When I tryed the veth driver, I fall into a kernel oops.
qemu login: Oops: [#1]
Modules linked in:
CPU:0
EIP:0060:[]Not tainted VLI
EFLAGS: 0202 (2.6.23-rc6-g754f885d-dirty #33)
EIP is at __linkwatch_run_queue+0x6a/0x175
eax: c7fc9550 ebx: 6b6b6b6b ecx: c3360c80 edx: 0
From: Daniel Lezcano <[EMAIL PROTECTED]>
If the netif_carrier_off is called before register_netdev
that will use and generate an event for a non initialized network
device and that leads to a Oops.
I moved the netif_carrier_off from the setup function after each
register_netdev call.
Signed-off
From: Daniel Lezcano <[EMAIL PROTECTED]>
This patch replaces all occurences to the static variable
loopback_dev to a pointer loopback_dev. That provides the
mindless, trivial, uninteressting change part for the dynamic
allocation for the loopback.
Signed-off-by: Eric W. Biederman <[EMAIL PROTECTE
This patch allows to dynamically allocate the loopback
like an usual network device.
This global static variable loopback_dev has been replaced by a
netdev pointer and the init function does the usual allocation,
initialization and registering of the loopback.
This patchset is splitted in two par
From: Daniel Lezcano <[EMAIL PROTECTED]>
Doing this makes loopback.c a better example of how to do a
simple network device, and it removes the special case
single static allocation of a struct net_device, hopefully
making maintenance easier.
Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]>
Si
From: Daniel Lezcano <[EMAIL PROTECTED]>
When CONFIG_NET=no, init_net is unresolved because net_namespace.c
is not compiled and the include pull init_net definition.
This problem was very similar with the ipc namespace where the kernel
can be compiled with SYSV ipc out.
This patch fix that defin
fixes a compilation issue when allnoconfig is used.
- init_net is unresolved.
--
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Lezcano <[EMAIL PROTECTED]>
This patch fixes export symbol for:
xfrm_audit_policy_add
xfrm_audit_policy_delete
xfrm_audit_state_add
xfrm_audit_state_delete
That allows xfrm_user and af_key to be compiled as module
I didn't used EXPORT_SYMBOL_GPL to be
Fixes missing export symbols
--
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Lezcano <[EMAIL PROTECTED]>
The macro definition is bad. When calling next_net_device with
parameter name "dev", the resulting code is:
struct net_device *dev = dev and that leads to an unexpected
behavior. Especially when llc_core is compiled in, the kernel panics
at boot
From: Daniel Lezcano <[EMAIL PROTECTED]>
The core patchset of the network namespace sent by
Eric Biederman does not do dynamic loopback creation.
So there is no call to alloc_netdev_mq which fills the
network namespace field of the netdevice.
This patch assign the loopback to the init network na
From: Daniel Lezcano <[EMAIL PROTECTED]>
Add the appropriate EXPORT_SYMBOLS for proc_net_create,
proc_net_fops_create and proc_net_remove to fix errors when
compiling allmodconfig
Signed-off-by: Mark Nelson <[EMAIL PROTECTED]>
Acked-by: Benjamin Thery <[EMAIL PROTECTED]>
---
fs/proc/proc_net.c |
The following patches fixes some compilation errors and boot problems
related to the network namespace patchset.
They apply to net-2.6.24
--
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel
From: Daniel Lezcano <[EMAIL PROTECTED]>
Three fixes for Kconfigs.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
drivers/input/misc/Kconfig |2 +-
drivers/leds/Kconfig |2 +-
drivers/telephony/Kconfig |2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Index: net
Fixes for 3 typos in Kconfig files
--
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
When a socket is created it is sometime useful to store a specific information
for this socket.
This information can be for examples:
* a creation time
* a pid
* a uid/gid
* a container identifier
* a pointer to a more specific structure
* ...
The
From: Daniel Lezcano <[EMAIL PROTECTED]>
Store private information for a socket
This patch adds a field to the common socket structure. This field
is a anonymous pointer which allow to store an information about
the socket
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/net/inet_
From: Daniel Lezcano <[EMAIL PROTECTED]>
Doing this makes loopback.c a better example of how to do a
simple network device, and it removes the special case
single static allocation of a struct net_device, hopefully
making maintenance easier.
Applies against net-2.6.24
Tested on i386, x86_64
Comp
From: Daniel Lezcano <[EMAIL PROTECTED]>
New ioctl to "push" ifaddr to a container. Actually, the push is done
from the current namespace, so the right word is "pull". That will be
changed to move ifaddr from l2 network namespace to l3.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
incl
From: Daniel Lezcano <[EMAIL PROTECTED]>
For debug purpose only, this is not intended to be included.
Add /sys/kernel/debug/net_ns.
Creation of network namespace:
echo > /sys/kernel/debug/net_ns/start
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
fs/debugfs/Makefile |2
fs/debu
From: Daniel Lezcano <[EMAIL PROTECTED]>
When a packet is outgoing, the namespace source is stored
into the skbuff. Because it is the loopback address, the
source == destination, so when the packet is incoming, it
has already the namespace destination set into the packet.
Signed-off-by: Daniel Le
From: Daniel Lezcano <[EMAIL PROTECTED]>
When no source address is specified, search from the dev list the
ifaddr allowed to be used as source address.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/linux/net_namespace.h | 14
net/core/net_namespace.c | 68 +
From: Daniel Lezcano <[EMAIL PROTECTED]>
L3 namespace will use routes and devices belonging to its parent, so
the old network namespace structure is copied when allocating a new
one. By this way, hash value, dev list, routes are accessible from the
L3 namespaces. In case of L2 namespace, these val
From: Daniel Lezcano <[EMAIL PROTECTED]>
Check the bind address is allowed. It must match ifaddr assigned to
the namespace and all derivative addresses.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/linux/net_namespace.h |7 +
net/core/net_namespace.c | 54 +++
From: Daniel Lezcano <[EMAIL PROTECTED]>
ip and ifconfig commands will not show ip addr
not belonging to the current network namespace.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/linux/inetdevice.h |1 +
net/ipv4/devinet.c | 22 +-
2 files ch
From: Daniel Lezcano <[EMAIL PROTECTED]>
Add a specific condition when doing inet interface listing
in order to see always the loopback address.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/linux/net_namespace.h |9 +
net/core/net_namespace.c | 22 ++
From: Daniel Lezcano <[EMAIL PROTECTED]>
Broadcast packets should be delivered to l2 and all l3 childs
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/linux/net_namespace.h | 11 +++
net/core/net_namespace.c | 27 +++
net/ipv4/udp.c
From: Daniel Lezcano <[EMAIL PROTECTED]>
Switch to the the l3 namespace using the destination address.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/linux/net_namespace.h |7 +++
net/core/net_namespace.c | 35 +++
net/ipv4/ip_input.
From: Daniel Lezcano <[EMAIL PROTECTED]>
All L3 namespaces are the final nodes of the L2 namespaces
tree. Because their share some ressources coming from the L2
namespace. The L2 parent namespace should be stored into the L3 child
when it is created.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTE
This patchset provide a network isolation similar at what
Linux-Vserver provides. It is based on the L2 namespaces and relies on
the mechanisms provided by the namespace. This L3 namespaces does not
aim to bring full virtualization for the network, it provides an IP
isolation which can be reused fo
From: Daniel Lezcano <[EMAIL PROTECTED]>
Initialize the init's network namespace to level 2
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
net/core/net_namespace.c |1 +
1 file changed, 1 insertion(+)
Index: 2.6.20-rc4-mm1/net/core/net_namespace.c
===
This patch partially isolates ipv4 by adding the network namespace
structure in the structure sock, bind bucket and skbuf. When a socket
is created, the pointer to the network namespace is stored in the
struct sock and the socket belongs to the namespace by this way. That
allows to identify sockets
This patch adds to the nsproxy the network namespace and a set of
functions to unshare it. The network namespace structure should be
filled later with the identified network ressources needed for more
isolation.
Replace-Subject: [Network namespace] Network namespace structure
Signed-off-by: Daniel
The following patches create a private "network namespace" for use
within containers. This is intended for use with system containers
like vserver, but might also be useful for restricting individual
applications' access to the network stack.
These patches isolate traffic inside the network namesp
Adds to the network namespace a device list view. This view is emptied
when the unshare is done. The view is filled/emptied by a set of
function which can be called by an external module.
Replace-Subject: [Network namespace] Network device sharing by view
Signed-off-by: Daniel Lezcano <[EMAIL PROT
The dev list view is filled and used from here. The dev_base_list has
been replaced to the dev list view and devices can be accessed only if
the view has the device in its list. All calls from the userspace,
ioctls, netlinks and procfs, will use the network devices view instead
of the global networ
This patch is for testing purpose. It allows to read which network
devices are accessible and to add a network device to the view.
This RFC hack is purely for discussing the best way to do that.
After unsharing with CLONE_NEWNET flag:
--
To see which devices ar
The network isolation relies on the fact that an application can not
use IP addresses not belonging to the container in which it's
running. This patch isolates the inet device level by adding a
structure namespace pointer in the structure in_ifaddr. When an ip
address is set inside a network namesp
38 matches
Mail list logo
