When I tryed the veth driver, I fall into a kernel oops.
qemu login: Oops: [#1]
Modules linked in:
CPU:0
EIP:0060:[c0265c9e]Not tainted VLI
EFLAGS: 0202 (2.6.23-rc6-g754f885d-dirty #33)
EIP is at __linkwatch_run_queue+0x6a/0x175
eax: c7fc9550 ebx: 6b6b6b6b ecx: c3360c80
This patch allows to dynamically allocate the loopback
like an usual network device.
This global static variable loopback_dev has been replaced by a
netdev pointer and the init function does the usual allocation,
initialization and registering of the loopback.
This patchset is splitted in two
From: Daniel Lezcano [EMAIL PROTECTED]
Doing this makes loopback.c a better example of how to do a
simple network device, and it removes the special case
single static allocation of a struct net_device, hopefully
making maintenance easier.
Signed-off-by: Eric W. Biederman [EMAIL PROTECTED]
From: Daniel Lezcano [EMAIL PROTECTED]
This patch replaces all occurences to the static variable
loopback_dev to a pointer loopback_dev. That provides the
mindless, trivial, uninteressting change part for the dynamic
allocation for the loopback.
Signed-off-by: Eric W. Biederman [EMAIL PROTECTED]
fixes a compilation issue when allnoconfig is used.
- init_net is unresolved.
--
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Lezcano [EMAIL PROTECTED]
When CONFIG_NET=no, init_net is unresolved because net_namespace.c
is not compiled and the include pull init_net definition.
This problem was very similar with the ipc namespace where the kernel
can be compiled with SYSV ipc out.
This patch fix that
The following patches fixes some compilation errors and boot problems
related to the network namespace patchset.
They apply to net-2.6.24
--
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at
From: Daniel Lezcano [EMAIL PROTECTED]
The macro definition is bad. When calling next_net_device with
parameter name dev, the resulting code is:
struct net_device *dev = dev and that leads to an unexpected
behavior. Especially when llc_core is compiled in, the kernel panics
at boot
From: Daniel Lezcano [EMAIL PROTECTED]
The core patchset of the network namespace sent by
Eric Biederman does not do dynamic loopback creation.
So there is no call to alloc_netdev_mq which fills the
network namespace field of the netdevice.
This patch assign the loopback to the init network
From: Daniel Lezcano [EMAIL PROTECTED]
Add the appropriate EXPORT_SYMBOLS for proc_net_create,
proc_net_fops_create and proc_net_remove to fix errors when
compiling allmodconfig
Signed-off-by: Mark Nelson [EMAIL PROTECTED]
Acked-by: Benjamin Thery [EMAIL PROTECTED]
---
fs/proc/proc_net.c |4
Fixes missing export symbols
--
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Lezcano [EMAIL PROTECTED]
This patch fixes export symbol for:
xfrm_audit_policy_add
xfrm_audit_policy_delete
xfrm_audit_state_add
xfrm_audit_state_delete
That allows xfrm_user and af_key to be compiled as module
I didn't used EXPORT_SYMBOL_GPL to be
Fixes for 3 typos in Kconfig files
--
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Lezcano [EMAIL PROTECTED]
Three fixes for Kconfigs.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
drivers/input/misc/Kconfig |2 +-
drivers/leds/Kconfig |2 +-
drivers/telephony/Kconfig |2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Index:
From: Daniel Lezcano [EMAIL PROTECTED]
Store private information for a socket
This patch adds a field to the common socket structure. This field
is a anonymous pointer which allow to store an information about
the socket
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
When a socket is created it is sometime useful to store a specific information
for this socket.
This information can be for examples:
* a creation time
* a pid
* a uid/gid
* a container identifier
* a pointer to a more specific structure
* ...
From: Daniel Lezcano [EMAIL PROTECTED]
Doing this makes loopback.c a better example of how to do a
simple network device, and it removes the special case
single static allocation of a struct net_device, hopefully
making maintenance easier.
Applies against net-2.6.24
Tested on i386, x86_64
From: Daniel Lezcano [EMAIL PROTECTED]
Initialize the init's network namespace to level 2
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
net/core/net_namespace.c |1 +
1 file changed, 1 insertion(+)
Index: 2.6.20-rc4-mm1/net/core/net_namespace.c
This patchset provide a network isolation similar at what
Linux-Vserver provides. It is based on the L2 namespaces and relies on
the mechanisms provided by the namespace. This L3 namespaces does not
aim to bring full virtualization for the network, it provides an IP
isolation which can be reused
From: Daniel Lezcano [EMAIL PROTECTED]
All L3 namespaces are the final nodes of the L2 namespaces
tree. Because their share some ressources coming from the L2
namespace. The L2 parent namespace should be stored into the L3 child
when it is created.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
From: Daniel Lezcano [EMAIL PROTECTED]
Broadcast packets should be delivered to l2 and all l3 childs
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
include/linux/net_namespace.h | 11 +++
net/core/net_namespace.c | 27 +++
net/ipv4/udp.c
From: Daniel Lezcano [EMAIL PROTECTED]
Switch to the the l3 namespace using the destination address.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
include/linux/net_namespace.h |7 +++
net/core/net_namespace.c | 35 +++
net/ipv4/ip_input.c
From: Daniel Lezcano [EMAIL PROTECTED]
Add a specific condition when doing inet interface listing
in order to see always the loopback address.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
include/linux/net_namespace.h |9 +
net/core/net_namespace.c | 22
From: Daniel Lezcano [EMAIL PROTECTED]
L3 namespace will use routes and devices belonging to its parent, so
the old network namespace structure is copied when allocating a new
one. By this way, hash value, dev list, routes are accessible from the
L3 namespaces. In case of L2 namespace, these
From: Daniel Lezcano [EMAIL PROTECTED]
Check the bind address is allowed. It must match ifaddr assigned to
the namespace and all derivative addresses.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
include/linux/net_namespace.h |7 +
net/core/net_namespace.c | 54
From: Daniel Lezcano [EMAIL PROTECTED]
When no source address is specified, search from the dev list the
ifaddr allowed to be used as source address.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
include/linux/net_namespace.h | 14
net/core/net_namespace.c | 68
From: Daniel Lezcano [EMAIL PROTECTED]
When a packet is outgoing, the namespace source is stored
into the skbuff. Because it is the loopback address, the
source == destination, so when the packet is incoming, it
has already the namespace destination set into the packet.
Signed-off-by: Daniel
From: Daniel Lezcano [EMAIL PROTECTED]
New ioctl to push ifaddr to a container. Actually, the push is done
from the current namespace, so the right word is pull. That will be
changed to move ifaddr from l2 network namespace to l3.
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
From: Daniel Lezcano [EMAIL PROTECTED]
For debug purpose only, this is not intended to be included.
Add /sys/kernel/debug/net_ns.
Creation of network namespace:
echo level /sys/kernel/debug/net_ns/start
Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
---
fs/debugfs/Makefile |2
The network isolation relies on the fact that an application can not
use IP addresses not belonging to the container in which it's
running. This patch isolates the inet device level by adding a
structure namespace pointer in the structure in_ifaddr. When an ip
address is set inside a network
Adds to the network namespace a device list view. This view is emptied
when the unshare is done. The view is filled/emptied by a set of
function which can be called by an external module.
Replace-Subject: [Network namespace] Network device sharing by view
Signed-off-by: Daniel Lezcano [EMAIL
The dev list view is filled and used from here. The dev_base_list has
been replaced to the dev list view and devices can be accessed only if
the view has the device in its list. All calls from the userspace,
ioctls, netlinks and procfs, will use the network devices view instead
of the global
This patch is for testing purpose. It allows to read which network
devices are accessible and to add a network device to the view.
This RFC hack is purely for discussing the best way to do that.
After unsharing with CLONE_NEWNET flag:
--
To see which devices
This patch partially isolates ipv4 by adding the network namespace
structure in the structure sock, bind bucket and skbuf. When a socket
is created, the pointer to the network namespace is stored in the
struct sock and the socket belongs to the namespace by this way. That
allows to identify
This patch adds to the nsproxy the network namespace and a set of
functions to unshare it. The network namespace structure should be
filled later with the identified network ressources needed for more
isolation.
Replace-Subject: [Network namespace] Network namespace structure
Signed-off-by:
The following patches create a private network namespace for use
within containers. This is intended for use with system containers
like vserver, but might also be useful for restricting individual
applications' access to the network stack.
These patches isolate traffic inside the network
36 matches
Mail list logo
