDGE_NF_EBTABLES) || \ defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE) struct ebt_table *broute_table; struct ebt_table *frame_filter; struct ebt_table *frame_nat; #endif +#if IS_ENABLED(CONFIG_IP_NF_TARGET_ULOG) + bool ulog_warn_deprecated; +#endif +#if IS_ENABLED(CONFIG_BRIDGE_EBT_ULOG) + bool ebt_ulog_warn_deprecated; +#endif }; #endif diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 748f91f87cd..3492434baf8 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h @@ -6,6 +6,7 @@ #include <linux/workqueue.h> #include <linux/xfrm.h> #include <net/dst_ops.h> +#include <net/flowcache.h> struct ctl_table_header; @@ -33,8 +34,6 @@ struct netns_xfrm { struct hlist_head state_gc_list; struct work_struct state_gc_work; - wait_queue_head_t km_waitq; - struct list_head policy_all; struct hlist_head *policy_byidx; unsigned int policy_idx_hmask; @@ -56,9 +55,21 @@ struct netns_xfrm { #endif struct dst_ops xfrm4_dst_ops; -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) +#if IS_ENABLED(CONFIG_IPV6) struct dst_ops xfrm6_dst_ops; #endif + spinlock_t xfrm_state_lock; + rwlock_t xfrm_policy_lock; + struct mutex xfrm_cfg_mutex; + + /* flow cache part */ + struct flow_cache flow_cache_global; + atomic_t flow_cache_genid; + struct list_head flow_cache_gc_list; + spinlock_t flow_cache_gc_lock; + struct work_struct flow_cache_gc_work; + struct work_struct flow_cache_flush_work; + struct mutex flow_flush_sem; }; #endif |