summaryrefslogtreecommitdiffstats
path: root/include/net/netns
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/netns')
-rw-r--r--include/net/netns/bpf.h28
-rw-r--r--include/net/netns/can.h41
-rw-r--r--include/net/netns/conntrack.h113
-rw-r--r--include/net/netns/core.h22
-rw-r--r--include/net/netns/flow_table.h14
-rw-r--r--include/net/netns/generic.h52
-rw-r--r--include/net/netns/hash.h11
-rw-r--r--include/net/netns/ieee802154_6lowpan.h22
-rw-r--r--include/net/netns/ipv4.h234
-rw-r--r--include/net/netns/ipv6.h129
-rw-r--r--include/net/netns/mctp.h37
-rw-r--r--include/net/netns/mib.h45
-rw-r--r--include/net/netns/mpls.h23
-rw-r--r--include/net/netns/netfilter.h34
-rw-r--r--include/net/netns/nexthop.h20
-rw-r--r--include/net/netns/nftables.h11
-rw-r--r--include/net/netns/packet.h16
-rw-r--r--include/net/netns/sctp.h180
-rw-r--r--include/net/netns/smc.h26
-rw-r--r--include/net/netns/unix.h22
-rw-r--r--include/net/netns/xdp.h13
-rw-r--r--include/net/netns/xfrm.h88
22 files changed, 1181 insertions, 0 deletions
diff --git a/include/net/netns/bpf.h b/include/net/netns/bpf.h
new file mode 100644
index 000000000..2c01a278d
--- /dev/null
+++ b/include/net/netns/bpf.h
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * BPF programs attached to network namespace
+ */
+
+#ifndef __NETNS_BPF_H__
+#define __NETNS_BPF_H__
+
+#include <linux/list.h>
+
+struct bpf_prog;
+struct bpf_prog_array;
+
+enum netns_bpf_attach_type {
+ NETNS_BPF_INVALID = -1,
+ NETNS_BPF_FLOW_DISSECTOR = 0,
+ NETNS_BPF_SK_LOOKUP,
+ MAX_NETNS_BPF_ATTACH_TYPE
+};
+
+struct netns_bpf {
+ /* Array of programs to run compiled from progs or links */
+ struct bpf_prog_array __rcu *run_array[MAX_NETNS_BPF_ATTACH_TYPE];
+ struct bpf_prog *progs[MAX_NETNS_BPF_ATTACH_TYPE];
+ struct list_head links[MAX_NETNS_BPF_ATTACH_TYPE];
+};
+
+#endif /* __NETNS_BPF_H__ */
diff --git a/include/net/netns/can.h b/include/net/netns/can.h
new file mode 100644
index 000000000..48b79f7e6
--- /dev/null
+++ b/include/net/netns/can.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * can in net namespaces
+ */
+
+#ifndef __NETNS_CAN_H__
+#define __NETNS_CAN_H__
+
+#include <linux/spinlock.h>
+#include <linux/timer.h>
+
+struct can_dev_rcv_lists;
+struct can_pkg_stats;
+struct can_rcv_lists_stats;
+
+struct netns_can {
+#if IS_ENABLED(CONFIG_PROC_FS)
+ struct proc_dir_entry *proc_dir;
+ struct proc_dir_entry *pde_stats;
+ struct proc_dir_entry *pde_reset_stats;
+ struct proc_dir_entry *pde_rcvlist_all;
+ struct proc_dir_entry *pde_rcvlist_fil;
+ struct proc_dir_entry *pde_rcvlist_inv;
+ struct proc_dir_entry *pde_rcvlist_sff;
+ struct proc_dir_entry *pde_rcvlist_eff;
+ struct proc_dir_entry *pde_rcvlist_err;
+ struct proc_dir_entry *bcmproc_dir;
+#endif
+
+ /* receive filters subscribed for 'all' CAN devices */
+ struct can_dev_rcv_lists *rx_alldev_list;
+ spinlock_t rcvlists_lock;
+ struct timer_list stattimer; /* timer for statistics update */
+ struct can_pkg_stats *pkg_stats;
+ struct can_rcv_lists_stats *rcv_lists_stats;
+
+ /* CAN GW per-net gateway jobs */
+ struct hlist_head cgw_list;
+};
+
+#endif /* __NETNS_CAN_H__ */
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
new file mode 100644
index 000000000..1f463b395
--- /dev/null
+++ b/include/net/netns/conntrack.h
@@ -0,0 +1,113 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_CONNTRACK_H
+#define __NETNS_CONNTRACK_H
+
+#include <linux/list.h>
+#include <linux/list_nulls.h>
+#include <linux/atomic.h>
+#include <linux/workqueue.h>
+#include <linux/netfilter/nf_conntrack_tcp.h>
+#ifdef CONFIG_NF_CT_PROTO_DCCP
+#include <linux/netfilter/nf_conntrack_dccp.h>
+#endif
+#ifdef CONFIG_NF_CT_PROTO_SCTP
+#include <linux/netfilter/nf_conntrack_sctp.h>
+#endif
+#include <linux/seqlock.h>
+
+struct ctl_table_header;
+struct nf_conntrack_ecache;
+
+struct nf_generic_net {
+ unsigned int timeout;
+};
+
+struct nf_tcp_net {
+ unsigned int timeouts[TCP_CONNTRACK_TIMEOUT_MAX];
+ u8 tcp_loose;
+ u8 tcp_be_liberal;
+ u8 tcp_max_retrans;
+ u8 tcp_ignore_invalid_rst;
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+ unsigned int offload_timeout;
+#endif
+};
+
+enum udp_conntrack {
+ UDP_CT_UNREPLIED,
+ UDP_CT_REPLIED,
+ UDP_CT_MAX
+};
+
+struct nf_udp_net {
+ unsigned int timeouts[UDP_CT_MAX];
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+ unsigned int offload_timeout;
+#endif
+};
+
+struct nf_icmp_net {
+ unsigned int timeout;
+};
+
+#ifdef CONFIG_NF_CT_PROTO_DCCP
+struct nf_dccp_net {
+ u8 dccp_loose;
+ unsigned int dccp_timeout[CT_DCCP_MAX + 1];
+};
+#endif
+
+#ifdef CONFIG_NF_CT_PROTO_SCTP
+struct nf_sctp_net {
+ unsigned int timeouts[SCTP_CONNTRACK_MAX];
+};
+#endif
+
+#ifdef CONFIG_NF_CT_PROTO_GRE
+enum gre_conntrack {
+ GRE_CT_UNREPLIED,
+ GRE_CT_REPLIED,
+ GRE_CT_MAX
+};
+
+struct nf_gre_net {
+ struct list_head keymap_list;
+ unsigned int timeouts[GRE_CT_MAX];
+};
+#endif
+
+struct nf_ip_net {
+ struct nf_generic_net generic;
+ struct nf_tcp_net tcp;
+ struct nf_udp_net udp;
+ struct nf_icmp_net icmp;
+ struct nf_icmp_net icmpv6;
+#ifdef CONFIG_NF_CT_PROTO_DCCP
+ struct nf_dccp_net dccp;
+#endif
+#ifdef CONFIG_NF_CT_PROTO_SCTP
+ struct nf_sctp_net sctp;
+#endif
+#ifdef CONFIG_NF_CT_PROTO_GRE
+ struct nf_gre_net gre;
+#endif
+};
+
+struct netns_ct {
+#ifdef CONFIG_NF_CONNTRACK_EVENTS
+ bool ecache_dwork_pending;
+#endif
+ u8 sysctl_log_invalid; /* Log invalid packets */
+ u8 sysctl_events;
+ u8 sysctl_acct;
+ u8 sysctl_tstamp;
+ u8 sysctl_checksum;
+
+ struct ip_conntrack_stat __percpu *stat;
+ struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;
+ struct nf_ip_net nf_ct_proto;
+#if defined(CONFIG_NF_CONNTRACK_LABELS)
+ unsigned int labels_used;
+#endif
+};
+#endif
diff --git a/include/net/netns/core.h b/include/net/netns/core.h
new file mode 100644
index 000000000..8249060cf
--- /dev/null
+++ b/include/net/netns/core.h
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_CORE_H__
+#define __NETNS_CORE_H__
+
+#include <linux/types.h>
+
+struct ctl_table_header;
+struct prot_inuse;
+
+struct netns_core {
+ /* core sysctls */
+ struct ctl_table_header *sysctl_hdr;
+
+ int sysctl_somaxconn;
+ u8 sysctl_txrehash;
+
+#ifdef CONFIG_PROC_FS
+ struct prot_inuse __percpu *prot_inuse;
+#endif
+};
+
+#endif
diff --git a/include/net/netns/flow_table.h b/include/net/netns/flow_table.h
new file mode 100644
index 000000000..1c5fc657e
--- /dev/null
+++ b/include/net/netns/flow_table.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_FLOW_TABLE_H
+#define __NETNS_FLOW_TABLE_H
+
+struct nf_flow_table_stat {
+ unsigned int count_wq_add;
+ unsigned int count_wq_del;
+ unsigned int count_wq_stats;
+};
+
+struct netns_ft {
+ struct nf_flow_table_stat __percpu *stat;
+};
+#endif
diff --git a/include/net/netns/generic.h b/include/net/netns/generic.h
new file mode 100644
index 000000000..00c399ede
--- /dev/null
+++ b/include/net/netns/generic.h
@@ -0,0 +1,52 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * generic net pointers
+ */
+
+#ifndef __NET_GENERIC_H__
+#define __NET_GENERIC_H__
+
+#include <linux/bug.h>
+#include <linux/rcupdate.h>
+#include <net/net_namespace.h>
+
+/*
+ * Generic net pointers are to be used by modules to put some private
+ * stuff on the struct net without explicit struct net modification
+ *
+ * The rules are simple:
+ * 1. set pernet_operations->id. After register_pernet_device you
+ * will have the id of your private pointer.
+ * 2. set pernet_operations->size to have the code allocate and free
+ * a private structure pointed to from struct net.
+ * 3. do not change this pointer while the net is alive;
+ * 4. do not try to have any private reference on the net_generic object.
+ *
+ * After accomplishing all of the above, the private pointer can be
+ * accessed with the net_generic() call.
+ */
+
+struct net_generic {
+ union {
+ struct {
+ unsigned int len;
+ struct rcu_head rcu;
+ } s;
+
+ DECLARE_FLEX_ARRAY(void *, ptr);
+ };
+};
+
+static inline void *net_generic(const struct net *net, unsigned int id)
+{
+ struct net_generic *ng;
+ void *ptr;
+
+ rcu_read_lock();
+ ng = rcu_dereference(net->gen);
+ ptr = ng->ptr[id];
+ rcu_read_unlock();
+
+ return ptr;
+}
+#endif
diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h
new file mode 100644
index 000000000..d9b665151
--- /dev/null
+++ b/include/net/netns/hash.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NET_NS_HASH_H__
+#define __NET_NS_HASH_H__
+
+#include <net/net_namespace.h>
+
+static inline u32 net_hash_mix(const struct net *net)
+{
+ return net->hash_mix;
+}
+#endif
diff --git a/include/net/netns/ieee802154_6lowpan.h b/include/net/netns/ieee802154_6lowpan.h
new file mode 100644
index 000000000..95406e134
--- /dev/null
+++ b/include/net/netns/ieee802154_6lowpan.h
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * ieee802154 6lowpan in net namespaces
+ */
+
+#include <net/inet_frag.h>
+
+#ifndef __NETNS_IEEE802154_6LOWPAN_H__
+#define __NETNS_IEEE802154_6LOWPAN_H__
+
+struct netns_sysctl_lowpan {
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *frags_hdr;
+#endif
+};
+
+struct netns_ieee802154_lowpan {
+ struct netns_sysctl_lowpan sysctl;
+ struct fqdir *fqdir;
+};
+
+#endif
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
new file mode 100644
index 000000000..ede2ff1da
--- /dev/null
+++ b/include/net/netns/ipv4.h
@@ -0,0 +1,234 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * ipv4 in net namespaces
+ */
+
+#ifndef __NETNS_IPV4_H__
+#define __NETNS_IPV4_H__
+
+#include <linux/uidgid.h>
+#include <net/inet_frag.h>
+#include <linux/rcupdate.h>
+#include <linux/seqlock.h>
+#include <linux/siphash.h>
+
+struct ctl_table_header;
+struct ipv4_devconf;
+struct fib_rules_ops;
+struct hlist_head;
+struct fib_table;
+struct sock;
+struct local_ports {
+ seqlock_t lock;
+ int range[2];
+ bool warned;
+};
+
+struct ping_group_range {
+ seqlock_t lock;
+ kgid_t range[2];
+};
+
+struct inet_hashinfo;
+
+struct inet_timewait_death_row {
+ refcount_t tw_refcount;
+
+ /* Padding to avoid false sharing, tw_refcount can be often written */
+ struct inet_hashinfo *hashinfo ____cacheline_aligned_in_smp;
+ int sysctl_max_tw_buckets;
+};
+
+struct tcp_fastopen_context;
+
+struct netns_ipv4 {
+ struct inet_timewait_death_row tcp_death_row;
+
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *forw_hdr;
+ struct ctl_table_header *frags_hdr;
+ struct ctl_table_header *ipv4_hdr;
+ struct ctl_table_header *route_hdr;
+ struct ctl_table_header *xfrm4_hdr;
+#endif
+ struct ipv4_devconf *devconf_all;
+ struct ipv4_devconf *devconf_dflt;
+ struct ip_ra_chain __rcu *ra_chain;
+ struct mutex ra_mutex;
+#ifdef CONFIG_IP_MULTIPLE_TABLES
+ struct fib_rules_ops *rules_ops;
+ struct fib_table __rcu *fib_main;
+ struct fib_table __rcu *fib_default;
+ unsigned int fib_rules_require_fldissect;
+ bool fib_has_custom_rules;
+#endif
+ bool fib_has_custom_local_routes;
+ bool fib_offload_disabled;
+ u8 sysctl_tcp_shrink_window;
+#ifdef CONFIG_IP_ROUTE_CLASSID
+ atomic_t fib_num_tclassid_users;
+#endif
+ struct hlist_head *fib_table_hash;
+ struct sock *fibnl;
+
+ struct sock *mc_autojoin_sk;
+
+ struct inet_peer_base *peers;
+ struct fqdir *fqdir;
+
+ u8 sysctl_icmp_echo_ignore_all;
+ u8 sysctl_icmp_echo_enable_probe;
+ u8 sysctl_icmp_echo_ignore_broadcasts;
+ u8 sysctl_icmp_ignore_bogus_error_responses;
+ u8 sysctl_icmp_errors_use_inbound_ifaddr;
+ int sysctl_icmp_ratelimit;
+ int sysctl_icmp_ratemask;
+
+ u32 ip_rt_min_pmtu;
+ int ip_rt_mtu_expires;
+ int ip_rt_min_advmss;
+
+ struct local_ports ip_local_ports;
+
+ u8 sysctl_tcp_ecn;
+ u8 sysctl_tcp_ecn_fallback;
+
+ u8 sysctl_ip_default_ttl;
+ u8 sysctl_ip_no_pmtu_disc;
+ u8 sysctl_ip_fwd_use_pmtu;
+ u8 sysctl_ip_fwd_update_priority;
+ u8 sysctl_ip_nonlocal_bind;
+ u8 sysctl_ip_autobind_reuse;
+ /* Shall we try to damage output packets if routing dev changes? */
+ u8 sysctl_ip_dynaddr;
+ u8 sysctl_ip_early_demux;
+#ifdef CONFIG_NET_L3_MASTER_DEV
+ u8 sysctl_raw_l3mdev_accept;
+#endif
+ u8 sysctl_tcp_early_demux;
+ u8 sysctl_udp_early_demux;
+
+ u8 sysctl_nexthop_compat_mode;
+
+ u8 sysctl_fwmark_reflect;
+ u8 sysctl_tcp_fwmark_accept;
+#ifdef CONFIG_NET_L3_MASTER_DEV
+ u8 sysctl_tcp_l3mdev_accept;
+#endif
+ u8 sysctl_tcp_mtu_probing;
+ int sysctl_tcp_mtu_probe_floor;
+ int sysctl_tcp_base_mss;
+ int sysctl_tcp_min_snd_mss;
+ int sysctl_tcp_probe_threshold;
+ u32 sysctl_tcp_probe_interval;
+
+ int sysctl_tcp_keepalive_time;
+ int sysctl_tcp_keepalive_intvl;
+ u8 sysctl_tcp_keepalive_probes;
+
+ u8 sysctl_tcp_syn_retries;
+ u8 sysctl_tcp_synack_retries;
+ u8 sysctl_tcp_syncookies;
+ u8 sysctl_tcp_migrate_req;
+ u8 sysctl_tcp_comp_sack_nr;
+ int sysctl_tcp_reordering;
+ u8 sysctl_tcp_retries1;
+ u8 sysctl_tcp_retries2;
+ u8 sysctl_tcp_orphan_retries;
+ u8 sysctl_tcp_tw_reuse;
+ int sysctl_tcp_fin_timeout;
+ unsigned int sysctl_tcp_notsent_lowat;
+ u8 sysctl_tcp_sack;
+ u8 sysctl_tcp_window_scaling;
+ u8 sysctl_tcp_timestamps;
+ u8 sysctl_tcp_early_retrans;
+ u8 sysctl_tcp_recovery;
+ u8 sysctl_tcp_thin_linear_timeouts;
+ u8 sysctl_tcp_slow_start_after_idle;
+ u8 sysctl_tcp_retrans_collapse;
+ u8 sysctl_tcp_stdurg;
+ u8 sysctl_tcp_rfc1337;
+ u8 sysctl_tcp_abort_on_overflow;
+ u8 sysctl_tcp_fack; /* obsolete */
+ int sysctl_tcp_max_reordering;
+ int sysctl_tcp_adv_win_scale;
+ u8 sysctl_tcp_dsack;
+ u8 sysctl_tcp_app_win;
+ u8 sysctl_tcp_frto;
+ u8 sysctl_tcp_nometrics_save;
+ u8 sysctl_tcp_no_ssthresh_metrics_save;
+ u8 sysctl_tcp_moderate_rcvbuf;
+ u8 sysctl_tcp_tso_win_divisor;
+ u8 sysctl_tcp_workaround_signed_windows;
+ int sysctl_tcp_limit_output_bytes;
+ int sysctl_tcp_challenge_ack_limit;
+ int sysctl_tcp_min_rtt_wlen;
+ u8 sysctl_tcp_min_tso_segs;
+ u8 sysctl_tcp_tso_rtt_log;
+ u8 sysctl_tcp_autocorking;
+ u8 sysctl_tcp_reflect_tos;
+ int sysctl_tcp_invalid_ratelimit;
+ int sysctl_tcp_pacing_ss_ratio;
+ int sysctl_tcp_pacing_ca_ratio;
+ int sysctl_tcp_wmem[3];
+ int sysctl_tcp_rmem[3];
+ unsigned int sysctl_tcp_child_ehash_entries;
+ unsigned long sysctl_tcp_comp_sack_delay_ns;
+ unsigned long sysctl_tcp_comp_sack_slack_ns;
+ int sysctl_max_syn_backlog;
+ int sysctl_tcp_fastopen;
+ const struct tcp_congestion_ops __rcu *tcp_congestion_control;
+ struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
+ unsigned int sysctl_tcp_fastopen_blackhole_timeout;
+ atomic_t tfo_active_disable_times;
+ unsigned long tfo_active_disable_stamp;
+ u32 tcp_challenge_timestamp;
+ u32 tcp_challenge_count;
+
+ int sysctl_udp_wmem_min;
+ int sysctl_udp_rmem_min;
+
+ u8 sysctl_fib_notify_on_flag_change;
+
+#ifdef CONFIG_NET_L3_MASTER_DEV
+ u8 sysctl_udp_l3mdev_accept;
+#endif
+
+ u8 sysctl_igmp_llm_reports;
+ int sysctl_igmp_max_memberships;
+ int sysctl_igmp_max_msf;
+ int sysctl_igmp_qrv;
+
+ struct ping_group_range ping_group_range;
+
+ atomic_t dev_addr_genid;
+
+#ifdef CONFIG_SYSCTL
+ unsigned long *sysctl_local_reserved_ports;
+ int sysctl_ip_prot_sock;
+#endif
+
+#ifdef CONFIG_IP_MROUTE
+#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
+ struct mr_table *mrt;
+#else
+ struct list_head mr_tables;
+ struct fib_rules_ops *mr_rules_ops;
+#endif
+#endif
+#ifdef CONFIG_IP_ROUTE_MULTIPATH
+ u32 sysctl_fib_multipath_hash_fields;
+ u8 sysctl_fib_multipath_use_neigh;
+ u8 sysctl_fib_multipath_hash_policy;
+#endif
+
+ struct fib_notifier_ops *notifier_ops;
+ unsigned int fib_seq; /* protected by rtnl_mutex */
+
+ struct fib_notifier_ops *ipmr_notifier_ops;
+ unsigned int ipmr_seq; /* protected by rtnl_mutex */
+
+ atomic_t rt_genid;
+ siphash_key_t ip_id_key;
+};
+#endif
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
new file mode 100644
index 000000000..f6e6a3ab9
--- /dev/null
+++ b/include/net/netns/ipv6.h
@@ -0,0 +1,129 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * ipv6 in net namespaces
+ */
+
+#include <net/inet_frag.h>
+
+#ifndef __NETNS_IPV6_H__
+#define __NETNS_IPV6_H__
+#include <net/dst_ops.h>
+#include <uapi/linux/icmpv6.h>
+
+struct ctl_table_header;
+
+struct netns_sysctl_ipv6 {
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *hdr;
+ struct ctl_table_header *route_hdr;
+ struct ctl_table_header *icmp_hdr;
+ struct ctl_table_header *frags_hdr;
+ struct ctl_table_header *xfrm6_hdr;
+#endif
+ int flush_delay;
+ int ip6_rt_max_size;
+ int ip6_rt_gc_min_interval;
+ int ip6_rt_gc_timeout;
+ int ip6_rt_gc_interval;
+ int ip6_rt_gc_elasticity;
+ int ip6_rt_mtu_expires;
+ int ip6_rt_min_advmss;
+ u32 multipath_hash_fields;
+ u8 multipath_hash_policy;
+ u8 bindv6only;
+ u8 flowlabel_consistency;
+ u8 auto_flowlabels;
+ int icmpv6_time;
+ u8 icmpv6_echo_ignore_all;
+ u8 icmpv6_echo_ignore_multicast;
+ u8 icmpv6_echo_ignore_anycast;
+ DECLARE_BITMAP(icmpv6_ratemask, ICMPV6_MSG_MAX + 1);
+ unsigned long *icmpv6_ratemask_ptr;
+ u8 anycast_src_echo_reply;
+ u8 ip_nonlocal_bind;
+ u8 fwmark_reflect;
+ u8 flowlabel_state_ranges;
+ int idgen_retries;
+ int idgen_delay;
+ int flowlabel_reflect;
+ int max_dst_opts_cnt;
+ int max_hbh_opts_cnt;
+ int max_dst_opts_len;
+ int max_hbh_opts_len;
+ int seg6_flowlabel;
+ u32 ioam6_id;
+ u64 ioam6_id_wide;
+ int skip_notify_on_dev_down;
+ u8 fib_notify_on_flag_change;
+};
+
+struct netns_ipv6 {
+ /* Keep ip6_dst_ops at the beginning of netns_sysctl_ipv6 */
+ struct dst_ops ip6_dst_ops;
+
+ struct netns_sysctl_ipv6 sysctl;
+ struct ipv6_devconf *devconf_all;
+ struct ipv6_devconf *devconf_dflt;
+ struct inet_peer_base *peers;
+ struct fqdir *fqdir;
+ struct fib6_info *fib6_null_entry;
+ struct rt6_info *ip6_null_entry;
+ struct rt6_statistics *rt6_stats;
+ struct timer_list ip6_fib_timer;
+ struct hlist_head *fib_table_hash;
+ struct fib6_table *fib6_main_tbl;
+ struct list_head fib6_walkers;
+ rwlock_t fib6_walker_lock;
+ spinlock_t fib6_gc_lock;
+ atomic_t ip6_rt_gc_expire;
+ unsigned long ip6_rt_last_gc;
+ unsigned char flowlabel_has_excl;
+#ifdef CONFIG_IPV6_MULTIPLE_TABLES
+ bool fib6_has_custom_rules;
+ unsigned int fib6_rules_require_fldissect;
+#ifdef CONFIG_IPV6_SUBTREES
+ unsigned int fib6_routes_require_src;
+#endif
+ struct rt6_info *ip6_prohibit_entry;
+ struct rt6_info *ip6_blk_hole_entry;
+ struct fib6_table *fib6_local_tbl;
+ struct fib_rules_ops *fib6_rules_ops;
+#endif
+ struct sock *ndisc_sk;
+ struct sock *tcp_sk;
+ struct sock *igmp_sk;
+ struct sock *mc_autojoin_sk;
+
+ struct hlist_head *inet6_addr_lst;
+ spinlock_t addrconf_hash_lock;
+ struct delayed_work addr_chk_work;
+
+#ifdef CONFIG_IPV6_MROUTE
+#ifndef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
+ struct mr_table *mrt6;
+#else
+ struct list_head mr6_tables;
+ struct fib_rules_ops *mr6_rules_ops;
+#endif
+#endif
+ atomic_t dev_addr_genid;
+ atomic_t fib6_sernum;
+ struct seg6_pernet_data *seg6_data;
+ struct fib_notifier_ops *notifier_ops;
+ struct fib_notifier_ops *ip6mr_notifier_ops;
+ unsigned int ipmr_seq; /* protected by rtnl_mutex */
+ struct {
+ struct hlist_head head;
+ spinlock_t lock;
+ u32 seq;
+ } ip6addrlbl_table;
+ struct ioam6_pernet_data *ioam6_data;
+};
+
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
+struct netns_nf_frag {
+ struct fqdir *fqdir;
+};
+#endif
+
+#endif
diff --git a/include/net/netns/mctp.h b/include/net/netns/mctp.h
new file mode 100644
index 000000000..1db8f9aad
--- /dev/null
+++ b/include/net/netns/mctp.h
@@ -0,0 +1,37 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * MCTP per-net structures
+ */
+
+#ifndef __NETNS_MCTP_H__
+#define __NETNS_MCTP_H__
+
+#include <linux/mutex.h>
+#include <linux/types.h>
+
+struct netns_mctp {
+ /* Only updated under RTNL, entries freed via RCU */
+ struct list_head routes;
+
+ /* Bound sockets: list of sockets bound by type.
+ * This list is updated from non-atomic contexts (under bind_lock),
+ * and read (under rcu) in packet rx
+ */
+ struct mutex bind_lock;
+ struct hlist_head binds;
+
+ /* tag allocations. This list is read and updated from atomic contexts,
+ * but elements are free()ed after a RCU grace-period
+ */
+ spinlock_t keys_lock;
+ struct hlist_head keys;
+
+ /* MCTP network */
+ unsigned int default_net;
+
+ /* neighbour table */
+ struct mutex neigh_lock;
+ struct list_head neighbours;
+};
+
+#endif /* __NETNS_MCTP_H__ */
diff --git a/include/net/netns/mib.h b/include/net/netns/mib.h
new file mode 100644
index 000000000..7e373664b
--- /dev/null
+++ b/include/net/netns/mib.h
@@ -0,0 +1,45 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_MIB_H__
+#define __NETNS_MIB_H__
+
+#include <net/snmp.h>
+
+struct netns_mib {
+ DEFINE_SNMP_STAT(struct ipstats_mib, ip_statistics);
+#if IS_ENABLED(CONFIG_IPV6)
+ DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics);
+#endif
+
+ DEFINE_SNMP_STAT(struct tcp_mib, tcp_statistics);
+ DEFINE_SNMP_STAT(struct linux_mib, net_statistics);
+
+ DEFINE_SNMP_STAT(struct udp_mib, udp_statistics);
+#if IS_ENABLED(CONFIG_IPV6)
+ DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6);
+#endif
+
+#ifdef CONFIG_XFRM_STATISTICS
+ DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics);
+#endif
+#if IS_ENABLED(CONFIG_TLS)
+ DEFINE_SNMP_STAT(struct linux_tls_mib, tls_statistics);
+#endif
+#ifdef CONFIG_MPTCP
+ DEFINE_SNMP_STAT(struct mptcp_mib, mptcp_statistics);
+#endif
+
+ DEFINE_SNMP_STAT(struct udp_mib, udplite_statistics);
+#if IS_ENABLED(CONFIG_IPV6)
+ DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6);
+#endif
+
+ DEFINE_SNMP_STAT(struct icmp_mib, icmp_statistics);
+ DEFINE_SNMP_STAT_ATOMIC(struct icmpmsg_mib, icmpmsg_statistics);
+#if IS_ENABLED(CONFIG_IPV6)
+ DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics);
+ DEFINE_SNMP_STAT_ATOMIC(struct icmpv6msg_mib, icmpv6msg_statistics);
+ struct proc_dir_entry *proc_net_devsnmp6;
+#endif
+};
+
+#endif
diff --git a/include/net/netns/mpls.h b/include/net/netns/mpls.h
new file mode 100644
index 000000000..19ad2574b
--- /dev/null
+++ b/include/net/netns/mpls.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * mpls in net namespaces
+ */
+
+#ifndef __NETNS_MPLS_H__
+#define __NETNS_MPLS_H__
+
+#include <linux/types.h>
+
+struct mpls_route;
+struct ctl_table_header;
+
+struct netns_mpls {
+ int ip_ttl_propagate;
+ int default_ttl;
+ size_t platform_labels;
+ struct mpls_route __rcu * __rcu *platform_label;
+
+ struct ctl_table_header *ctl;
+};
+
+#endif /* __NETNS_MPLS_H__ */
diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
new file mode 100644
index 000000000..02bbdc577
--- /dev/null
+++ b/include/net/netns/netfilter.h
@@ -0,0 +1,34 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_NETFILTER_H
+#define __NETNS_NETFILTER_H
+
+#include <linux/netfilter_defs.h>
+
+struct proc_dir_entry;
+struct nf_logger;
+struct nf_queue_handler;
+
+struct netns_nf {
+#if defined CONFIG_PROC_FS
+ struct proc_dir_entry *proc_netfilter;
+#endif
+ const struct nf_logger __rcu *nf_loggers[NFPROTO_NUMPROTO];
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *nf_log_dir_header;
+#endif
+ struct nf_hook_entries __rcu *hooks_ipv4[NF_INET_NUMHOOKS];
+ struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS];
+#ifdef CONFIG_NETFILTER_FAMILY_ARP
+ struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS];
+#endif
+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE
+ struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS];
+#endif
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
+ unsigned int defrag_ipv4_users;
+#endif
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
+ unsigned int defrag_ipv6_users;
+#endif
+};
+#endif
diff --git a/include/net/netns/nexthop.h b/include/net/netns/nexthop.h
new file mode 100644
index 000000000..434239b37
--- /dev/null
+++ b/include/net/netns/nexthop.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * nexthops in net namespaces
+ */
+
+#ifndef __NETNS_NEXTHOP_H__
+#define __NETNS_NEXTHOP_H__
+
+#include <linux/notifier.h>
+#include <linux/rbtree.h>
+
+struct netns_nexthop {
+ struct rb_root rb_root; /* tree of nexthops by id */
+ struct hlist_head *devhash; /* nexthops by device */
+
+ unsigned int seq; /* protected by rtnl_mutex */
+ u32 last_id_allocated;
+ struct blocking_notifier_head notifier_chain;
+};
+#endif
diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
new file mode 100644
index 000000000..8c77832d0
--- /dev/null
+++ b/include/net/netns/nftables.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _NETNS_NFTABLES_H_
+#define _NETNS_NFTABLES_H_
+
+#include <linux/list.h>
+
+struct netns_nftables {
+ u8 gencursor;
+};
+
+#endif
diff --git a/include/net/netns/packet.h b/include/net/netns/packet.h
new file mode 100644
index 000000000..aae69bb43
--- /dev/null
+++ b/include/net/netns/packet.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Packet network namespace
+ */
+#ifndef __NETNS_PACKET_H__
+#define __NETNS_PACKET_H__
+
+#include <linux/rculist.h>
+#include <linux/mutex.h>
+
+struct netns_packet {
+ struct mutex sklist_lock;
+ struct hlist_head sklist;
+};
+
+#endif /* __NETNS_PACKET_H__ */
diff --git a/include/net/netns/sctp.h b/include/net/netns/sctp.h
new file mode 100644
index 000000000..a681147ae
--- /dev/null
+++ b/include/net/netns/sctp.h
@@ -0,0 +1,180 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_SCTP_H__
+#define __NETNS_SCTP_H__
+
+#include <linux/timer.h>
+#include <net/snmp.h>
+
+struct sock;
+struct proc_dir_entry;
+struct sctp_mib;
+struct ctl_table_header;
+
+struct netns_sctp {
+ DEFINE_SNMP_STAT(struct sctp_mib, sctp_statistics);
+
+#ifdef CONFIG_PROC_FS
+ struct proc_dir_entry *proc_net_sctp;
+#endif
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *sysctl_header;
+#endif
+ /* This is the global socket data structure used for responding to
+ * the Out-of-the-blue (OOTB) packets. A control sock will be created
+ * for this socket at the initialization time.
+ */
+ struct sock *ctl_sock;
+
+ /* UDP tunneling listening sock. */
+ struct sock *udp4_sock;
+ struct sock *udp6_sock;
+ /* UDP tunneling listening port. */
+ int udp_port;
+ /* UDP tunneling remote encap port. */
+ int encap_port;
+
+ /* This is the global local address list.
+ * We actively maintain this complete list of addresses on
+ * the system by catching address add/delete events.
+ *
+ * It is a list of sctp_sockaddr_entry.
+ */
+ struct list_head local_addr_list;
+ struct list_head addr_waitq;
+ struct timer_list addr_wq_timer;
+ struct list_head auto_asconf_splist;
+ /* Lock that protects both addr_waitq and auto_asconf_splist */
+ spinlock_t addr_wq_lock;
+
+ /* Lock that protects the local_addr_list writers */
+ spinlock_t local_addr_lock;
+
+ /* RFC2960 Section 14. Suggested SCTP Protocol Parameter Values
+ *
+ * The following protocol parameters are RECOMMENDED:
+ *
+ * RTO.Initial - 3 seconds
+ * RTO.Min - 1 second
+ * RTO.Max - 60 seconds
+ * RTO.Alpha - 1/8 (3 when converted to right shifts.)
+ * RTO.Beta - 1/4 (2 when converted to right shifts.)
+ */
+ unsigned int rto_initial;
+ unsigned int rto_min;
+ unsigned int rto_max;
+
+ /* Note: rto_alpha and rto_beta are really defined as inverse
+ * powers of two to facilitate integer operations.
+ */
+ int rto_alpha;
+ int rto_beta;
+
+ /* Max.Burst - 4 */
+ int max_burst;
+
+ /* Whether Cookie Preservative is enabled(1) or not(0) */
+ int cookie_preserve_enable;
+
+ /* The namespace default hmac alg */
+ char *sctp_hmac_alg;
+
+ /* Valid.Cookie.Life - 60 seconds */
+ unsigned int valid_cookie_life;
+
+ /* Delayed SACK timeout 200ms default*/
+ unsigned int sack_timeout;
+
+ /* HB.interval - 30 seconds */
+ unsigned int hb_interval;
+
+ /* The interval for PLPMTUD probe timer */
+ unsigned int probe_interval;
+
+ /* Association.Max.Retrans - 10 attempts
+ * Path.Max.Retrans - 5 attempts (per destination address)
+ * Max.Init.Retransmits - 8 attempts
+ */
+ int max_retrans_association;
+ int max_retrans_path;
+ int max_retrans_init;
+ /* Potentially-Failed.Max.Retrans sysctl value
+ * taken from:
+ * http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05
+ */
+ int pf_retrans;
+
+ /* Primary.Switchover.Max.Retrans sysctl value
+ * taken from:
+ * https://tools.ietf.org/html/rfc7829
+ */
+ int ps_retrans;
+
+ /*
+ * Disable Potentially-Failed feature, the feature is enabled by default
+ * pf_enable - 0 : disable pf
+ * - >0 : enable pf
+ */
+ int pf_enable;
+
+ /*
+ * Disable Potentially-Failed state exposure, ignored by default
+ * pf_expose - 0 : compatible with old applications (by default)
+ * - 1 : disable pf state exposure
+ * - 2 : enable pf state exposure
+ */
+ int pf_expose;
+
+ /*
+ * Policy for preforming sctp/socket accounting
+ * 0 - do socket level accounting, all assocs share sk_sndbuf
+ * 1 - do sctp accounting, each asoc may use sk_sndbuf bytes
+ */
+ int sndbuf_policy;
+
+ /*
+ * Policy for preforming sctp/socket accounting
+ * 0 - do socket level accounting, all assocs share sk_rcvbuf
+ * 1 - do sctp accounting, each asoc may use sk_rcvbuf bytes
+ */
+ int rcvbuf_policy;
+
+ int default_auto_asconf;
+
+ /* Flag to indicate if addip is enabled. */
+ int addip_enable;
+ int addip_noauth;
+
+ /* Flag to indicate if PR-SCTP is enabled. */
+ int prsctp_enable;
+
+ /* Flag to indicate if PR-CONFIG is enabled. */
+ int reconf_enable;
+
+ /* Flag to indicate if SCTP-AUTH is enabled */
+ int auth_enable;
+
+ /* Flag to indicate if stream interleave is enabled */
+ int intl_enable;
+
+ /* Flag to indicate if ecn is enabled */
+ int ecn_enable;
+
+ /*
+ * Policy to control SCTP IPv4 address scoping
+ * 0 - Disable IPv4 address scoping
+ * 1 - Enable IPv4 address scoping
+ * 2 - Selectively allow only IPv4 private addresses
+ * 3 - Selectively allow only IPv4 link local address
+ */
+ int scope_policy;
+
+ /* Threshold for rwnd update SACKS. Receive buffer shifted this many
+ * bits is an indicator of when to send and window update SACK.
+ */
+ int rwnd_upd_shift;
+
+ /* Threshold for autoclose timeout, in seconds. */
+ unsigned long max_autoclose;
+};
+
+#endif /* __NETNS_SCTP_H__ */
diff --git a/include/net/netns/smc.h b/include/net/netns/smc.h
new file mode 100644
index 000000000..582212ada
--- /dev/null
+++ b/include/net/netns/smc.h
@@ -0,0 +1,26 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_SMC_H__
+#define __NETNS_SMC_H__
+#include <linux/mutex.h>
+#include <linux/percpu.h>
+
+struct smc_stats_rsn;
+struct smc_stats;
+struct netns_smc {
+ /* per cpu counters for SMC */
+ struct smc_stats __percpu *smc_stats;
+ /* protect fback_rsn */
+ struct mutex mutex_fback_rsn;
+ struct smc_stats_rsn *fback_rsn;
+
+ bool limit_smc_hs; /* constraint on handshake */
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *smc_hdr;
+#endif
+ unsigned int sysctl_autocorking_size;
+ unsigned int sysctl_smcr_buf_type;
+ int sysctl_smcr_testlink_time;
+ int sysctl_wmem;
+ int sysctl_rmem;
+};
+#endif
diff --git a/include/net/netns/unix.h b/include/net/netns/unix.h
new file mode 100644
index 000000000..9859d134d
--- /dev/null
+++ b/include/net/netns/unix.h
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Unix network namespace
+ */
+#ifndef __NETNS_UNIX_H__
+#define __NETNS_UNIX_H__
+
+#include <linux/spinlock.h>
+
+struct unix_table {
+ spinlock_t *locks;
+ struct hlist_head *buckets;
+};
+
+struct ctl_table_header;
+struct netns_unix {
+ struct unix_table table;
+ int sysctl_max_dgram_qlen;
+ struct ctl_table_header *ctl;
+};
+
+#endif /* __NETNS_UNIX_H__ */
diff --git a/include/net/netns/xdp.h b/include/net/netns/xdp.h
new file mode 100644
index 000000000..e5734261b
--- /dev/null
+++ b/include/net/netns/xdp.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_XDP_H__
+#define __NETNS_XDP_H__
+
+#include <linux/rculist.h>
+#include <linux/mutex.h>
+
+struct netns_xdp {
+ struct mutex lock;
+ struct hlist_head list;
+};
+
+#endif /* __NETNS_XDP_H__ */
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
new file mode 100644
index 000000000..423b52eca
--- /dev/null
+++ b/include/net/netns/xfrm.h
@@ -0,0 +1,88 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NETNS_XFRM_H
+#define __NETNS_XFRM_H
+
+#include <linux/list.h>
+#include <linux/wait.h>
+#include <linux/workqueue.h>
+#include <linux/rhashtable-types.h>
+#include <linux/xfrm.h>
+#include <net/dst_ops.h>
+
+struct ctl_table_header;
+
+struct xfrm_policy_hash {
+ struct hlist_head __rcu *table;
+ unsigned int hmask;
+ u8 dbits4;
+ u8 sbits4;
+ u8 dbits6;
+ u8 sbits6;
+};
+
+struct xfrm_policy_hthresh {
+ struct work_struct work;
+ seqlock_t lock;
+ u8 lbits4;
+ u8 rbits4;
+ u8 lbits6;
+ u8 rbits6;
+};
+
+struct netns_xfrm {
+ struct list_head state_all;
+ /*
+ * Hash table to find appropriate SA towards given target (endpoint of
+ * tunnel or destination of transport mode) allowed by selector.
+ *
+ * Main use is finding SA after policy selected tunnel or transport
+ * mode. Also, it can be used by ah/esp icmp error handler to find
+ * offending SA.
+ */
+ struct hlist_head __rcu *state_bydst;
+ struct hlist_head __rcu *state_bysrc;
+ struct hlist_head __rcu *state_byspi;
+ struct hlist_head __rcu *state_byseq;
+ unsigned int state_hmask;
+ unsigned int state_num;
+ struct work_struct state_hash_work;
+
+ struct list_head policy_all;
+ struct hlist_head *policy_byidx;
+ unsigned int policy_idx_hmask;
+ unsigned int idx_generator;
+ struct hlist_head policy_inexact[XFRM_POLICY_MAX];
+ struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX];
+ unsigned int policy_count[XFRM_POLICY_MAX * 2];
+ struct work_struct policy_hash_work;
+ struct xfrm_policy_hthresh policy_hthresh;
+ struct list_head inexact_bins;
+
+
+ struct sock *nlsk;
+ struct sock *nlsk_stash;
+
+ u32 sysctl_aevent_etime;
+ u32 sysctl_aevent_rseqth;
+ int sysctl_larval_drop;
+ u32 sysctl_acq_expires;
+
+ u8 policy_default[XFRM_POLICY_MAX];
+
+#ifdef CONFIG_SYSCTL
+ struct ctl_table_header *sysctl_hdr;
+#endif
+
+ struct dst_ops xfrm4_dst_ops;
+#if IS_ENABLED(CONFIG_IPV6)
+ struct dst_ops xfrm6_dst_ops;
+#endif
+ spinlock_t xfrm_state_lock;
+ seqcount_spinlock_t xfrm_state_hash_generation;
+ seqcount_spinlock_t xfrm_policy_hash_generation;
+
+ spinlock_t xfrm_policy_lock;
+ struct mutex xfrm_cfg_mutex;
+};
+
+#endif