Re: [PATCH 12/16] net: Support multiple network namespaces with netlink
From: [EMAIL PROTECTED] (Eric W. Biederman) Date: Sat, 08 Sep 2007 15:28:27 -0600 > > Each netlink socket will live in exactly one network namespace, > this includes the controlling kernel sockets. > > This patch updates all of the existing netlink protocols > to only support the initial network namespace. Request > by clients in other namespaces will get -ECONREFUSED. > As they would if the kernel did not have the support for > that netlink protocol compiled in. > > As each netlink protocol is updated to be multiple network > namespace safe it can register multiple kernel sockets > to acquire a presence in the rest of the network namespaces. > > The implementation in af_netlink is a simple filter implementation > at hash table insertion and hash table look up time. > > Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]> Applied to net-2.6.24, thanks. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 12/16] net: Support multiple network namespaces with netlink
Pavel Emelyanov <[EMAIL PROTECTED]> writes: > > Rr. This is the 5th or even the 6th patch that changes tens of files > but (!) most of these changes are just propagating some core thing into > protocols, drivers, etc. E.g. you add an argument to some function and > then make all the rest use it, but the chunk adding the argument itself > is buried in these changes. > > Why not make a reviewers' lifes easier and make (with hands) the core > hunks go first and the "propagation" ones at the end? For RFC purpose > I would even break the git-bisect safeness and splitted these patches > into 2 parts: those with the core and those with the propagation. Agreed, this is an issue for easy review. My apologies. I guess it was a failure in my imagination on how to prepare these patches for review, in a way that was both reviewer and preparer friendly. There is at least one /proc idiom change that needs to be made so I will keep this in mind for the resend. Eric - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 12/16] net: Support multiple network namespaces with netlink
Eric W. Biederman wrote: > Each netlink socket will live in exactly one network namespace, > this includes the controlling kernel sockets. > > This patch updates all of the existing netlink protocols > to only support the initial network namespace. Request > by clients in other namespaces will get -ECONREFUSED. > As they would if the kernel did not have the support for > that netlink protocol compiled in. > > As each netlink protocol is updated to be multiple network > namespace safe it can register multiple kernel sockets > to acquire a presence in the rest of the network namespaces. > > The implementation in af_netlink is a simple filter implementation > at hash table insertion and hash table look up time. > > Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]> > --- > drivers/connector/connector.c |2 +- > drivers/scsi/scsi_netlink.c |2 +- > drivers/scsi/scsi_transport_iscsi.c |2 +- > fs/ecryptfs/netlink.c |2 +- > include/linux/netlink.h |6 ++- > kernel/audit.c |4 +- > lib/kobject_uevent.c|5 +- > net/bridge/netfilter/ebt_ulog.c |5 +- > net/core/rtnetlink.c|4 +- > net/decnet/netfilter/dn_rtmsg.c |3 +- > net/ipv4/fib_frontend.c |4 +- > net/ipv4/inet_diag.c|4 +- > net/ipv4/netfilter/ip_queue.c |6 +- > net/ipv4/netfilter/ipt_ULOG.c |3 +- > net/ipv6/netfilter/ip6_queue.c |6 +- > net/netfilter/nfnetlink.c |2 +- > net/netfilter/nfnetlink_log.c |3 +- > net/netfilter/nfnetlink_queue.c |3 +- > net/netlink/af_netlink.c| 106 > ++- > net/netlink/genetlink.c |4 +- > net/xfrm/xfrm_user.c|2 +- > security/selinux/netlink.c |5 +- > 22 files changed, 122 insertions(+), 61 deletions(-) Rr. This is the 5th or even the 6th patch that changes tens of files but (!) most of these changes are just propagating some core thing into protocols, drivers, etc. E.g. you add an argument to some function and then make all the rest use it, but the chunk adding the argument itself is buried in these changes. Why not make a reviewers' lifes easier and make (with hands) the core hunks go first and the "propagation" ones at the end? For RFC purpose I would even break the git-bisect safeness and splitted these patches into 2 parts: those with the core and those with the propagation. Thanks, Pavel - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 12/16] net: Support multiple network namespaces with netlink
Each netlink socket will live in exactly one network namespace,
this includes the controlling kernel sockets.
This patch updates all of the existing netlink protocols
to only support the initial network namespace. Request
by clients in other namespaces will get -ECONREFUSED.
As they would if the kernel did not have the support for
that netlink protocol compiled in.
As each netlink protocol is updated to be multiple network
namespace safe it can register multiple kernel sockets
to acquire a presence in the rest of the network namespaces.
The implementation in af_netlink is a simple filter implementation
at hash table insertion and hash table look up time.
Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]>
---
drivers/connector/connector.c |2 +-
drivers/scsi/scsi_netlink.c |2 +-
drivers/scsi/scsi_transport_iscsi.c |2 +-
fs/ecryptfs/netlink.c |2 +-
include/linux/netlink.h |6 ++-
kernel/audit.c |4 +-
lib/kobject_uevent.c|5 +-
net/bridge/netfilter/ebt_ulog.c |5 +-
net/core/rtnetlink.c|4 +-
net/decnet/netfilter/dn_rtmsg.c |3 +-
net/ipv4/fib_frontend.c |4 +-
net/ipv4/inet_diag.c|4 +-
net/ipv4/netfilter/ip_queue.c |6 +-
net/ipv4/netfilter/ipt_ULOG.c |3 +-
net/ipv6/netfilter/ip6_queue.c |6 +-
net/netfilter/nfnetlink.c |2 +-
net/netfilter/nfnetlink_log.c |3 +-
net/netfilter/nfnetlink_queue.c |3 +-
net/netlink/af_netlink.c| 106 ++-
net/netlink/genetlink.c |4 +-
net/xfrm/xfrm_user.c|2 +-
security/selinux/netlink.c |5 +-
22 files changed, 122 insertions(+), 61 deletions(-)
diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index a7b9e9b..5690709 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -446,7 +446,7 @@ static int __devinit cn_init(void)
dev->id.idx = cn_idx;
dev->id.val = cn_val;
- dev->nls = netlink_kernel_create(NETLINK_CONNECTOR,
+ dev->nls = netlink_kernel_create(&init_net, NETLINK_CONNECTOR,
CN_NETLINK_USERS + 0xf,
dev->input, NULL, THIS_MODULE);
if (!dev->nls)
diff --git a/drivers/scsi/scsi_netlink.c b/drivers/scsi/scsi_netlink.c
index 4bf9aa5..163acf6 100644
--- a/drivers/scsi/scsi_netlink.c
+++ b/drivers/scsi/scsi_netlink.c
@@ -167,7 +167,7 @@ scsi_netlink_init(void)
return;
}
- scsi_nl_sock = netlink_kernel_create(NETLINK_SCSITRANSPORT,
+ scsi_nl_sock = netlink_kernel_create(&init_net, NETLINK_SCSITRANSPORT,
SCSI_NL_GRP_CNT, scsi_nl_rcv, NULL,
THIS_MODULE);
if (!scsi_nl_sock) {
diff --git a/drivers/scsi/scsi_transport_iscsi.c
b/drivers/scsi/scsi_transport_iscsi.c
index 34c1860..4916f01 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -1523,7 +1523,7 @@ static __init int iscsi_transport_init(void)
if (err)
goto unregister_conn_class;
- nls = netlink_kernel_create(NETLINK_ISCSI, 1, iscsi_if_rx, NULL,
+ nls = netlink_kernel_create(&init_net, NETLINK_ISCSI, 1, iscsi_if_rx,
NULL,
THIS_MODULE);
if (!nls) {
err = -ENOBUFS;
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c
index fe91863..056519c 100644
--- a/fs/ecryptfs/netlink.c
+++ b/fs/ecryptfs/netlink.c
@@ -227,7 +227,7 @@ int ecryptfs_init_netlink(void)
{
int rc;
- ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0,
+ ecryptfs_nl_sock = netlink_kernel_create(&init_net, NETLINK_ECRYPTFS, 0,
ecryptfs_receive_nl_message,
NULL, THIS_MODULE);
if (!ecryptfs_nl_sock) {
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index 83d8239..d2843ae 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -27,6 +27,8 @@
#define MAX_LINKS 32
+struct net;
+
struct sockaddr_nl
{
sa_family_t nl_family; /* AF_NETLINK */
@@ -157,7 +159,8 @@ struct netlink_skb_parms
#define NETLINK_CREDS(skb) (&NETLINK_CB((skb)).creds)
-extern struct sock *netlink_kernel_create(int unit, unsigned int groups,
+extern struct sock *netlink_kernel_create(struct net *net,
+ int unit,unsigned int groups,
void (*input)(struct sock *sk, int
len),
struct mutex *cb_mutex,
struct module *module);
@@ -206,6 +209,7 @@ struct netlink_callback
struct netlink
