-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnet_namespace.h
executable file
·366 lines (311 loc) · 9.41 KB
/
net_namespace.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
/*
* Operations on the network namespace
*/
#ifndef __NET_NET_NAMESPACE_H
#define __NET_NET_NAMESPACE_H
#include <asm/atomic.h>
#include <linux/workqueue.h>
#include <linux/list.h>
#include <net/netns/core.h>
#include <net/netns/mib.h>
#include <net/netns/unix.h>
#include <net/netns/packet.h>
#include <net/netns/ipv4.h>
#include <net/netns/ipv6.h>
#include <net/netns/dccp.h>
#include <net/netns/x_tables.h>
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#include <net/netns/conntrack.h>
#endif
#include <net/netns/xfrm.h>
/*struct proc_dir_entry;
struct net_device;
struct sock;
struct ctl_table_header;
struct net_generic;
struct sock;
*/
#define NETDEV_HASHBITS 8
#define NETDEV_HASHENTRIES (1 << NETDEV_HASHBITS)
struct neAAt {
atomic_t count; /* To decided when the network
* namespace should be freed.
*/
#ifdef NETNS_REFCNT_DEBUG
atomic_t use_count; /* To track references we
* destroy on demand
*/
#endif
struct list_head list; /* list of network namespaces */
struct list_head cleanup_list; /* namespaces on death row */
struct list_head exit_list; /* Use only net_mutex */
struct proc_dir_entry *proc_net;
struct proc_dir_entry *proc_net_stat;
#ifdef CONFIG_SYSCTL
struct ctl_table_set sysctls;
#endif
struct net_device *loopback_dev; /* The loopback */
struct list_head dev_base_head;
struct hlist_head *dev_name_head; //dev name链表,查找dev的时候可以根据eth0做键值找 struct net_dev
struct hlist_head *dev_index_head; //dev索引号,创建dev的时候,都会有一个,不会重复
/* core fib_rules */
struct list_head rules_ops;
spinlock_t rules_mod_lock;
struct sock *rtnl; /* rtnetlink socket */
struct sock *genl_sock;
struct netns_core core;
struct netns_mib mib;
struct netns_packet packet;
struct netns_unix unx;
struct netns_ipv4 ipv4;
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
struct netns_ipv6 ipv6;
#endif
#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
struct netns_dccp dccp;
#endif
#ifdef CONFIG_NETFILTER
struct netns_xt xt;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
struct netns_ct ct;
#endif
struct sock *nfnl;
struct sock *nfnl_stash;
#endif
#ifdef CONFIG_XFRM
struct netns_xfrm xfrm;
#endif
#ifdef CONFIG_WEXT_CORE
struct sk_buff_head wext_nlevents;
#endif
struct net_generic *gen;
};
struct proc_dir_entry;
struct net_device;
struct sock;
struct ctl_table_header;
struct net_generic;
struct sock;
//可以通过sock_net(skb->sk);获取
struct net {
/* 用于判断何时释放网络命名空间
在使用特定的net实例前后,需要分别调用
辅助函数get_net和put_net
*/
atomic_t count; /* To decided when the network
* namespace should be freed.
*/
#ifdef NETNS_REFCNT_DEBUG
atomic_t use_count; /* To track references we
* destroy on demand
*/
#endif
/* 网络命名空间的链接 */
struct list_head list; /* list of network namespaces */
struct work_struct work; /* work struct for freeing */
/* 由于每个命名空间都包含不同的网络设备,
* 这必然会反映到procfs的内容上。
* 各命名空间的处理需要三个数据项:
* /proc/net由proc_net表示,而/proc/net/stat由proc_net_stats
* 表示,proc_net_root(现在已不用)指向当前命名空间的procfs实例
* 的根节点,即/proc
*/
struct proc_dir_entry *proc_net;
struct proc_dir_entry *proc_net_stat;
#ifdef CONFIG_SYSCTL
struct ctl_table_set sysctls;
#endif
/* 环回接口设备*/
struct net_device *loopback_dev; /* The loopback */
/* 与特定命名空间关联的所有设备都保存在
* 一个双向链表上,表头为dev_base_head
*/ //所有的net_device都添加到该链表中
//struct net_device会添加到struct net的下面的dev_base_head链表中,同时散列到dev_name_head和dev_index_head中,见樊东东上P72
//通过list_netdevice添加到该链表和下面的hash表中
//dev_getbyhwaddr __dev_getfirstbyhwtype dev_get_by_flags 通过for_each_netdev变量dev_base_head链表
struct list_head dev_base_head; //见list_netdevice 一般基于MAC地址或者设备类型就用该链表查找,基于接口名或者索引使用下面两个查找
/*
* 将设备名作为散列键的链表
*///dev_get_by_name
struct hlist_head *dev_name_head;//dev name链表,查找dev的时候可以根据eth0做键值找 struct net_dev
/*
* 将接口索引用作散列键
*///dev_get_by_index
struct hlist_head *dev_index_head;//dev索引号,创建dev的时候,都会有一个,不会重复
/* core fib_rules */
struct list_head rules_ops;
spinlock_t rules_mod_lock;
struct sock *rtnl; /* rtnetlink socket */
struct sock *genl_sock;
struct netns_core core;
struct netns_mib mib;
struct netns_packet packet;
struct netns_unix unx;
struct netns_ipv4 ipv4;
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
struct netns_ipv6 ipv6;
#endif
#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
struct netns_dccp dccp;
#endif
#ifdef CONFIG_NETFILTER
struct netns_xt xt;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
struct netns_ct ct;
#endif
#endif
#ifdef CONFIG_XFRM
struct netns_xfrm xfrm;
#endif
#ifdef CONFIG_WIRELESS_EXT
struct sk_buff_head wext_nlevents;
#endif
struct net_generic *gen;
};
#include <linux/seq_file_net.h>
/* Init's network namespace */
extern struct net init_net;
#ifdef CONFIG_NET
extern struct net *copy_net_ns(unsigned long flags, struct net *net_ns);
#else /* CONFIG_NET */
static inline struct net *copy_net_ns(unsigned long flags, struct net *net_ns)
{
/* There is nothing to copy so this is a noop */
return net_ns;
}
#endif /* CONFIG_NET */
extern struct list_head net_namespace_list;//init_net有加到该链表中
extern struct net *get_net_ns_by_pid(pid_t pid);
#ifdef CONFIG_NET_NS
extern void __put_net(struct net *net);
static inline struct net *get_net(struct net *net)
{
atomic_inc(&net->count);
return net;
}
static inline struct net *maybe_get_net(struct net *net)
{
/* Used when we know struct net exists but we
* aren't guaranteed a previous reference count
* exists. If the reference count is zero this
* function fails and returns NULL.
*/
if (!atomic_inc_not_zero(&net->count))
net = NULL;
return net;
}
static inline void put_net(struct net *net)
{
if (atomic_dec_and_test(&net->count))
__put_net(net);
}
static inline
int net_eq(const struct net *net1, const struct net *net2)
{
return net1 == net2;
}
#else
static inline struct net *get_net(struct net *net)
{
return net;
}
static inline void put_net(struct net *net)
{
}
static inline struct net *maybe_get_net(struct net *net)
{
return net;
}
static inline
int net_eq(const struct net *net1, const struct net *net2)
{
return 1;
}
#endif
#ifdef NETNS_REFCNT_DEBUG
static inline struct net *hold_net(struct net *net)
{
if (net)
atomic_inc(&net->use_count);
return net;
}
static inline void release_net(struct net *net)
{
if (net)
atomic_dec(&net->use_count);
}
#else
static inline struct net *hold_net(struct net *net)
{
return net;
}
static inline void release_net(struct net *net)
{
}
#endif
#ifdef CONFIG_NET_NS
static inline void write_pnet(struct net **pnet, struct net *net)
{
*pnet = net;
}
static inline struct net *read_pnet(struct net * const *pnet)
{
return *pnet;
}
#else
#define write_pnet(pnet, net) do { (void)(net);} while (0)
#define read_pnet(pnet) (&init_net)
#endif
#define for_each_net(VAR) \
list_for_each_entry(VAR, &net_namespace_list, list)
#define for_each_net_rcu(VAR) \
list_for_each_entry_rcu(VAR, &net_namespace_list, list)
#ifdef CONFIG_NET_NS
#define __net_init
#define __net_exit
#define __net_initdata
#else
#define __net_init __init
#define __net_exit __exit_refok
#define __net_initdata __initdata
#endif
struct pernet_operations {
struct list_head list;
int (*init)(struct net *net);
void (*exit)(struct net *net);
void (*exit_batch)(struct list_head *net_exit_list);
int *id;
size_t size;
};
/*
* Use these carefully. If you implement a network device and it
* needs per network namespace operations use device pernet operations,
* otherwise use pernet subsys operations.
*
* Network interfaces need to be removed from a dying netns _before_
* subsys notifiers can be called, as most of the network code cleanup
* (which is done from subsys notifiers) runs with the assumption that
* dev_remove_pack has been called so no new packets will arrive during
* and after the cleanup functions have been called. dev_remove_pack
* is not per namespace so instead the guarantee of no more packets
* arriving in a network namespace is provided by ensuring that all
* network devices and all sockets have left the network namespace
* before the cleanup methods are called.
*
* For the longest time the ipv4 icmp code was registered as a pernet
* device which caused kernel oops, and panics during network
* namespace cleanup. So please don't get this wrong.
*/
extern int register_pernet_subsys(struct pernet_operations *);
extern void unregister_pernet_subsys(struct pernet_operations *);
extern int register_pernet_device(struct pernet_operations *);
extern void unregister_pernet_device(struct pernet_operations *);
struct ctl_path;
struct ctl_table;
struct ctl_table_header;
extern struct ctl_table_header *register_net_sysctl_table(struct net *net,
const struct ctl_path *path, struct ctl_table *table);
extern struct ctl_table_header *register_net_sysctl_rotable(
const struct ctl_path *path, struct ctl_table *table);
extern void unregister_net_sysctl_table(struct ctl_table_header *header);
#endif /* __NET_NET_NAMESPACE_H */