- 28 Jan, 2008 40 commits
-
-
Denis V. Lunev authored
The iterator state->ns.neigh_sub_iter initialization is moved from arp_seq_open to clip_seq_start for convinience. This should not be a problem as the iterator will be used only after the seq_start callback. Signed-off-by:
Denis V. Lunev <den@openvz.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Denis V. Lunev authored
cat /proc/net/atm/arp causes the NULL pointer dereference in the get_proc_net+0xc/0x3a. This happens as proc_get_net believes that the parent proc dir entry contains struct net. Fix this assumption for "net/atm" case. The problem is introduced by the commit c0097b07abf5f92ab135d024dd41bd2aada1512f from Eric W. Biederman/Daniel Lezcano. Signed-off-by:
-
Denis V. Lunev authored
I.e. remove the net != &init_net checks from the places, that now can handle other-than-init net namespace. Acked-by:
Benjamin Thery <benjamin.thery@bull.net> Acked-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by:
-
Denis V. Lunev authored
Acked-by:
-
Denis V. Lunev authored
... up to rtentry_to_fib_config Acked-by:
-
Denis V. Lunev authored
Acked-by:
-
Denis V. Lunev authored
This patch makes the netlink socket to be per namespace. That allows to have each namespace its own socket for routing queries. Acked-by:
-
Denis V. Lunev authored
The preparatory work has been done. All we need is to substitute fib_table_hash with net->ipv4.fib_table_hash. Netns context is available when required. Acked-by:
-
Denis V. Lunev authored
The final trick for rules: place fib4_rules_ops into struct net and modify initialization path for this. Acked-by:
-
Denis V. Lunev authored
This is the second part (for the CONFIG_IP_FIB_TRIE case) of the patch #4, where we have created proc files in namespaces. Now we can dump correct info in them. Acked-by:
-
Denis V. Lunev authored
This is the second part (for the CONFIG_IP_FIB_HASH case) of the patch #4, where we have created proc files in namespaces. Now we can dump correct info in them. Acked-by:
-
Denis V. Lunev authored
nl_info is used to track the end-user destination of routing change notification. This is a natural object to hold a namespace on. Place it there and utilize the context in the appropriate places. Acked-by:
-
Eric W. Biederman authored
The patch extends the inet_addr_type and inet_dev_addr_type with the network namespace pointer. That allows to access the different tables relatively to the network namespace. The modification of the signature function is reported in all the callers of the inet_addr_type using the pointer to the well known init_net. Acked-by:
Eric W. Biederman <ebiederm@xmission.com> Signed-off-by:
-
Denis V. Lunev authored
This patch extends the fib_get_table and the fib_new_table functions with the network namespace pointer. That will allow to access the table relatively from the network namespace. Acked-by:
-
Denis V. Lunev authored
Replace the direct pointers to local and main tables with calls to fib_get_table() with appropriate argument. This doesn't introduce additional dereferences, but makes the access to fib tables uniform in any (CONFIG_IP_MULTIPLE_TABLES) case. Acked-by:
-
Denis V. Lunev authored
This patch makes the fib to be initialized as a subsystem for the network namespaces. The code does not handle several namespaces yet, so in case of a creation of a network namespace, the creation/initialization will not occur. Acked-by:
-
Denis V. Lunev authored
This adds error paths into both versions of fib4_rules_init (with/without CONFIG_IP_MULTIPLE_TABLES) and returns error code to the caller. Acked-by:
-
Denis V. Lunev authored
This adds netns parameter to fib_proc_init/exit and replaces __init specifier with __net_init. After this, we will not yet have these proc files show info from the specific namespace - this will be done when these tables become namespaced. Acked-by:
-
Denis V. Lunev authored
Move static rules_ops & rules_mod_lock to the struct net, register the pernet subsys to init them and enjoy the fact that the core rules infrastructure works in the namespace. Real IPv4 fib rules virtualization requires fib tables support in the namespace and will be done seriously later in the patchset. Acked-by:
-
Denis V. Lunev authored
fib_rules_ops contains operations and the list of configured rules. ops will become per/namespace soon, so we need them to be known in the default_pref callback. Acked-by:
-
Denis V. Lunev authored
The patch extends the different fib rules API in order to pass the network namespace pointer. That will allow to access the different tables from a namespace relative object. As usual, the pointer to the init_net variable is passed as parameter so we don't break the network. Acked-by:
-
Daniel Lezcano authored
This patch moves the icmpv6_time sysctl to the network namespace structure. Because the ipv6 protocol is not yet per namespace, the variable is accessed relatively to the initial network namespace. Signed-off-by:
-
Daniel Lezcano authored
All the sysctl concerning the routes are moved to the network namespace structure. A helper function is called to initialize the variables. Because the ipv6 protocol is not yet per namespace, the variables are accessed relatively from the network namespace. Signed-off-by:
-
Daniel Lezcano authored
The mld_max_msf protects the system with a maximum allowed multicast source filters. Making this variable per namespace can be potentially an problem if someone inside a namespace set it to a big value, that will impact the whole system including other namespaces. I don't see any benefits to have it per namespace for now, so in order to keep a directory entry in a newly created namespace, I make it read-only when we are not in the initial network namespace. Signed-off-by:
-
Daniel Lezcano authored
The ip6_frags is moved to the network namespace structure. Because there can be multiple instances of the network namespaces, and the ip6_frags is no longer a global static variable, a helper function has been added to facilitate the initialization of the variables. Until the ipv6 protocol is not per namespace, the variables are accessed relatively from the initial network namespace. Signed-off-by:
-
Daniel Lezcano authored
This patch moves the bindv6only sysctl to the network namespace structure. Until the ipv6 protocol is not per namespace, the sysctl variable is always from the initial network namespace. Signed-off-by:
-
Daniel Lezcano authored
Each network namespace wants its own set of sysctl value, eg. we should not be able from a namespace to set a sysctl value for another namespace , especially for the initial network namespace. This patch duplicates the sysctl table when we register a new network namespace for ipv6. The duplicated table are postfixed with the "template" word to notify the developper the table is cloned. Signed-off-by:
-
Daniel Lezcano authored
The initialization of the sysctl for the ipv6 protocol is changed to a network namespace subsystem. That means when a new network namespace is created the initialization function for the sysctl will be called. That do not change the behavior of the sysctl in case of the kernel with the network namespace disabled. Signed-off-by:
-
Daniel Lezcano authored
Like the ipv4 part, this patch adds an ipv6 structure in the net structure to aggregate the different resources to make ipv6 per namespace. Signed-off-by:
-
Daniel Lezcano authored
This patch add a network namespace subsystem for the af_inet6 module. It does nothing right now, but one of its purpose is to receive the different variables for sysctl in order to initialize them. When the sysctl variable will be moved to the network namespace structure, they will be no longer initialized as global static variables, so we must find a place to initialize them. Because the sysctl can be disabled, it has no sense to store them in the sysctl_net_ipv6 file. Signed-off-by:
-
Daniel Lezcano authored
This patch makes the function ipv6_sysctl_register to return a value. The af_inet6 init function is now able to handle an error and catch it from the initialization of the sysctl. Signed-off-by:
-
Sebastian Siewior authored
and select the crypto subsystem if neccessary Signed-off-by:
Sebastian Siewior <sebastian@breakpoint.cc> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Rami Rosen authored
Remove two unused macros, INV_FLAG and SET_BITMASK from net/bridge/netfilter/ebt_vlan.c. Signed-off-by:
Rami Rosen <ramirose@gmail.com> Signed-off-by:
-
Pavel Emelyanov authored
The conntracks subsystem has a similar infrastructure to maintain ctl_paths, but since we already have it on the generic level, I think it's OK to switch to using it. So, basically, this patch just replaces the ctl_table-s with ctl_path-s, nf_register_sysctl_table with register_sysctl_paths() and removes no longer needed code. After this the net/netfilter/nf_sysctl.c file contains the paths only. Signed-off-by:
Pavel Emelyanov <xemul@openvz.org> Acked-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Pavel Emelyanov authored
This includes the most simple cases for netfilter. The first part is tne queue modules for ipv4 and ipv6, on which the net/ipv4/ and net/ipv6/ paths are reused from the appropriate ipv4 and ipv6 code. The conntrack module is also patched, but this hunk is very small and simple. Signed-off-by:
-
Pavel Emelyanov authored
This one is almost the same as the hunks in the first patch, but ax25 tables are created dynamically. So this patch differs a bit to handle this case. Signed-off-by:
-
Pavel Emelyanov authored
The decnet includes two places to patch. The first one is the net/decnet table itself, and it is patched just like other subsystems in the first patch in this series. The second place is a bit more complex - it is the net/decnet/conf/xxx entries,. similar to those in ipv4/devinet.c and ipv6/addrconf.c. This code is made similar to those in ipv[46]. Signed-off-by:
-
Pavel Emelyanov authored
The feature of ipvs ctls is that the net/ipv4/vs path is common for core ipvs ctls and for two schedulers, so I make it exported and re-use it in modules. Two other .c files required linux/sysctl.h to make the extern declaration of this path compile well. Signed-off-by:
Simon Horman <horms@verge.net.au> Signed-off-by:
-
Pavel Emelyanov authored
This patch includes many places, that only required replacing the ctl_table-s with appropriate ctl_paths and call register_sysctl_paths(). Nothing special was done with them. Signed-off-by:
-
Rami Rosen authored
- The DNAT (Destination NAT) is not implemented in IPV4. - This patch remove the code which checks these flags in net/ipv4/arp.c and net/ipv4/route.c. The RTCF_NAT and RTCF_NAT should stay in the header (linux/in_route.h) because they are used in DECnet. Signed-off-by:
-
