Commit 2abf967b authored by David S. Miller's avatar David S. Miller

Merge branch 'gre_netns'

Nicolas Dichtel says:

====================
gre: allow to switch netns during encap/decap

The goal of this serie is to add x-netns support for the module ip_gre and
ip6_gre, ie the encapsulation addresses and the network device are not owned by
the same namespace.

Example to configure an ipv4 gre tunnel:

modprobe ip_gre
ip netns add netns1
ip netns exec netns1 ip link set lo up
ip link add gre1 type gre remote 10.16.0.121 local 10.16.0.249 ikey 10 okey 10 csum
ip link set gre1 netns netns1
ip netns exec netns1 ip link set gre1 up
ip netns exec netns1 ip addr add dev gre1 192.168.0.249 remote 192.168.0.121
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 893f6627 22f08069
...@@ -410,7 +410,7 @@ static int ipgre_open(struct net_device *dev) ...@@ -410,7 +410,7 @@ static int ipgre_open(struct net_device *dev)
struct flowi4 fl4; struct flowi4 fl4;
struct rtable *rt; struct rtable *rt;
rt = ip_route_output_gre(dev_net(dev), &fl4, rt = ip_route_output_gre(t->net, &fl4,
t->parms.iph.daddr, t->parms.iph.daddr,
t->parms.iph.saddr, t->parms.iph.saddr,
t->parms.o_key, t->parms.o_key,
...@@ -434,7 +434,7 @@ static int ipgre_close(struct net_device *dev) ...@@ -434,7 +434,7 @@ static int ipgre_close(struct net_device *dev)
if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) { if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
struct in_device *in_dev; struct in_device *in_dev;
in_dev = inetdev_by_index(dev_net(dev), t->mlink); in_dev = inetdev_by_index(t->net, t->mlink);
if (in_dev) if (in_dev)
ip_mc_dec_group(in_dev, t->parms.iph.daddr); ip_mc_dec_group(in_dev, t->parms.iph.daddr);
} }
...@@ -478,7 +478,7 @@ static void __gre_tunnel_init(struct net_device *dev) ...@@ -478,7 +478,7 @@ static void __gre_tunnel_init(struct net_device *dev)
dev->needed_headroom = LL_MAX_HEADER + sizeof(struct iphdr) + 4; dev->needed_headroom = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4; dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4;
dev->features |= NETIF_F_NETNS_LOCAL | GRE_FEATURES; dev->features |= GRE_FEATURES;
dev->hw_features |= GRE_FEATURES; dev->hw_features |= GRE_FEATURES;
if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) { if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) {
......
...@@ -72,6 +72,7 @@ struct ip6gre_net { ...@@ -72,6 +72,7 @@ struct ip6gre_net {
}; };
static struct rtnl_link_ops ip6gre_link_ops __read_mostly; static struct rtnl_link_ops ip6gre_link_ops __read_mostly;
static struct rtnl_link_ops ip6gre_tap_ops __read_mostly;
static int ip6gre_tunnel_init(struct net_device *dev); static int ip6gre_tunnel_init(struct net_device *dev);
static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev);
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
...@@ -353,10 +354,10 @@ static struct ip6_tnl *ip6gre_tunnel_locate(struct net *net, ...@@ -353,10 +354,10 @@ static struct ip6_tnl *ip6gre_tunnel_locate(struct net *net,
static void ip6gre_tunnel_uninit(struct net_device *dev) static void ip6gre_tunnel_uninit(struct net_device *dev)
{ {
struct net *net = dev_net(dev); struct ip6_tnl *t = netdev_priv(dev);
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id); struct ip6gre_net *ign = net_generic(t->net, ip6gre_net_id);
ip6gre_tunnel_unlink(ign, netdev_priv(dev)); ip6gre_tunnel_unlink(ign, t);
dev_put(dev); dev_put(dev);
} }
...@@ -611,8 +612,8 @@ static netdev_tx_t ip6gre_xmit2(struct sk_buff *skb, ...@@ -611,8 +612,8 @@ static netdev_tx_t ip6gre_xmit2(struct sk_buff *skb,
int encap_limit, int encap_limit,
__u32 *pmtu) __u32 *pmtu)
{ {
struct net *net = dev_net(dev);
struct ip6_tnl *tunnel = netdev_priv(dev); struct ip6_tnl *tunnel = netdev_priv(dev);
struct net *net = tunnel->net;
struct net_device *tdev; /* Device to other host */ struct net_device *tdev; /* Device to other host */
struct ipv6hdr *ipv6h; /* Our new IP header */ struct ipv6hdr *ipv6h; /* Our new IP header */
unsigned int max_headroom = 0; /* The extra header space needed */ unsigned int max_headroom = 0; /* The extra header space needed */
...@@ -979,7 +980,7 @@ static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu) ...@@ -979,7 +980,7 @@ static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu)
int strict = (ipv6_addr_type(&p->raddr) & int strict = (ipv6_addr_type(&p->raddr) &
(IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)); (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL));
struct rt6_info *rt = rt6_lookup(dev_net(dev), struct rt6_info *rt = rt6_lookup(t->net,
&p->raddr, &p->laddr, &p->raddr, &p->laddr,
p->link, strict); p->link, strict);
...@@ -1063,13 +1064,12 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, ...@@ -1063,13 +1064,12 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
int err = 0; int err = 0;
struct ip6_tnl_parm2 p; struct ip6_tnl_parm2 p;
struct __ip6_tnl_parm p1; struct __ip6_tnl_parm p1;
struct ip6_tnl *t; struct ip6_tnl *t = netdev_priv(dev);
struct net *net = dev_net(dev); struct net *net = t->net;
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id); struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
switch (cmd) { switch (cmd) {
case SIOCGETTUNNEL: case SIOCGETTUNNEL:
t = NULL;
if (dev == ign->fb_tunnel_dev) { if (dev == ign->fb_tunnel_dev) {
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
err = -EFAULT; err = -EFAULT;
...@@ -1077,9 +1077,9 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, ...@@ -1077,9 +1077,9 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
} }
ip6gre_tnl_parm_from_user(&p1, &p); ip6gre_tnl_parm_from_user(&p1, &p);
t = ip6gre_tunnel_locate(net, &p1, 0); t = ip6gre_tunnel_locate(net, &p1, 0);
if (t == NULL)
t = netdev_priv(dev);
} }
if (t == NULL)
t = netdev_priv(dev);
memset(&p, 0, sizeof(p)); memset(&p, 0, sizeof(p));
ip6gre_tnl_parm_to_user(&p, &t->parms); ip6gre_tnl_parm_to_user(&p, &t->parms);
if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
...@@ -1242,7 +1242,6 @@ static void ip6gre_tunnel_setup(struct net_device *dev) ...@@ -1242,7 +1242,6 @@ static void ip6gre_tunnel_setup(struct net_device *dev)
dev->flags |= IFF_NOARP; dev->flags |= IFF_NOARP;
dev->iflink = 0; dev->iflink = 0;
dev->addr_len = sizeof(struct in6_addr); dev->addr_len = sizeof(struct in6_addr);
dev->features |= NETIF_F_NETNS_LOCAL;
dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
} }
...@@ -1297,11 +1296,17 @@ static struct inet6_protocol ip6gre_protocol __read_mostly = { ...@@ -1297,11 +1296,17 @@ static struct inet6_protocol ip6gre_protocol __read_mostly = {
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
}; };
static void ip6gre_destroy_tunnels(struct ip6gre_net *ign, static void ip6gre_destroy_tunnels(struct net *net, struct list_head *head)
struct list_head *head)
{ {
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
struct net_device *dev, *aux;
int prio; int prio;
for_each_netdev_safe(net, dev, aux)
if (dev->rtnl_link_ops == &ip6gre_link_ops ||
dev->rtnl_link_ops == &ip6gre_tap_ops)
unregister_netdevice_queue(dev, head);
for (prio = 0; prio < 4; prio++) { for (prio = 0; prio < 4; prio++) {
int h; int h;
for (h = 0; h < HASH_SIZE; h++) { for (h = 0; h < HASH_SIZE; h++) {
...@@ -1310,7 +1315,12 @@ static void ip6gre_destroy_tunnels(struct ip6gre_net *ign, ...@@ -1310,7 +1315,12 @@ static void ip6gre_destroy_tunnels(struct ip6gre_net *ign,
t = rtnl_dereference(ign->tunnels[prio][h]); t = rtnl_dereference(ign->tunnels[prio][h]);
while (t != NULL) { while (t != NULL) {
unregister_netdevice_queue(t->dev, head); /* If dev is in the same netns, it has already
* been added to the list by the previous loop.
*/
if (!net_eq(dev_net(t->dev), net))
unregister_netdevice_queue(t->dev,
head);
t = rtnl_dereference(t->next); t = rtnl_dereference(t->next);
} }
} }
...@@ -1329,6 +1339,11 @@ static int __net_init ip6gre_init_net(struct net *net) ...@@ -1329,6 +1339,11 @@ static int __net_init ip6gre_init_net(struct net *net)
goto err_alloc_dev; goto err_alloc_dev;
} }
dev_net_set(ign->fb_tunnel_dev, net); dev_net_set(ign->fb_tunnel_dev, net);
/* FB netdevice is special: we have one, and only one per netns.
* Allowing to move it to another netns is clearly unsafe.
*/
ign->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
ip6gre_fb_tunnel_init(ign->fb_tunnel_dev); ip6gre_fb_tunnel_init(ign->fb_tunnel_dev);
ign->fb_tunnel_dev->rtnl_link_ops = &ip6gre_link_ops; ign->fb_tunnel_dev->rtnl_link_ops = &ip6gre_link_ops;
...@@ -1349,12 +1364,10 @@ static int __net_init ip6gre_init_net(struct net *net) ...@@ -1349,12 +1364,10 @@ static int __net_init ip6gre_init_net(struct net *net)
static void __net_exit ip6gre_exit_net(struct net *net) static void __net_exit ip6gre_exit_net(struct net *net)
{ {
struct ip6gre_net *ign;
LIST_HEAD(list); LIST_HEAD(list);
ign = net_generic(net, ip6gre_net_id);
rtnl_lock(); rtnl_lock();
ip6gre_destroy_tunnels(ign, &list); ip6gre_destroy_tunnels(net, &list);
unregister_netdevice_many(&list); unregister_netdevice_many(&list);
rtnl_unlock(); rtnl_unlock();
} }
...@@ -1531,15 +1544,14 @@ static int ip6gre_newlink(struct net *src_net, struct net_device *dev, ...@@ -1531,15 +1544,14 @@ static int ip6gre_newlink(struct net *src_net, struct net_device *dev,
static int ip6gre_changelink(struct net_device *dev, struct nlattr *tb[], static int ip6gre_changelink(struct net_device *dev, struct nlattr *tb[],
struct nlattr *data[]) struct nlattr *data[])
{ {
struct ip6_tnl *t, *nt; struct ip6_tnl *t, *nt = netdev_priv(dev);
struct net *net = dev_net(dev); struct net *net = nt->net;
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id); struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
struct __ip6_tnl_parm p; struct __ip6_tnl_parm p;
if (dev == ign->fb_tunnel_dev) if (dev == ign->fb_tunnel_dev)
return -EINVAL; return -EINVAL;
nt = netdev_priv(dev);
ip6gre_netlink_parms(data, &p); ip6gre_netlink_parms(data, &p);
t = ip6gre_tunnel_locate(net, &p, 0); t = ip6gre_tunnel_locate(net, &p, 0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment