Commit 6ef848ef authored by David S. Miller's avatar David S. Miller

Merge branch 'rtnetlink-add-IFA_TARGET_NETNSID-for-RTM_GETADDR'

Christian Brauner says:

====================
rtnetlink: add IFA_TARGET_NETNSID for RTM_GETADDR

This iteration should mainly addresses the suggestion to use
IFA_TARGET_NETNSID as the property name. Additionally, an an alias for
the already existing IFLA_IF_NETNSID property is added.

Note that two additional cleanup patches (8\9 and 9\9) were added to
address concerns raised that passing more than 6 arguments to a function
will cause additional variables to be pushed onto the stack instead of
being placed into registers. The way I addressed this is by introducing
two new struct inet{6}_fill_args that are used to pass common
information down to inet{6}_fill_if*() functions shortening all those
functions to three pointer arguments.
If this is something more people than Kirill find useful they can be
kept if not they can simply be dropped in later iterations of this
series or when merging.

Here is a short overview:
1. Rename from IFA_IF_NETNSID to IFA_TARGET_NETNSID.
2. Add IFLA_TARGET_NETNSID as an alias for IFA_IFLA_NETNSID and switch
   all occurrences over to the new alias.
3. Add inet4_fill_args struct to avoid passing more than 6 arguments in
   inet_fill_if*() functions.
4. Add inet6_fill_args struct to avoid passing more than 6 arguments in
   inet_fill_if*() functions.

The only functional change is the export of rtnl_get_net_ns_capable()
which is needed in case ipv6 is built as a module.

Note, I did not change the property name to IFA_TARGET_NSID as there was
no clear agreement what would be preferred. My personal preference is to
keep the IFA_IF_NETNSID name because it aligns naturally with the
IFLA_IF_NETNSID property for RTM_*LINK requests. Jiri seems to prefer
this name too.
However, if there is agreement that another property name makes more
sense I'm happy to send a v2 that changes this.

To test this patchset I performed 1 million getifaddrs() requests
against a network namespace containing 5 interfaces (lo, eth{0-4}). The
first test used a network namespace aware getifaddrs() implementation I
wrote and the second test used the traditional setns() + getifaddrs()
method. The results show that this patchsets allows userspace to cut
retrieval time in half:
1. netns_getifaddrs():      82 microseconds
2. setns() + getifaddrs(): 162 microseconds

A while back we introduced and enabled IFLA_IF_NETNSID in
RTM_{DEL,GET,NEW}LINK requests (cf. [1], [2], [3], [4], [5]). This has led
to signficant performance increases since it allows userspace to avoid
taking the hit of a setns(netns_fd, CLONE_NEWNET), then getting the
interfaces from the netns associated with the netns_fd. Especially when a
lot of network namespaces are in use, using setns() becomes increasingly
problematic when performance matters.
Usually, RTML_GETLINK requests are followed by RTM_GETADDR requests (cf.
getifaddrs() style functions and friends). But currently, RTM_GETADDR
requests do not support a similar property like IFLA_IF_NETNSID for
RTM_*LINK requests.
This is problematic since userspace can retrieve interfaces from another
network namespace by sending a IFLA_IF_NETNSID property along but
RTM_GETLINK request but is still forced to use the legacy setns() style of
retrieving interfaces in RTM_GETADDR requests.

The goal of this series is to make it possible to perform RTM_GETADDR
requests on different network namespaces. To this end a new IFA_IF_NETNSID
property for RTM_*ADDR requests is introduced. It can be used to send a
network namespace identifier along in RTM_*ADDR requests.  The network
namespace identifier will be used to retrieve the target network namespace
in which the request is supposed to be fulfilled.  This aligns the behavior
of RTM_*ADDR requests with the behavior of RTM_*LINK requests.

- The caller must have assigned a valid network namespace identifier for
  the target network namespace.
- The caller must have CAP_NET_ADMIN in the owning user namespace of the
  target network namespace.

[1]: commit 7973bfd8 ("rtnetlink: remove check for IFLA_IF_NETNSID")
[2]: commit 5bb8ed07 ("rtnetlink: enable IFLA_IF_NETNSID for RTM_NEWLINK")
[3]: commit b61ad68a ("rtnetlink: enable IFLA_IF_NETNSID for RTM_DELLINK")
[4]: commit c310bfcb ("rtnetlink: enable IFLA_IF_NETNSID for RTM_SETLINK")
[5]: commit 7c4f63ba ("rtnetlink: enable IFLA_IF_NETNSID in do_setlink()")
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents d4cc5976 203651b6
...@@ -165,6 +165,7 @@ int rtnl_configure_link(struct net_device *dev, const struct ifinfomsg *ifm); ...@@ -165,6 +165,7 @@ int rtnl_configure_link(struct net_device *dev, const struct ifinfomsg *ifm);
int rtnl_nla_parse_ifla(struct nlattr **tb, const struct nlattr *head, int len, int rtnl_nla_parse_ifla(struct nlattr **tb, const struct nlattr *head, int len,
struct netlink_ext_ack *exterr); struct netlink_ext_ack *exterr);
struct net *rtnl_get_net_ns_capable(struct sock *sk, int netnsid);
#define MODULE_ALIAS_RTNL_LINK(kind) MODULE_ALIAS("rtnl-link-" kind) #define MODULE_ALIAS_RTNL_LINK(kind) MODULE_ALIAS("rtnl-link-" kind)
......
...@@ -34,6 +34,7 @@ enum { ...@@ -34,6 +34,7 @@ enum {
IFA_MULTICAST, IFA_MULTICAST,
IFA_FLAGS, IFA_FLAGS,
IFA_RT_PRIORITY, /* u32, priority/metric for prefix route */ IFA_RT_PRIORITY, /* u32, priority/metric for prefix route */
IFA_TARGET_NETNSID,
__IFA_MAX, __IFA_MAX,
}; };
......
...@@ -161,6 +161,7 @@ enum { ...@@ -161,6 +161,7 @@ enum {
IFLA_EVENT, IFLA_EVENT,
IFLA_NEW_NETNSID, IFLA_NEW_NETNSID,
IFLA_IF_NETNSID, IFLA_IF_NETNSID,
IFLA_TARGET_NETNSID = IFLA_IF_NETNSID, /* new alias */
IFLA_CARRIER_UP_COUNT, IFLA_CARRIER_UP_COUNT,
IFLA_CARRIER_DOWN_COUNT, IFLA_CARRIER_DOWN_COUNT,
IFLA_NEW_IFINDEX, IFLA_NEW_IFINDEX,
......
...@@ -1016,7 +1016,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev, ...@@ -1016,7 +1016,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev,
+ nla_total_size(4) /* IFLA_NEW_NETNSID */ + nla_total_size(4) /* IFLA_NEW_NETNSID */
+ nla_total_size(4) /* IFLA_NEW_IFINDEX */ + nla_total_size(4) /* IFLA_NEW_IFINDEX */
+ nla_total_size(1) /* IFLA_PROTO_DOWN */ + nla_total_size(1) /* IFLA_PROTO_DOWN */
+ nla_total_size(4) /* IFLA_IF_NETNSID */ + nla_total_size(4) /* IFLA_TARGET_NETNSID */
+ nla_total_size(4) /* IFLA_CARRIER_UP_COUNT */ + nla_total_size(4) /* IFLA_CARRIER_UP_COUNT */
+ nla_total_size(4) /* IFLA_CARRIER_DOWN_COUNT */ + nla_total_size(4) /* IFLA_CARRIER_DOWN_COUNT */
+ nla_total_size(4) /* IFLA_MIN_MTU */ + nla_total_size(4) /* IFLA_MIN_MTU */
...@@ -1598,7 +1598,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, ...@@ -1598,7 +1598,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
ifm->ifi_flags = dev_get_flags(dev); ifm->ifi_flags = dev_get_flags(dev);
ifm->ifi_change = change; ifm->ifi_change = change;
if (tgt_netnsid >= 0 && nla_put_s32(skb, IFLA_IF_NETNSID, tgt_netnsid)) if (tgt_netnsid >= 0 && nla_put_s32(skb, IFLA_TARGET_NETNSID, tgt_netnsid))
goto nla_put_failure; goto nla_put_failure;
if (nla_put_string(skb, IFLA_IFNAME, dev->name) || if (nla_put_string(skb, IFLA_IFNAME, dev->name) ||
...@@ -1737,7 +1737,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { ...@@ -1737,7 +1737,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
[IFLA_XDP] = { .type = NLA_NESTED }, [IFLA_XDP] = { .type = NLA_NESTED },
[IFLA_EVENT] = { .type = NLA_U32 }, [IFLA_EVENT] = { .type = NLA_U32 },
[IFLA_GROUP] = { .type = NLA_U32 }, [IFLA_GROUP] = { .type = NLA_U32 },
[IFLA_IF_NETNSID] = { .type = NLA_S32 }, [IFLA_TARGET_NETNSID] = { .type = NLA_S32 },
[IFLA_CARRIER_UP_COUNT] = { .type = NLA_U32 }, [IFLA_CARRIER_UP_COUNT] = { .type = NLA_U32 },
[IFLA_CARRIER_DOWN_COUNT] = { .type = NLA_U32 }, [IFLA_CARRIER_DOWN_COUNT] = { .type = NLA_U32 },
[IFLA_MIN_MTU] = { .type = NLA_U32 }, [IFLA_MIN_MTU] = { .type = NLA_U32 },
...@@ -1845,7 +1845,15 @@ static bool link_dump_filtered(struct net_device *dev, ...@@ -1845,7 +1845,15 @@ static bool link_dump_filtered(struct net_device *dev,
return false; return false;
} }
static struct net *get_target_net(struct sock *sk, int netnsid) /**
* rtnl_get_net_ns_capable - Get netns if sufficiently privileged.
* @sk: netlink socket
* @netnsid: network namespace identifier
*
* Returns the network namespace identified by netnsid on success or an error
* pointer on failure.
*/
struct net *rtnl_get_net_ns_capable(struct sock *sk, int netnsid)
{ {
struct net *net; struct net *net;
...@@ -1862,6 +1870,7 @@ static struct net *get_target_net(struct sock *sk, int netnsid) ...@@ -1862,6 +1870,7 @@ static struct net *get_target_net(struct sock *sk, int netnsid)
} }
return net; return net;
} }
EXPORT_SYMBOL_GPL(rtnl_get_net_ns_capable);
static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
{ {
...@@ -1895,9 +1904,9 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1895,9 +1904,9 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX,
ifla_policy, NULL) >= 0) { ifla_policy, NULL) >= 0) {
if (tb[IFLA_IF_NETNSID]) { if (tb[IFLA_TARGET_NETNSID]) {
netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); netnsid = nla_get_s32(tb[IFLA_TARGET_NETNSID]);
tgt_net = get_target_net(skb->sk, netnsid); tgt_net = rtnl_get_net_ns_capable(skb->sk, netnsid);
if (IS_ERR(tgt_net)) { if (IS_ERR(tgt_net)) {
tgt_net = net; tgt_net = net;
netnsid = -1; netnsid = -1;
...@@ -1984,7 +1993,7 @@ EXPORT_SYMBOL(rtnl_link_get_net); ...@@ -1984,7 +1993,7 @@ EXPORT_SYMBOL(rtnl_link_get_net);
* *
* 1. IFLA_NET_NS_PID * 1. IFLA_NET_NS_PID
* 2. IFLA_NET_NS_FD * 2. IFLA_NET_NS_FD
* 3. IFLA_IF_NETNSID * 3. IFLA_TARGET_NETNSID
*/ */
static struct net *rtnl_link_get_net_by_nlattr(struct net *src_net, static struct net *rtnl_link_get_net_by_nlattr(struct net *src_net,
struct nlattr *tb[]) struct nlattr *tb[])
...@@ -1994,10 +2003,10 @@ static struct net *rtnl_link_get_net_by_nlattr(struct net *src_net, ...@@ -1994,10 +2003,10 @@ static struct net *rtnl_link_get_net_by_nlattr(struct net *src_net,
if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD]) if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD])
return rtnl_link_get_net(src_net, tb); return rtnl_link_get_net(src_net, tb);
if (!tb[IFLA_IF_NETNSID]) if (!tb[IFLA_TARGET_NETNSID])
return get_net(src_net); return get_net(src_net);
net = get_net_ns_by_id(src_net, nla_get_u32(tb[IFLA_IF_NETNSID])); net = get_net_ns_by_id(src_net, nla_get_u32(tb[IFLA_TARGET_NETNSID]));
if (!net) if (!net)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
...@@ -2038,13 +2047,13 @@ static int rtnl_ensure_unique_netns(struct nlattr *tb[], ...@@ -2038,13 +2047,13 @@ static int rtnl_ensure_unique_netns(struct nlattr *tb[],
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
if (tb[IFLA_IF_NETNSID] && (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD])) if (tb[IFLA_TARGET_NETNSID] && (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD]))
goto invalid_attr; goto invalid_attr;
if (tb[IFLA_NET_NS_PID] && (tb[IFLA_IF_NETNSID] || tb[IFLA_NET_NS_FD])) if (tb[IFLA_NET_NS_PID] && (tb[IFLA_TARGET_NETNSID] || tb[IFLA_NET_NS_FD]))
goto invalid_attr; goto invalid_attr;
if (tb[IFLA_NET_NS_FD] && (tb[IFLA_IF_NETNSID] || tb[IFLA_NET_NS_PID])) if (tb[IFLA_NET_NS_FD] && (tb[IFLA_TARGET_NETNSID] || tb[IFLA_NET_NS_PID]))
goto invalid_attr; goto invalid_attr;
return 0; return 0;
...@@ -2320,7 +2329,7 @@ static int do_setlink(const struct sk_buff *skb, ...@@ -2320,7 +2329,7 @@ static int do_setlink(const struct sk_buff *skb,
if (err < 0) if (err < 0)
return err; return err;
if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD] || tb[IFLA_IF_NETNSID]) { if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD] || tb[IFLA_TARGET_NETNSID]) {
struct net *net = rtnl_link_get_net_capable(skb, dev_net(dev), struct net *net = rtnl_link_get_net_capable(skb, dev_net(dev),
tb, CAP_NET_ADMIN); tb, CAP_NET_ADMIN);
if (IS_ERR(net)) { if (IS_ERR(net)) {
...@@ -2763,9 +2772,9 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -2763,9 +2772,9 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh,
if (tb[IFLA_IFNAME]) if (tb[IFLA_IFNAME])
nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
if (tb[IFLA_IF_NETNSID]) { if (tb[IFLA_TARGET_NETNSID]) {
netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); netnsid = nla_get_s32(tb[IFLA_TARGET_NETNSID]);
tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, netnsid);
if (IS_ERR(tgt_net)) if (IS_ERR(tgt_net))
return PTR_ERR(tgt_net); return PTR_ERR(tgt_net);
} }
...@@ -3173,9 +3182,9 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -3173,9 +3182,9 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh,
if (err < 0) if (err < 0)
return err; return err;
if (tb[IFLA_IF_NETNSID]) { if (tb[IFLA_TARGET_NETNSID]) {
netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); netnsid = nla_get_s32(tb[IFLA_TARGET_NETNSID]);
tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, netnsid);
if (IS_ERR(tgt_net)) if (IS_ERR(tgt_net))
return PTR_ERR(tgt_net); return PTR_ERR(tgt_net);
} }
...@@ -3260,13 +3269,13 @@ static int rtnl_dump_all(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -3260,13 +3269,13 @@ static int rtnl_dump_all(struct sk_buff *skb, struct netlink_callback *cb)
{ {
int idx; int idx;
int s_idx = cb->family; int s_idx = cb->family;
int type = cb->nlh->nlmsg_type - RTM_BASE;
if (s_idx == 0) if (s_idx == 0)
s_idx = 1; s_idx = 1;
for (idx = 1; idx <= RTNL_FAMILY_MAX; idx++) { for (idx = 1; idx <= RTNL_FAMILY_MAX; idx++) {
struct rtnl_link **tab; struct rtnl_link **tab;
int type = cb->nlh->nlmsg_type-RTM_BASE;
struct rtnl_link *link; struct rtnl_link *link;
rtnl_dumpit_func dumpit; rtnl_dumpit_func dumpit;
......
...@@ -100,6 +100,15 @@ static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { ...@@ -100,6 +100,15 @@ static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
[IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
[IFA_FLAGS] = { .type = NLA_U32 }, [IFA_FLAGS] = { .type = NLA_U32 },
[IFA_RT_PRIORITY] = { .type = NLA_U32 }, [IFA_RT_PRIORITY] = { .type = NLA_U32 },
[IFA_TARGET_NETNSID] = { .type = NLA_S32 },
};
struct inet_fill_args {
u32 portid;
u32 seq;
int event;
unsigned int flags;
int netnsid;
}; };
#define IN4_ADDR_HSIZE_SHIFT 8 #define IN4_ADDR_HSIZE_SHIFT 8
...@@ -1584,13 +1593,14 @@ static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, ...@@ -1584,13 +1593,14 @@ static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
} }
static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa, static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
u32 portid, u32 seq, int event, unsigned int flags) struct inet_fill_args *args)
{ {
struct ifaddrmsg *ifm; struct ifaddrmsg *ifm;
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
u32 preferred, valid; u32 preferred, valid;
nlh = nlmsg_put(skb, portid, seq, event, sizeof(*ifm), flags); nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
args->flags);
if (!nlh) if (!nlh)
return -EMSGSIZE; return -EMSGSIZE;
...@@ -1601,6 +1611,10 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa, ...@@ -1601,6 +1611,10 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
ifm->ifa_scope = ifa->ifa_scope; ifm->ifa_scope = ifa->ifa_scope;
ifm->ifa_index = ifa->ifa_dev->dev->ifindex; ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
if (args->netnsid >= 0 &&
nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
goto nla_put_failure;
if (!(ifm->ifa_flags & IFA_F_PERMANENT)) { if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
preferred = ifa->ifa_preferred_lft; preferred = ifa->ifa_preferred_lft;
valid = ifa->ifa_valid_lft; valid = ifa->ifa_valid_lft;
...@@ -1647,7 +1661,16 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa, ...@@ -1647,7 +1661,16 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
{ {
struct inet_fill_args fillargs = {
.portid = NETLINK_CB(cb->skb).portid,
.seq = cb->nlh->nlmsg_seq,
.event = RTM_NEWADDR,
.flags = NLM_F_MULTI,
.netnsid = -1,
};
struct net *net = sock_net(skb->sk); struct net *net = sock_net(skb->sk);
struct nlattr *tb[IFA_MAX+1];
struct net *tgt_net = net;
int h, s_h; int h, s_h;
int idx, s_idx; int idx, s_idx;
int ip_idx, s_ip_idx; int ip_idx, s_ip_idx;
...@@ -1660,12 +1683,24 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1660,12 +1683,24 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
s_idx = idx = cb->args[1]; s_idx = idx = cb->args[1];
s_ip_idx = ip_idx = cb->args[2]; s_ip_idx = ip_idx = cb->args[2];
if (nlmsg_parse(cb->nlh, sizeof(struct ifaddrmsg), tb, IFA_MAX,
ifa_ipv4_policy, NULL) >= 0) {
if (tb[IFA_TARGET_NETNSID]) {
fillargs.netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]);
tgt_net = rtnl_get_net_ns_capable(skb->sk,
fillargs.netnsid);
if (IS_ERR(tgt_net))
return PTR_ERR(tgt_net);
}
}
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0; idx = 0;
head = &net->dev_index_head[h]; head = &tgt_net->dev_index_head[h];
rcu_read_lock(); rcu_read_lock();
cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^
net->dev_base_seq; tgt_net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) { hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx) if (idx < s_idx)
goto cont; goto cont;
...@@ -1679,10 +1714,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1679,10 +1714,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
ifa = ifa->ifa_next, ip_idx++) { ifa = ifa->ifa_next, ip_idx++) {
if (ip_idx < s_ip_idx) if (ip_idx < s_ip_idx)
continue; continue;
if (inet_fill_ifaddr(skb, ifa, if (inet_fill_ifaddr(skb, ifa, &fillargs) < 0) {
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
RTM_NEWADDR, NLM_F_MULTI) < 0) {
rcu_read_unlock(); rcu_read_unlock();
goto done; goto done;
} }
...@@ -1698,6 +1730,8 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1698,6 +1730,8 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
cb->args[0] = h; cb->args[0] = h;
cb->args[1] = idx; cb->args[1] = idx;
cb->args[2] = ip_idx; cb->args[2] = ip_idx;
if (fillargs.netnsid >= 0)
put_net(tgt_net);
return skb->len; return skb->len;
} }
...@@ -1705,8 +1739,14 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1705,8 +1739,14 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
u32 portid) u32 portid)
{ {
struct inet_fill_args fillargs = {
.portid = portid,
.seq = nlh ? nlh->nlmsg_seq : 0,
.event = event,
.flags = 0,
.netnsid = -1,
};
struct sk_buff *skb; struct sk_buff *skb;
u32 seq = nlh ? nlh->nlmsg_seq : 0;
int err = -ENOBUFS; int err = -ENOBUFS;
struct net *net; struct net *net;
...@@ -1715,7 +1755,7 @@ static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, ...@@ -1715,7 +1755,7 @@ static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
if (!skb) if (!skb)
goto errout; goto errout;
err = inet_fill_ifaddr(skb, ifa, portid, seq, event, 0); err = inet_fill_ifaddr(skb, ifa, &fillargs);
if (err < 0) { if (err < 0) {
/* -EMSGSIZE implies BUG in inet_nlmsg_size() */ /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
WARN_ON(err == -EMSGSIZE); WARN_ON(err == -EMSGSIZE);
......
...@@ -4491,6 +4491,7 @@ static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = { ...@@ -4491,6 +4491,7 @@ static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = {
[IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
[IFA_FLAGS] = { .len = sizeof(u32) }, [IFA_FLAGS] = { .len = sizeof(u32) },
[IFA_RT_PRIORITY] = { .len = sizeof(u32) }, [IFA_RT_PRIORITY] = { .len = sizeof(u32) },
[IFA_TARGET_NETNSID] = { .type = NLA_S32 },
}; };
static int static int
...@@ -4793,19 +4794,32 @@ static inline int inet6_ifaddr_msgsize(void) ...@@ -4793,19 +4794,32 @@ static inline int inet6_ifaddr_msgsize(void)
+ nla_total_size(4) /* IFA_RT_PRIORITY */; + nla_total_size(4) /* IFA_RT_PRIORITY */;
} }
struct inet6_fill_args {
u32 portid;
u32 seq;
int event;
unsigned int flags;
int netnsid;
};
static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa, static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
u32 portid, u32 seq, int event, unsigned int flags) struct inet6_fill_args *args)
{ {
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
u32 preferred, valid; u32 preferred, valid;
nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags); nlh = nlmsg_put(skb, args->portid, args->seq, args->event,
sizeof(struct ifaddrmsg), args->flags);
if (!nlh) if (!nlh)
return -EMSGSIZE; return -EMSGSIZE;
put_ifaddrmsg(nlh, ifa->prefix_len, ifa->flags, rt_scope(ifa->scope), put_ifaddrmsg(nlh, ifa->prefix_len, ifa->flags, rt_scope(ifa->scope),
ifa->idev->dev->ifindex); ifa->idev->dev->ifindex);
if (args->netnsid >= 0 &&
nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
goto error;
if (!((ifa->flags&IFA_F_PERMANENT) && if (!((ifa->flags&IFA_F_PERMANENT) &&
(ifa->prefered_lft == INFINITY_LIFE_TIME))) { (ifa->prefered_lft == INFINITY_LIFE_TIME))) {
preferred = ifa->prefered_lft; preferred = ifa->prefered_lft;
...@@ -4855,7 +4869,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa, ...@@ -4855,7 +4869,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
} }
static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca, static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
u32 portid, u32 seq, int event, u16 flags) struct inet6_fill_args *args)
{ {
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
u8 scope = RT_SCOPE_UNIVERSE; u8 scope = RT_SCOPE_UNIVERSE;
...@@ -4864,10 +4878,15 @@ static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca, ...@@ -4864,10 +4878,15 @@ static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
if (ipv6_addr_scope(&ifmca->mca_addr) & IFA_SITE) if (ipv6_addr_scope(&ifmca->mca_addr) & IFA_SITE)
scope = RT_SCOPE_SITE; scope = RT_SCOPE_SITE;
nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags); nlh = nlmsg_put(skb, args->portid, args->seq, args->event,
sizeof(struct ifaddrmsg), args->flags);
if (!nlh) if (!nlh)
return -EMSGSIZE; return -EMSGSIZE;
if (args->netnsid >= 0 &&
nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
return -EMSGSIZE;
put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex); put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
if (nla_put_in6_addr(skb, IFA_MULTICAST, &ifmca->mca_addr) < 0 || if (nla_put_in6_addr(skb, IFA_MULTICAST, &ifmca->mca_addr) < 0 ||
put_cacheinfo(skb, ifmca->mca_cstamp, ifmca->mca_tstamp, put_cacheinfo(skb, ifmca->mca_cstamp, ifmca->mca_tstamp,
...@@ -4881,7 +4900,7 @@ static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca, ...@@ -4881,7 +4900,7 @@ static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
} }
static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca, static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
u32 portid, u32 seq, int event, unsigned int flags) struct inet6_fill_args *args)
{ {
struct net_device *dev = fib6_info_nh_dev(ifaca->aca_rt); struct net_device *dev = fib6_info_nh_dev(ifaca->aca_rt);
int ifindex = dev ? dev->ifindex : 1; int ifindex = dev ? dev->ifindex : 1;
...@@ -4891,10 +4910,15 @@ static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca, ...@@ -4891,10 +4910,15 @@ static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
if (ipv6_addr_scope(&ifaca->aca_addr) & IFA_SITE) if (ipv6_addr_scope(&ifaca->aca_addr) & IFA_SITE)
scope = RT_SCOPE_SITE; scope = RT_SCOPE_SITE;
nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags); nlh = nlmsg_put(skb, args->portid, args->seq, args->event,
sizeof(struct ifaddrmsg), args->flags);
if (!nlh) if (!nlh)
return -EMSGSIZE; return -EMSGSIZE;
if (args->netnsid >= 0 &&
nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
return -EMSGSIZE;
put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex); put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
if (nla_put_in6_addr(skb, IFA_ANYCAST, &ifaca->aca_addr) < 0 || if (nla_put_in6_addr(skb, IFA_ANYCAST, &ifaca->aca_addr) < 0 ||
put_cacheinfo(skb, ifaca->aca_cstamp, ifaca->aca_tstamp, put_cacheinfo(skb, ifaca->aca_cstamp, ifaca->aca_tstamp,
...@@ -4916,8 +4940,14 @@ enum addr_type_t { ...@@ -4916,8 +4940,14 @@ enum addr_type_t {
/* called with rcu_read_lock() */ /* called with rcu_read_lock() */
static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb, static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb,
struct netlink_callback *cb, enum addr_type_t type, struct netlink_callback *cb, enum addr_type_t type,
int s_ip_idx, int *p_ip_idx) int s_ip_idx, int *p_ip_idx, int netnsid)
{ {
struct inet6_fill_args fillargs = {
.portid = NETLINK_CB(cb->skb).portid,
.seq = cb->nlh->nlmsg_seq,
.flags = NLM_F_MULTI,
.netnsid = netnsid,
};
struct ifmcaddr6 *ifmca; struct ifmcaddr6 *ifmca;
struct ifacaddr6 *ifaca; struct ifacaddr6 *ifaca;
int err = 1; int err = 1;
...@@ -4927,16 +4957,13 @@ static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb, ...@@ -4927,16 +4957,13 @@ static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb,
switch (type) { switch (type) {
case UNICAST_ADDR: { case UNICAST_ADDR: {
struct inet6_ifaddr *ifa; struct inet6_ifaddr *ifa;
fillargs.event = RTM_NEWADDR;
/* unicast address incl. temp addr */ /* unicast address incl. temp addr */
list_for_each_entry(ifa, &idev->addr_list, if_list) { list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (++ip_idx < s_ip_idx) if (++ip_idx < s_ip_idx)
continue; continue;
err = inet6_fill_ifaddr(skb, ifa, err = inet6_fill_ifaddr(skb, ifa, &fillargs);
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
RTM_NEWADDR,
NLM_F_MULTI);
if (err < 0) if (err < 0)
break; break;
nl_dump_check_consistent(cb, nlmsg_hdr(skb)); nl_dump_check_consistent(cb, nlmsg_hdr(skb));
...@@ -4944,31 +4971,26 @@ static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb, ...@@ -4944,31 +4971,26 @@ static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb,
break; break;
} }
case MULTICAST_ADDR: case MULTICAST_ADDR:
fillargs.event = RTM_GETMULTICAST;
/* multicast address */ /* multicast address */
for (ifmca = idev->mc_list; ifmca; for (ifmca = idev->mc_list; ifmca;
ifmca = ifmca->next, ip_idx++) { ifmca = ifmca->next, ip_idx++) {
if (ip_idx < s_ip_idx) if (ip_idx < s_ip_idx)
continue; continue;
err = inet6_fill_ifmcaddr(skb, ifmca, err = inet6_fill_ifmcaddr(skb, ifmca, &fillargs);
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
RTM_GETMULTICAST,
NLM_F_MULTI);
if (err < 0) if (err < 0)
break; break;
} }
break; break;
case ANYCAST_ADDR: case ANYCAST_ADDR:
fillargs.event = RTM_GETANYCAST;
/* anycast address */ /* anycast address */
for (ifaca = idev->ac_list; ifaca; for (ifaca = idev->ac_list; ifaca;
ifaca = ifaca->aca_next, ip_idx++) { ifaca = ifaca->aca_next, ip_idx++) {
if (ip_idx < s_ip_idx) if (ip_idx < s_ip_idx)
continue; continue;
err = inet6_fill_ifacaddr(skb, ifaca, err = inet6_fill_ifacaddr(skb, ifaca, &fillargs);
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
RTM_GETANYCAST,
NLM_F_MULTI);
if (err < 0) if (err < 0)
break; break;
} }
...@@ -4985,6 +5007,9 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, ...@@ -4985,6 +5007,9 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
enum addr_type_t type) enum addr_type_t type)
{ {
struct net *net = sock_net(skb->sk); struct net *net = sock_net(skb->sk);
struct nlattr *tb[IFA_MAX+1];
struct net *tgt_net = net;
int netnsid = -1;
int h, s_h; int h, s_h;
int idx, ip_idx; int idx, ip_idx;
int s_idx, s_ip_idx; int s_idx, s_ip_idx;
...@@ -4996,11 +5021,22 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, ...@@ -4996,11 +5021,22 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
s_idx = idx = cb->args[1]; s_idx = idx = cb->args[1];
s_ip_idx = ip_idx = cb->args[2]; s_ip_idx = ip_idx = cb->args[2];
if (nlmsg_parse(cb->nlh, sizeof(struct ifaddrmsg), tb, IFA_MAX,
ifa_ipv6_policy, NULL) >= 0) {
if (tb[IFA_TARGET_NETNSID]) {
netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]);
tgt_net = rtnl_get_net_ns_capable(skb->sk, netnsid);
if (IS_ERR(tgt_net))
return PTR_ERR(tgt_net);
}
}
rcu_read_lock(); rcu_read_lock();
cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq; cb->seq = atomic_read(&tgt_net->ipv6.dev_addr_genid) ^ tgt_net->dev_base_seq;
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0; idx = 0;
head = &net->dev_index_head[h]; head = &tgt_net->dev_index_head[h];
hlist_for_each_entry_rcu(dev, head, index_hlist) { hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx) if (idx < s_idx)
goto cont; goto cont;
...@@ -5012,7 +5048,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, ...@@ -5012,7 +5048,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
goto cont; goto cont;
if (in6_dump_addrs(idev, skb, cb, type, if (in6_dump_addrs(idev, skb, cb, type,
s_ip_idx, &ip_idx) < 0) s_ip_idx, &ip_idx, netnsid) < 0)
goto done; goto done;
cont: cont:
idx++; idx++;
...@@ -5023,6 +5059,8 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, ...@@ -5023,6 +5059,8 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
cb->args[0] = h; cb->args[0] = h;
cb->args[1] = idx; cb->args[1] = idx;
cb->args[2] = ip_idx; cb->args[2] = ip_idx;
if (netnsid >= 0)
put_net(tgt_net);
return skb->len; return skb->len;
} }
...@@ -5053,6 +5091,14 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, ...@@ -5053,6 +5091,14 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
struct net *net = sock_net(in_skb->sk); struct net *net = sock_net(in_skb->sk);
struct inet6_fill_args fillargs = {
.portid = NETLINK_CB(in_skb).portid,
.seq = nlh->nlmsg_seq,
.event = RTM_NEWADDR,
.flags = 0,
.netnsid = -1,
};
struct net *tgt_net = net;
struct ifaddrmsg *ifm; struct ifaddrmsg *ifm;
struct nlattr *tb[IFA_MAX+1]; struct nlattr *tb[IFA_MAX+1];
struct in6_addr *addr = NULL, *peer; struct in6_addr *addr = NULL, *peer;
...@@ -5066,15 +5112,24 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, ...@@ -5066,15 +5112,24 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
if (err < 0) if (err < 0)
return err; return err;
if (tb[IFA_TARGET_NETNSID]) {
fillargs.netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]);
tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(in_skb).sk,
fillargs.netnsid);
if (IS_ERR(tgt_net))
return PTR_ERR(tgt_net);
}
addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer); addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer);
if (!addr) if (!addr)
return -EINVAL; return -EINVAL;
ifm = nlmsg_data(nlh); ifm = nlmsg_data(nlh);
if (ifm->ifa_index) if (ifm->ifa_index)
dev = dev_get_by_index(net, ifm->ifa_index); dev = dev_get_by_index(tgt_net, ifm->ifa_index);
ifa = ipv6_get_ifaddr(net, addr, dev, 1); ifa = ipv6_get_ifaddr(tgt_net, addr, dev, 1);
if (!ifa) { if (!ifa) {
err = -EADDRNOTAVAIL; err = -EADDRNOTAVAIL;
goto errout; goto errout;
...@@ -5086,20 +5141,22 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, ...@@ -5086,20 +5141,22 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
goto errout_ifa; goto errout_ifa;
} }
err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(in_skb).portid, err = inet6_fill_ifaddr(skb, ifa, &fillargs);
nlh->nlmsg_seq, RTM_NEWADDR, 0);
if (err < 0) { if (err < 0) {
/* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */ /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
WARN_ON(err == -EMSGSIZE); WARN_ON(err == -EMSGSIZE);
kfree_skb(skb); kfree_skb(skb);
goto errout_ifa; goto errout_ifa;
} }
err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); err = rtnl_unicast(skb, tgt_net, NETLINK_CB(in_skb).portid);
errout_ifa: errout_ifa:
in6_ifa_put(ifa); in6_ifa_put(ifa);
errout: errout:
if (dev) if (dev)
dev_put(dev); dev_put(dev);
if (fillargs.netnsid >= 0)
put_net(tgt_net);
return err; return err;
} }
...@@ -5107,13 +5164,20 @@ static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa) ...@@ -5107,13 +5164,20 @@ static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
{ {
struct sk_buff *skb; struct sk_buff *skb;
struct net *net = dev_net(ifa->idev->dev); struct net *net = dev_net(ifa->idev->dev);
struct inet6_fill_args fillargs = {
.portid = 0,
.seq = 0,
.event = event,
.flags = 0,
.netnsid = -1,
};
int err = -ENOBUFS; int err = -ENOBUFS;
skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC); skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC);
if (!skb) if (!skb)
goto errout; goto errout;
err = inet6_fill_ifaddr(skb, ifa, 0, 0, event, 0); err = inet6_fill_ifaddr(skb, ifa, &fillargs);
if (err < 0) { if (err < 0) {
/* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */ /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
WARN_ON(err == -EMSGSIZE); WARN_ON(err == -EMSGSIZE);
......
...@@ -161,6 +161,7 @@ enum { ...@@ -161,6 +161,7 @@ enum {
IFLA_EVENT, IFLA_EVENT,
IFLA_NEW_NETNSID, IFLA_NEW_NETNSID,
IFLA_IF_NETNSID, IFLA_IF_NETNSID,
IFLA_TARGET_NETNSID = IFLA_IF_NETNSID, /* new alias */
IFLA_CARRIER_UP_COUNT, IFLA_CARRIER_UP_COUNT,
IFLA_CARRIER_DOWN_COUNT, IFLA_CARRIER_DOWN_COUNT,
IFLA_NEW_IFINDEX, IFLA_NEW_IFINDEX,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment