From: Kirill Gorkunov <[email protected]> We already have similar control in ipv4 so we should cover the ipv6 as well. Note the main reason is to allow node operator to control containers features because this module prevents container checkpoint and restore procedure.
https://jira.sw.ru/browse/PSBM-84241 Signed-off-by: Cyrill Gorcunov <[email protected]> Rebased to vz8: - Use net_generic_free instead of net_assign_generic to reclaim memory (cherry-picked from 184fe365300bd7be17137022b879f42a241f0aa2) Signed-off-by: Andrey Zhadchenko <[email protected]> diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index c29f3f2..3581d7b 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -59,6 +59,9 @@ #include <net/netns/generic.h> #include <net/dst_metadata.h> +#include <uapi/linux/vzcalluser.h> +#include <linux/ve.h> + MODULE_AUTHOR("Ville Nuorvala"); MODULE_DESCRIPTION("IPv6 tunneling device"); MODULE_LICENSE("GPL"); @@ -148,6 +151,11 @@ static struct net_device_stats *ip6_get_stats(struct net_device *dev) struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); struct in6_addr any; +#if CONFIG_VE + if (!ip6n) /* no VE_FEATURE_IPIP */ + return NULL; +#endif + for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { if (!ipv6_addr_equal(local, &t->parms.laddr) || !ipv6_addr_equal(remote, &t->parms.raddr) || @@ -2032,6 +2040,11 @@ static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev, struct ip6_tnl *nt, *t; int err; +#ifdef CONFIG_VE + if (net_generic(dev_net(dev), ip6_tnl_net_id) == NULL) + return -EACCES; +#endif + nt = netdev_priv(dev); if (ip6_tnl_netlink_encap_parms(data, &ipencap)) { @@ -2225,6 +2238,11 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct net *net, struct list_head int h; struct ip6_tnl *t; +#ifdef CONFIG_VE + if (!ip6n) /* no VE_FEATURE_IPIP */ + return; +#endif + for_each_netdev_safe(net, dev, aux) if (dev->rtnl_link_ops == &ip6_link_ops) unregister_netdevice_queue(dev, list); @@ -2248,6 +2266,13 @@ static int __net_init ip6_tnl_init_net(struct net *net) struct ip6_tnl *t = NULL; int err; +#ifdef CONFIG_VE + if (!(net->owner_ve->features & VE_FEATURE_IPIP)) { + net_generic_free(net, ip6_tnl_net_id); + return 0; + } +#endif + ip6n->tnls[0] = ip6n->tnls_wc; ip6n->tnls[1] = ip6n->tnls_r_l; -- 1.8.3.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
